On Sunday 30 December 2007 11:24:41 am Eric Paris wrote:
> On Sat, 2007-12-29 at 10:44 -0500, Steve Grubb wrote:
> > This release fixes a major bug that got introduced in the last release.
> > The code that fixes a permission problem was using the wrong variable. It
> > happens that the result was applied to /dev/null instead of the audit
> > log. If you had selinux in enforcing mode - nothing happened, for
> > everyone else.../dev/null probably got messed up. Oopsie.
>
> close, so close.
>
> Now auditd is fchmoding /var/log/audit/audit.log to 600 and everything
> works fine. But run 'service auditd restart' or just reboot and audit
> will refuse to start!
I forgot to change the parser to allow this config. The following patch was
applied to Fedora rawhide. It will be in the 1.6.5 release sometime soon. I
want to fix a couple more things before releasing 1.6.5.
-Steve
diff -urp audit-1.6.5.orig/src/auditd-config.c audit-1.6.5/src/auditd-config.c
--- audit-1.6.5.orig/src/auditd-config.c 2007-12-30 17:01:29.000000000
-0500
+++ audit-1.6.5/src/auditd-config.c 2007-12-30 17:07:45.000000000 -0500
@@ -505,9 +505,9 @@ static int log_file_parser(struct nv_pai
audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
return 1;
}
- if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
- (S_IRUSR|S_IWUSR|S_IRGRP)) {
- audit_msg(LOG_ERR, "%s permissions should be 0640", nv->value);
+ if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
+ audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
+ nv->value);
return 1;
}
free((void *)config->log_file);
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
