[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
The Precise Pangolin has reached end of life, so this bug will not be fixed for that release ** Changed in: audit (Ubuntu Precise) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: Fix Released Status in linux package in Ubuntu: Invalid Status in audit source package in Precise: Won't Fix Status in linux source package in Precise: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
** Also affects: audit (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Precise) Status: New => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: Fix Released Status in linux package in Ubuntu: Invalid Status in audit source package in Precise: Confirmed Status in linux source package in Precise: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: audit (Ubuntu Precise) Status: New => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: Fix Released Status in linux package in Ubuntu: Invalid Status in audit source package in Precise: Confirmed Status in linux source package in Precise: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
** Changed in: audit (Ubuntu Precise) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: audit (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: Fix Released Status in linux package in Ubuntu: Invalid Status in audit source package in Precise: Confirmed Status in linux source package in Precise: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Am I missing something or the current workaround is to use exit,always rules? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: In Progress Status in linux package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
any news ? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: In Progress Status in linux package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
We are being impacted too. Running ubuntu 12.04 with auditd 1.7.18-1ubuntu1 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: In Progress Status in linux package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
We really need to have auditd working ! More than annoying I find this bug quite critical given it renders auditd almost useless. = so true, it's quite amazing for a LTS/stable branch... Please do something :-) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: In Progress Status in linux package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
hello, Any news on this? It's when you really need it that you realize auditd no longer works for some time already. More than annoying I find this bug quite critical given it renders auditd almost useless. I'm no developper, but is the change difficult to backport? What are we missing? time/man power? Help greatly appreciated, Thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in audit package in Ubuntu: In Progress Status in linux package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Just noticed, that [1] is most likely a duplicate of this. [1] https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1317188 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: In Progress Status in “linux” package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
** Changed in: audit (Ubuntu) Status: Triaged = In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: In Progress Status in “linux” package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Marking the kernel task as invalid, since this is an auditctl bug. ** Changed in: linux (Ubuntu) Status: Incomplete = Invalid ** Changed in: audit (Ubuntu) Importance: Medium = High -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: Triaged Status in “linux” package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
I built Saucy's audit package for Precise and ran it under the -lts- saucy kernel. When running the auditctl command in the bug description, it emitted the following warning: Warning - entry rules deprecated, changing to exit rule Starting with kernel version 3.3, the audit kernel code refuses entry,always rules. Starting with audit version 2.0, auditctl converts entry,always rules to exit,always rules. The fix seems to be to backport upstream audit commits 300, 301, and 307 to Precise's audit package to make auditctl convert entry,always rules to exit,always. ** Changed in: audit (Ubuntu) Importance: Undecided = Medium ** Changed in: audit (Ubuntu) Status: Confirmed = Triaged ** Changed in: audit (Ubuntu) Assignee: (unassigned) = Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: Triaged Status in “linux” package in Ubuntu: Invalid Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: audit (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: Confirmed Status in “linux” package in Ubuntu: Incomplete Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
** Tags added: kernel-da-key ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: New Status in “linux” package in Ubuntu: New Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Can you see if this bug also affects the Saucy backport kernel, which will be used in 12.04.4? The .deb is available from: http://launchpadlibrarian.net/158291468/linux-generic-lts- saucy_3.11.0.15.14_amd64.deb ** Tags added: precise raring -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: New Status in “linux” package in Ubuntu: Incomplete Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Still present with 3.11.0.15.14. (leaving out the apport-collect, sorry) # dpkg -l linux-image-generic-lts-saucy Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-=-=-== ii linux-image-generic-lts-saucy 3.11.0.15.14 Generic Linux kernel image # uname -a Linux alum 3.11.0-15-generic #23~precise1-Ubuntu SMP Tue Dec 10 16:39:48 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel Status in “audit” package in Ubuntu: New Status in “linux” package in Ubuntu: Incomplete Bug description: auditctl fails to add rules when run with the -lts-quantal kernel Eample: # auditctl -l No rules # auditctl -a entry,always -F arch=b64 -S execve -k exec Error sending add rule data request (Invalid argument) # Looks like the syscall table needs updating, it works with the 3.2.0 kernel. Tagging this as a security vulnerability because it fails fairly quietly and may lead to high security systems not having required auditing (like PCI compliant systems), I only noticed by looking in /var/log/boot.log. Description: Ubuntu 12.04.2 LTS Release: 12.04 ii auditd 1.7.18-1ubuntu1 User space tools for security auditing ii linux-image-generic-lts-quantal3.5.0.26.33 Generic Linux kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
