[Touch-packages] [Bug 1948357] Re: sshd have no USER_LOGOUT audit event
As per [1], the difference reported in the bug is seen due to a pair of patches carried by Fedora/RH. This seems to be a feature (not a fix), therefore, I am not sure if this would be suitable for an SRU. The patch proposed in [1] seems to be under review for a long time (and parts of the patch have landed upstream over the years). The last upstream comment [2] (from Jan. 2020) states that the patch is obsolete. Moreover, the Red Hat bug mentioned in their spec file which points to the bug where the patch was likely discussed and proposed is private [3]. Therefore, I wonder if we want to introduce this feature in 22.04 (LTS) or wait for further upstream feedback in [1]. Since the next steps are not clear, I am removing the server- next/server-todo tags from the bug. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=1402 [2] https://bugzilla.mindrot.org/show_bug.cgi?id=1402#c81 [3] https://src.fedoraproject.org/rpms/openssh/blob/c5e4c28ae15caed8a03d682c1adf2fa619968222/f/openssh.spec#_84 ** Bug watch added: OpenSSH Portable Bugzilla #1402 https://bugzilla.mindrot.org/show_bug.cgi?id=1402 ** Tags removed: server-next server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1948357 Title: sshd have no USER_LOGOUT audit event Status in openssh package in Ubuntu: Triaged Bug description: ubuntu 18.04 lizj@FNSTPC:~$ sudo aureport -e -i --summary | grep USER 43241 USER_END 16946 USER_START 16718 USER_ACCT 658 USER_AUTH 543 USER_CMD 255 USER_LOGIN 9 USER_ROLE_CHANGE 5 USER_ERR 2 USER_CHAUTHTOK 1 ADD_USER lizj@FNSTPC:~/.local/bin$ dpkg -l | grep openssh ii openssh-client1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) client, for secure access to remote machines ii openssh-server1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) sftp server module, for SFTP access from remote machines lizj@FNSTPC:~/.local/bin$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic while in my fedora 33 host, it includes USER_LOGOUT as below fedora 33 [root@iaas-rpma linux]# aureport -e -i --summary | grep USER 7356 CRYPTO_KEY_USER 2103 USER_START 1649 USER_END 1268 USER_ACCT 1108 USER_ROLE_CHANGE 1029 USER_AUTH 895 USER_LOGIN 789 USER_LOGOUT 60 USER_CMD 14 USER_ERR 3 USER_MGMT 3 USER_CHAUTHTOK 1 ADD_USER [root@iaas-rpma ~]# rpm -qa | grep openssh openssh-8.4p1-1.1.fc33.x86_64 openssh-clients-8.4p1-1.1.fc33.x86_64 openssh-server-8.4p1-1.1.fc33.x86_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1948357/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948357] Re: sshd have no USER_LOGOUT audit event
Hello, Thank you for taking the time to file out this bug. As I see, the report is correct and we could indeed use the same patch that Fedora/RH uses. Maybe, while at it also forward this bug report to Debian (and if possible, attach the fixing patch that fixes this)? That said, I'm marking this as server-next so someone can TAL at this and get this fixed for 22.04 release, at least. We can later see if it's worth SRU'ing back to older releases or not. Let me know if you have any questions or concerns. TIA! ** Changed in: openssh (Ubuntu) Status: Confirmed => Triaged ** Changed in: openssh (Ubuntu) Importance: Undecided => Medium ** Tags added: server-next server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1948357 Title: sshd have no USER_LOGOUT audit event Status in openssh package in Ubuntu: Triaged Bug description: ubuntu 18.04 lizj@FNSTPC:~$ sudo aureport -e -i --summary | grep USER 43241 USER_END 16946 USER_START 16718 USER_ACCT 658 USER_AUTH 543 USER_CMD 255 USER_LOGIN 9 USER_ROLE_CHANGE 5 USER_ERR 2 USER_CHAUTHTOK 1 ADD_USER lizj@FNSTPC:~/.local/bin$ dpkg -l | grep openssh ii openssh-client1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) client, for secure access to remote machines ii openssh-server1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) sftp server module, for SFTP access from remote machines lizj@FNSTPC:~/.local/bin$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic while in my fedora 33 host, it includes USER_LOGOUT as below fedora 33 [root@iaas-rpma linux]# aureport -e -i --summary | grep USER 7356 CRYPTO_KEY_USER 2103 USER_START 1649 USER_END 1268 USER_ACCT 1108 USER_ROLE_CHANGE 1029 USER_AUTH 895 USER_LOGIN 789 USER_LOGOUT 60 USER_CMD 14 USER_ERR 3 USER_MGMT 3 USER_CHAUTHTOK 1 ADD_USER [root@iaas-rpma ~]# rpm -qa | grep openssh openssh-8.4p1-1.1.fc33.x86_64 openssh-clients-8.4p1-1.1.fc33.x86_64 openssh-server-8.4p1-1.1.fc33.x86_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1948357/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948357] Re: sshd have no USER_LOGOUT audit event
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1948357 Title: sshd have no USER_LOGOUT audit event Status in openssh package in Ubuntu: Confirmed Bug description: ubuntu 18.04 lizj@FNSTPC:~$ sudo aureport -e -i --summary | grep USER 43241 USER_END 16946 USER_START 16718 USER_ACCT 658 USER_AUTH 543 USER_CMD 255 USER_LOGIN 9 USER_ROLE_CHANGE 5 USER_ERR 2 USER_CHAUTHTOK 1 ADD_USER lizj@FNSTPC:~/.local/bin$ dpkg -l | grep openssh ii openssh-client1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) client, for secure access to remote machines ii openssh-server1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) sftp server module, for SFTP access from remote machines lizj@FNSTPC:~/.local/bin$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic while in my fedora 33 host, it includes USER_LOGOUT as below fedora 33 [root@iaas-rpma linux]# aureport -e -i --summary | grep USER 7356 CRYPTO_KEY_USER 2103 USER_START 1649 USER_END 1268 USER_ACCT 1108 USER_ROLE_CHANGE 1029 USER_AUTH 895 USER_LOGIN 789 USER_LOGOUT 60 USER_CMD 14 USER_ERR 3 USER_MGMT 3 USER_CHAUTHTOK 1 ADD_USER [root@iaas-rpma ~]# rpm -qa | grep openssh openssh-8.4p1-1.1.fc33.x86_64 openssh-clients-8.4p1-1.1.fc33.x86_64 openssh-server-8.4p1-1.1.fc33.x86_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1948357/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948357] Re: sshd have no USER_LOGOUT audit event
first report here: https://listman.redhat.com/archives/linux- audit/2021-October/msg00069.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1948357 Title: sshd have no USER_LOGOUT audit event Status in openssh package in Ubuntu: New Bug description: ubuntu 18.04 lizj@FNSTPC:~$ sudo aureport -e -i --summary | grep USER 43241 USER_END 16946 USER_START 16718 USER_ACCT 658 USER_AUTH 543 USER_CMD 255 USER_LOGIN 9 USER_ROLE_CHANGE 5 USER_ERR 2 USER_CHAUTHTOK 1 ADD_USER lizj@FNSTPC:~/.local/bin$ dpkg -l | grep openssh ii openssh-client1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) client, for secure access to remote machines ii openssh-server1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) sftp server module, for SFTP access from remote machines lizj@FNSTPC:~/.local/bin$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic while in my fedora 33 host, it includes USER_LOGOUT as below fedora 33 [root@iaas-rpma linux]# aureport -e -i --summary | grep USER 7356 CRYPTO_KEY_USER 2103 USER_START 1649 USER_END 1268 USER_ACCT 1108 USER_ROLE_CHANGE 1029 USER_AUTH 895 USER_LOGIN 789 USER_LOGOUT 60 USER_CMD 14 USER_ERR 3 USER_MGMT 3 USER_CHAUTHTOK 1 ADD_USER [root@iaas-rpma ~]# rpm -qa | grep openssh openssh-8.4p1-1.1.fc33.x86_64 openssh-clients-8.4p1-1.1.fc33.x86_64 openssh-server-8.4p1-1.1.fc33.x86_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1948357/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
