[Group.of.nepali.translators] [Bug 1724152] Re: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04
** Changed in: ubuntu-power-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1724152 Title: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04 Status in The Ubuntu-power-systems project: Fix Released Status in audit package in Ubuntu: Invalid Status in audit source package in Xenial: Fix Released Status in audit source package in Zesty: Won't Fix Bug description: [Impact] The aureport command, part of the audit userspace utilities, incorrectly reports the user id of successful logins. "-1" is printed instead of the expected user id. [Test Case] As root, run `login`. Proceed as follows: 1. Login with a blank username and any password 2. Login with an invalid username and any password 3. Login with a valid username and an invalid password 4. Login with a valid username and a valid password 5. Exit from the login shell 6. Run `aureport -l` and examine the last for login records An unpatched aureport will print the following: # date time auid host term exe success event ... 2. 10/17/2017 23:45:32 UNKNOWN ? /dev/pts/8 /bin/login no 97 3. 10/17/2017 23:45:39 UNKNOWN ? /dev/pts/8 /bin/login no 99 4. 10/17/2017 23:45:45 tyhicks ? /dev/pts/8 /bin/login no 101 5. 10/17/2017 23:45:49 -1 ? /dev/pts/8 /bin/login yes 107 A patch aureport will print the correct output: Login Report # date time auid host term exe success event ... 2. 10/17/2017 23:52:44 UNKNOWN ? /dev/pts/8 /bin/login no 165 3. 10/17/2017 23:52:52 UNKNOWN ? /dev/pts/8 /bin/login no 167 4. 10/17/2017 23:52:58 tyhicks ? /dev/pts/8 /bin/login no 169 5. 10/17/2017 23:53:02 1000 ? /dev/pts/8 /bin/login yes 175 Note the "1000" in the auid column on the #5 row. It should *not* be "-1". [Regression Potential] The regression potential is limited due to the change only affecting a single line of code, the fix comes from upstream, and that the aureport utility is not critical. [Original Report] == Comment: #0 - Miao Tao Feng- 2016-11-23 02:46:25 == When we develop new testcase for audit, we found that command "aureport -l" print out wrong auid "-1" on ubuntu16.04 and it should be 1000 according to the audit.log. The following are details: root@roselp2:~# aureport -l Login Report # date time auid host term exe success event 1. 11/23/2016 02:20:12 -1 10.33.24.118 /dev/pts/0 /usr/sbin/sshd yes 18 The auid "-1" on the above line should be "1000? according to the audit.log. root@roselp2:~# grep ":18" /var/log/audit/audit.log type=USER_LOGIN msg=audit(1479889212.292:18): pid=4177 uid=0 auid=1000 ses=4 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=10.33.24.118 addr=10.33.24.118 terminal=/dev/pts/0 res=success' root@roselp2:~# dpkg -s auditd Package: auditd Status: install ok installed Priority: extra Section: admin Installed-Size: 1051 Maintainer: Ubuntu Developers Architecture: ppc64el Source: audit Version: 1:2.4.5-1ubuntu2 Depends: lsb-base (>= 3.0-6), mawk | gawk, init-system-helpers (>= 1.18~), libaudit1 (>= 1:2.4.2), libauparse0 (>= 1:2.3.1), libc6 (>= 2.17) Suggests: audispd-plugins root@roselp2:~# uname -a Linux roselp2 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:38:24 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux root@roselp2:~# service auditd status ? auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: active (running) since Wed 2016-11-23 02:19:21 CST; 19s ago Main PID: 4085 (auditd) CGroup: /system.slice/auditd.service ??4085 /sbin/auditd -n Nov 23 02:19:21 roselp2 auditctl[4086]: enabled 0 Nov 23 02:19:21 roselp2 auditctl[4086]: failure 1 Nov 23 02:19:21 roselp2 auditctl[4086]: pid 0 Nov 23 02:19:21 roselp2 auditctl[4086]: rate_limit 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_limit 320 Nov 23 02:19:21 roselp2 auditctl[4086]: lost 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_wait_time 15000 Nov 23 02:19:21 roselp2 systemd[1]: Started Security Auditing Service. Nov 23 02:19:21 roselp2 auditd[4085]: Init complete, auditd 2.4.5 listening for Please cherry pick https://github.com/linux-audit/audit- userspace/commit/25097d64344828a80acf681da5c1dacc4ea3c069 To manage notifications about this bug go to:
[Group.of.nepali.translators] [Bug 1724152] Re: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04
** Changed in: audit (Ubuntu Zesty) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1724152 Title: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04 Status in The Ubuntu-power-systems project: Fix Released Status in audit package in Ubuntu: Invalid Status in audit source package in Xenial: Fix Released Status in audit source package in Zesty: Won't Fix Bug description: [Impact] The aureport command, part of the audit userspace utilities, incorrectly reports the user id of successful logins. "-1" is printed instead of the expected user id. [Test Case] As root, run `login`. Proceed as follows: 1. Login with a blank username and any password 2. Login with an invalid username and any password 3. Login with a valid username and an invalid password 4. Login with a valid username and a valid password 5. Exit from the login shell 6. Run `aureport -l` and examine the last for login records An unpatched aureport will print the following: # date time auid host term exe success event ... 2. 10/17/2017 23:45:32 UNKNOWN ? /dev/pts/8 /bin/login no 97 3. 10/17/2017 23:45:39 UNKNOWN ? /dev/pts/8 /bin/login no 99 4. 10/17/2017 23:45:45 tyhicks ? /dev/pts/8 /bin/login no 101 5. 10/17/2017 23:45:49 -1 ? /dev/pts/8 /bin/login yes 107 A patch aureport will print the correct output: Login Report # date time auid host term exe success event ... 2. 10/17/2017 23:52:44 UNKNOWN ? /dev/pts/8 /bin/login no 165 3. 10/17/2017 23:52:52 UNKNOWN ? /dev/pts/8 /bin/login no 167 4. 10/17/2017 23:52:58 tyhicks ? /dev/pts/8 /bin/login no 169 5. 10/17/2017 23:53:02 1000 ? /dev/pts/8 /bin/login yes 175 Note the "1000" in the auid column on the #5 row. It should *not* be "-1". [Regression Potential] The regression potential is limited due to the change only affecting a single line of code, the fix comes from upstream, and that the aureport utility is not critical. [Original Report] == Comment: #0 - Miao Tao Feng- 2016-11-23 02:46:25 == When we develop new testcase for audit, we found that command "aureport -l" print out wrong auid "-1" on ubuntu16.04 and it should be 1000 according to the audit.log. The following are details: root@roselp2:~# aureport -l Login Report # date time auid host term exe success event 1. 11/23/2016 02:20:12 -1 10.33.24.118 /dev/pts/0 /usr/sbin/sshd yes 18 The auid "-1" on the above line should be "1000? according to the audit.log. root@roselp2:~# grep ":18" /var/log/audit/audit.log type=USER_LOGIN msg=audit(1479889212.292:18): pid=4177 uid=0 auid=1000 ses=4 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=10.33.24.118 addr=10.33.24.118 terminal=/dev/pts/0 res=success' root@roselp2:~# dpkg -s auditd Package: auditd Status: install ok installed Priority: extra Section: admin Installed-Size: 1051 Maintainer: Ubuntu Developers Architecture: ppc64el Source: audit Version: 1:2.4.5-1ubuntu2 Depends: lsb-base (>= 3.0-6), mawk | gawk, init-system-helpers (>= 1.18~), libaudit1 (>= 1:2.4.2), libauparse0 (>= 1:2.3.1), libc6 (>= 2.17) Suggests: audispd-plugins root@roselp2:~# uname -a Linux roselp2 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:38:24 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux root@roselp2:~# service auditd status ? auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: active (running) since Wed 2016-11-23 02:19:21 CST; 19s ago Main PID: 4085 (auditd) CGroup: /system.slice/auditd.service ??4085 /sbin/auditd -n Nov 23 02:19:21 roselp2 auditctl[4086]: enabled 0 Nov 23 02:19:21 roselp2 auditctl[4086]: failure 1 Nov 23 02:19:21 roselp2 auditctl[4086]: pid 0 Nov 23 02:19:21 roselp2 auditctl[4086]: rate_limit 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_limit 320 Nov 23 02:19:21 roselp2 auditctl[4086]: lost 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_wait_time 15000 Nov 23 02:19:21 roselp2 systemd[1]: Started Security Auditing Service. Nov 23 02:19:21 roselp2 auditd[4085]: Init complete, auditd 2.4.5 listening for Please cherry pick https://github.com/linux-audit/audit- userspace/commit/25097d64344828a80acf681da5c1dacc4ea3c069 To manage notifications about this bug go to:
[Group.of.nepali.translators] [Bug 1724152] Re: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04
This bug was fixed in the package audit - 1:2.4.5-1ubuntu2.1 --- audit (1:2.4.5-1ubuntu2.1) xenial; urgency=medium * debian/patches/02-print-loginuid-in-login-report.patch: Display the loginuid when using aureport to display a login report (LP: #1724152) -- Tyler HicksTue, 17 Oct 2017 20:03:34 + ** Changed in: audit (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1724152 Title: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04 Status in The Ubuntu-power-systems project: Fix Committed Status in audit package in Ubuntu: Invalid Status in audit source package in Xenial: Fix Released Status in audit source package in Zesty: Fix Committed Bug description: [Impact] The aureport command, part of the audit userspace utilities, incorrectly reports the user id of successful logins. "-1" is printed instead of the expected user id. [Test Case] As root, run `login`. Proceed as follows: 1. Login with a blank username and any password 2. Login with an invalid username and any password 3. Login with a valid username and an invalid password 4. Login with a valid username and a valid password 5. Exit from the login shell 6. Run `aureport -l` and examine the last for login records An unpatched aureport will print the following: # date time auid host term exe success event ... 2. 10/17/2017 23:45:32 UNKNOWN ? /dev/pts/8 /bin/login no 97 3. 10/17/2017 23:45:39 UNKNOWN ? /dev/pts/8 /bin/login no 99 4. 10/17/2017 23:45:45 tyhicks ? /dev/pts/8 /bin/login no 101 5. 10/17/2017 23:45:49 -1 ? /dev/pts/8 /bin/login yes 107 A patch aureport will print the correct output: Login Report # date time auid host term exe success event ... 2. 10/17/2017 23:52:44 UNKNOWN ? /dev/pts/8 /bin/login no 165 3. 10/17/2017 23:52:52 UNKNOWN ? /dev/pts/8 /bin/login no 167 4. 10/17/2017 23:52:58 tyhicks ? /dev/pts/8 /bin/login no 169 5. 10/17/2017 23:53:02 1000 ? /dev/pts/8 /bin/login yes 175 Note the "1000" in the auid column on the #5 row. It should *not* be "-1". [Regression Potential] The regression potential is limited due to the change only affecting a single line of code, the fix comes from upstream, and that the aureport utility is not critical. [Original Report] == Comment: #0 - Miao Tao Feng - 2016-11-23 02:46:25 == When we develop new testcase for audit, we found that command "aureport -l" print out wrong auid "-1" on ubuntu16.04 and it should be 1000 according to the audit.log. The following are details: root@roselp2:~# aureport -l Login Report # date time auid host term exe success event 1. 11/23/2016 02:20:12 -1 10.33.24.118 /dev/pts/0 /usr/sbin/sshd yes 18 The auid "-1" on the above line should be "1000? according to the audit.log. root@roselp2:~# grep ":18" /var/log/audit/audit.log type=USER_LOGIN msg=audit(1479889212.292:18): pid=4177 uid=0 auid=1000 ses=4 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=10.33.24.118 addr=10.33.24.118 terminal=/dev/pts/0 res=success' root@roselp2:~# dpkg -s auditd Package: auditd Status: install ok installed Priority: extra Section: admin Installed-Size: 1051 Maintainer: Ubuntu Developers Architecture: ppc64el Source: audit Version: 1:2.4.5-1ubuntu2 Depends: lsb-base (>= 3.0-6), mawk | gawk, init-system-helpers (>= 1.18~), libaudit1 (>= 1:2.4.2), libauparse0 (>= 1:2.3.1), libc6 (>= 2.17) Suggests: audispd-plugins root@roselp2:~# uname -a Linux roselp2 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:38:24 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux root@roselp2:~# service auditd status ? auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: active (running) since Wed 2016-11-23 02:19:21 CST; 19s ago Main PID: 4085 (auditd) CGroup: /system.slice/auditd.service ??4085 /sbin/auditd -n Nov 23 02:19:21 roselp2 auditctl[4086]: enabled 0 Nov 23 02:19:21 roselp2 auditctl[4086]: failure 1 Nov 23 02:19:21 roselp2 auditctl[4086]: pid 0 Nov 23 02:19:21 roselp2 auditctl[4086]: rate_limit 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_limit 320 Nov 23 02:19:21 roselp2 auditctl[4086]: lost 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_wait_time
[Group.of.nepali.translators] [Bug 1724152] Re: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04
I have verified this bug on Ubuntu 17.04 and Ubuntu 16.04 LTS. It does not affect Ubuntu 17.10 (artful) as the audit package is new enough in that release to have received the upstream fix. While performing the backport of the fix, I noticed that the code comments around the area of the code that was modified were at odds with the code changes. After determining that the code was correct and the comments were incorrect, I opened a upstream pull request to fix the comments: https://github.com/linux-audit/audit-userspace/pull/30 I'll proceed with only the code changes and leave the incorrect comment for the purposes of this SRU. ** Changed in: audit (Ubuntu) Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) => Tyler Hicks (tyhicks) ** Changed in: audit (Ubuntu) Status: New => In Progress ** Changed in: audit (Ubuntu) Importance: Undecided => Medium ** Also affects: audit (Ubuntu Zesty) Importance: Undecided Status: New ** Also affects: audit (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: audit (Ubuntu Xenial) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: audit (Ubuntu Zesty) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: audit (Ubuntu Xenial) Status: New => In Progress ** Changed in: audit (Ubuntu Zesty) Status: New => In Progress ** Changed in: audit (Ubuntu) Status: In Progress => Invalid ** Changed in: audit (Ubuntu) Assignee: Tyler Hicks (tyhicks) => (unassigned) ** Changed in: audit (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: audit (Ubuntu Zesty) Importance: Undecided => Medium -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1724152 Title: ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on ubuntu16.04 Status in The Ubuntu-power-systems project: New Status in audit package in Ubuntu: Invalid Status in audit source package in Xenial: In Progress Status in audit source package in Zesty: In Progress Bug description: == Comment: #0 - Miao Tao Feng- 2016-11-23 02:46:25 == When we develop new testcase for audit, we found that command "aureport -l" print out wrong auid "-1" on ubuntu16.04 and it should be 1000 according to the audit.log. The following are details: root@roselp2:~# aureport -l Login Report # date time auid host term exe success event 1. 11/23/2016 02:20:12 -1 10.33.24.118 /dev/pts/0 /usr/sbin/sshd yes 18 The auid "-1" on the above line should be "1000? according to the audit.log. root@roselp2:~# grep ":18" /var/log/audit/audit.log type=USER_LOGIN msg=audit(1479889212.292:18): pid=4177 uid=0 auid=1000 ses=4 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=10.33.24.118 addr=10.33.24.118 terminal=/dev/pts/0 res=success' root@roselp2:~# dpkg -s auditd Package: auditd Status: install ok installed Priority: extra Section: admin Installed-Size: 1051 Maintainer: Ubuntu Developers Architecture: ppc64el Source: audit Version: 1:2.4.5-1ubuntu2 Depends: lsb-base (>= 3.0-6), mawk | gawk, init-system-helpers (>= 1.18~), libaudit1 (>= 1:2.4.2), libauparse0 (>= 1:2.3.1), libc6 (>= 2.17) Suggests: audispd-plugins root@roselp2:~# uname -a Linux roselp2 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:38:24 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux root@roselp2:~# service auditd status ? auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e Active: active (running) since Wed 2016-11-23 02:19:21 CST; 19s ago Main PID: 4085 (auditd) CGroup: /system.slice/auditd.service ??4085 /sbin/auditd -n Nov 23 02:19:21 roselp2 auditctl[4086]: enabled 0 Nov 23 02:19:21 roselp2 auditctl[4086]: failure 1 Nov 23 02:19:21 roselp2 auditctl[4086]: pid 0 Nov 23 02:19:21 roselp2 auditctl[4086]: rate_limit 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_limit 320 Nov 23 02:19:21 roselp2 auditctl[4086]: lost 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog 0 Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_wait_time 15000 Nov 23 02:19:21 roselp2 systemd[1]: Started Security Auditing Service. Nov 23 02:19:21 roselp2 auditd[4085]: Init complete, auditd 2.4.5 listening for Please cherry pick https://github.com/linux-audit/audit- userspace/commit/25097d64344828a80acf681da5c1dacc4ea3c069 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1724152/+subscriptions ___ Mailing list: