Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 159215 - shadow-utils updates for new audit system
Summary: shadow-utils updates for new audit system
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: shadow-utils
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
Depends On:
Blocks: 156322
TreeView+ depends on / blocked
Reported: 2005-05-31 17:19 UTC by Steve Grubb
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version: RHBA-2005-309
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2005-10-05 12:42:43 UTC
Target Upstream Version:

Attachments (Terms of Use)
patch to add audit enhancements (deleted)
2005-06-21 21:28 UTC, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (deleted)
2005-07-06 21:01 UTC, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (deleted)
2005-07-15 16:55 UTC, Steve Grubb
no flags Details | Diff
patch to add audit enhancements (deleted)
2005-07-28 20:57 UTC, Steve Grubb
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:309 qe-ready SHIPPED_LIVE shadow-utils bug fix update 2005-10-05 04:00:00 UTC

Description Steve Grubb 2005-05-31 17:19:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
The shadow-utils package needs some updates for the eal4 certification. I will attach a patch that provides it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. New functioanlity

Additional info:

Comment 2 Steve Grubb 2005-06-21 21:28:36 UTC
Created attachment 115781 [details]
patch to add audit enhancements

This patch provides the needed updates to log important events into the audit
system. This is needed for IBM's eal/CAPP certification. If you could please
review this patch and build at the first opportunity, that would be
appreciated. IBM needs all rpms that are part of the certification this week.

Comment 3 Steve Grubb 2005-06-21 21:32:04 UTC
You will need to add BuildRequires: audit-libs-devel >= 0.9.8

Comment 5 Steve Grubb 2005-07-06 21:01:17 UTC
Created attachment 116433 [details]
patch to add audit enhancements

IBM found some problems in the previous patch. A new one is attached that
better identifies the account or group being modified. Please apply it. Thanks.

Comment 6 Peter Vrabec 2005-07-07 11:15:09 UTC
New patch was applied.

Comment 7 Steve Grubb 2005-07-15 16:55:47 UTC
Created attachment 116808 [details]
patch to add audit enhancements

IBM found a couple more records that needed fixing. This patch corrects those
problems. We need to build another candidate release. Thanks.

Comment 8 Peter Vrabec 2005-07-18 15:15:28 UTC

Comment 9 Steve Grubb 2005-07-28 10:47:47 UTC
HP's testing shows another problem. chage records changes when done from the
command line, but not via the interactive session. I will correct the latest
patch  and attach.

Comment 10 Steve Grubb 2005-07-28 20:57:36 UTC
Created attachment 117245 [details]
patch to add audit enhancements

This patch adds logging for chage when it goes into interactive mode.

Comment 11 Peter Vrabec 2005-08-01 14:42:01 UTC

Comment 13 Steve Grubb 2005-08-29 20:01:29 UTC
The CAPP requirements is to log any change to an account attribute. The
necessary information is: who did it (loginuid), the acct affected, the
operation being performed, and the results. The progams affected are: chage,
gpasswd, groupadd, groupdel, groupmod, useradd, userdel, & usermod.

Comment 14 Steve Grubb 2005-08-29 20:05:40 UTC
There is one change that should be made for FC4 & rawhide. The audit_help_open
function should detect some other errno's in case it is running on a custome
kernel. It should be:

+void audit_help_open(void)
+#ifdef WITH_AUDIT
+	audit_fd = audit_open();
+	if (audit_fd < 0) {
+		/* You get these only when the kernel doesn't have
+		 * audit compiled in. */
+		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+                               errno == EAFNOSUPPORT)
+			return;
+		fprintf(stderr, "Cannot open audit interface - aborting.\n");
+		exit(1);
+	}

Comment 15 Red Hat Bugzilla 2005-10-05 12:42:44 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.