[Bug 1722313] Re: Enable auditing in util-linux.
** Changed in: util-linux (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
This bug was fixed in the package util-linux - 2.27.1-6ubuntu3.4 --- util-linux (2.27.1-6ubuntu3.4) xenial; urgency=medium * Add --with-audit to rules file and libaudit-dev to build depenedencies. The hwclock needs audit defined in order to create audit records when time is changed. (LP: #1722313) -- Joy LattenFri, 03 Nov 2017 17:46:07 -0500 ** Changed in: util-linux (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
This bug was fixed in the package util-linux - 2.30.1-0ubuntu4.1 --- util-linux (2.30.1-0ubuntu4.1) artful; urgency=medium * Add --with-audit to rules file and libaudit-dev to build depenedencies. The hwclock needs audit defined in order to create audit records when time is changed. (LP: #1722313) -- Joy LattenSun, 05 Nov 2017 18:14:49 -0600 ** Changed in: util-linux (Ubuntu Artful) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Update on Artful regression analysis from comment #22. 1. Same as in comment #22. Hopefully these can be ignored as they were for xenial. 2. Same as in comment #22. tests passed in different runs as stated above. When the failures occurred, was because of time outs while waiting for something. Failures appear to be intermittent and not related to change made here. 3. gnocchi - appear to be a testcase usage message from python. Not related to change made in this bug. 4. libdata-uuid-libuuid-perl (s390x) Julian did a test here using hello and prior version of util-linux and they both failed with same error. So this error is not related to this bug change. Something else changed perhaps in testcase or test environment. 5. tracker passes on a re-run 6. nplan passes on a re-run Conclusion: Hopefully above explanations result in regressions having been resolved so util-linux in artful can be promoted. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Summary of analysis of the autopkgtest failures listed for his SRU in http://people.canonical.com/~ubuntu-archive/pending-sru.html For Artful regressions: 1. dpdk (s390x), ocfs2-tools (s390x), lxcfs(s390x), ori(s390x), network-manager(s390x), lxd(s390x) These all have failing testcases that were skipped in prior version of util-linux. The same reason stated in comment #21 above may be applicable here as well. 2. network-manager(ppc64el) - has had 2 runs. In one run, test_wpa1_ip4 fails, test_rfkill pass. In the other run, test_wpa1_ip4 pass and test_rfkill fail. A timeout results in the failure. Seems testcases do pass for this version of util-linux but sensitive current workload maybe... 3. gnocchi(all platforms) - further investigating. 4. libdata-uuid-libuuid-perl(s390x) - might be to the change in test environment such as #1. 5. tracker(arm64) - further investigation. no prior run to compare with. 6. nplan(arm64) - further investigation. no prior run to compare with. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Summary of analysis of the autopkgtest failures listed for this SRU in http://people.canonical.com/~ubuntu-archive/pending-sru.html For Xenial regressions: 1. In xenial, the failing testcases had been skipped in prior versions and not run. i.e. "SKIP Test requires machine-level isolation but testbed does not provide that" I talked to Julian who informed me that s390x testd went from LXC containers to VMs. Now those tests that had not been run before, were executing and failing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Please could someone check the autopkgtest failures listed against this SRU in http://people.canonical.com/~ubuntu-archive/pending-sru.html? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
verified successfully in amd64 VM for zesty. $ cat /etc/os-release NAME="Ubuntu" VERSION="17.04 (Zesty Zapus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 17.04" VERSION_ID="17.04" HOME_URL="https://www.ubuntu.com/; SUPPORT_URL="https://help.ubuntu.com/; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy; VERSION_CODENAME=zesty UBUNTU_CODENAME=zesty $ dpkg -l | grep util-linux ii util-linux 2.29-1ubuntu2.2 amd64miscellaneous system utilities $ uname -a Linux zestyguest 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux message logged after altering hardware clock, type=USYS_CONFIG msg=audit(1512158548.257:24): pid=3081 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/0 res=success' ** Tags added: verification-done-zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Verified on xenial on a P8 and a z13 zlpar. >From P8: $ cat /etc/os-release NAME="Ubuntu" VERSION="16.04.3 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.3 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/; SUPPORT_URL="http://help.ubuntu.com/; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/; VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial $ uname -a Linux 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:53:44 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux $ dpkg -l | grep util-linux ii util-linux 2.27.1-6ubuntu3.4 ppc64el miscellaneous system utilities resulting log message, after altering system clock, type=USYS_CONFIG msg=audit(1512153890.632:29): pid=26156 uid=0 auid=1000 ses=998 msg='changing system time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/0 res=success' Test on z-13 zlpar, $ cat /etc/os-release NAME="Ubuntu" VERSION="16.04.3 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.3 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/; SUPPORT_URL="http://help.ubuntu.com/; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/; VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial uname -a Linux 4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:35:14 UTC 2017 s390x s390x s390x GNU/Linux ubuntu@s1lp12:~$ dpkg -l | grep util-linux ii util-linux 2.27.1-6ubuntu3.4 s390xmiscellaneous system utilities $ /usr/bin/sudo hwclock --set --date "1/1/2000 00:00:00" hwclock: Cannot access the Hardware Clock via any known method. hwclock: Use the --debug option to see the details of our search for an access method. This is correct behaviour since zlpar cannot access the hw clock and is consistent with prior versions. message logged indicates the failure, type=USYS_CONFIG msg=audit(1512154473.517:12321): pid=84471 uid=0 auid=1000 ses=1134 msg='changing system time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/1 res=failed' ** Tags added: verification-done-xenial ** Description changed: [IMPACT] Enable auditing in util-linux. The config option, --with-audit enables auditing. - - Only the hwclock and the login commands within util-linux package have source code for auditing. But that source code is disabled by default and requires the config option, --with-audit to enable it. The login command is not built nor shipped in util-linux. Ubuntu uses the login command from shadow instead. Thus, only hwclock command would be affected by this change. + + Only the hwclock and the login commands within util-linux package have + source code for auditing. But that source code is disabled by default + and requires the config option, --with-audit to enable it. The login + command is not built nor shipped in util-linux. Ubuntu uses the login + command from shadow instead. Thus, only hwclock command would be + affected by this change. The change would enable the hwclock command to generate an audit log message to /var/log/audit/audit.log whenever it changes the hardware - clock. This message will only get logged if auditd daemon is running. - Otherwise, nothing gets logged. + clock. This message will only get logged to /var/log/audit/audit.log, if + auditd daemon is running. Otherwise, if the auditd is not running, like + most log messages, it will get logged to /var/log/kern.log and|or + /var/log/syslog if these services are enabled. That the hwclock generates an audit message when hardware clock is changed is a requirement for Common Criteria EAL2 certification for Xenial. [TEST] This has been tested on both P8 and amd64 architectures. With the patch all the Common Criteria testcases pass for hwclock. Before this patch, the functional part of the testcase passed, but the check for the triggered audit records would fail. Attached the Common Criteria testcase below. Also, the util-linux package has testcases that get run during the build. All of these pass. Pointer to build log below. [REGRESSION POTENTIAL] The regression potential for this should be small. This change does not take away from any current functionality. It just adds the ability to generate an audit entry when system hardware clock is altered. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Hello Joy, or anyone else affected, Accepted util-linux into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util- linux/2.27.1-6ubuntu3.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: util-linux (Ubuntu Xenial) Status: In Progress => Fix Committed ** Changed in: util-linux (Ubuntu Zesty) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
** Tags added: verification-done-artful -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
version of package verified on artful, ubuntu@artfulguest:~$ dpkg -l | grep util-linux ii util-linux 2.30.1-0ubuntu4.1 amd64miscellaneous system utilities -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Sorry, comment #13 had a cut-and-paste issue. log message is, type=USYS_CONFIG msg=audit(1511898182.500:184): pid=3305 uid=0 auid=1000 ses=2 msg='op=change-system-time exe="/sbin/hwclock" hostname=artfulguest addr=? terminal=pts/0 res=success' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Generated an artful VM and verified that this is fixed in artful. ubuntu@artfulguest:~$ cat /etc/os-release NAME="Ubuntu" VERSION="17.10 (Artful Aardvark)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 17.10" VERSION_ID="17.10" HOME_URL="https://www.ubuntu.com/; SUPPORT_URL="https://help.ubuntu.com/; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy; VERSION_CODENAME=artful UBUNTU_CODENAME=artful altered the hwclock via "sudo hwclock --set --date "1/1/2000 00:00:00" received following audit log message in appropriate log files when applicable. type=USER_CMD msg=audit(1511896792.291:29): pid=3008 uid=1000 auid=1000 ses=2 msg='cwd="/home/ubuntu" cmd="hwclock" terminal=pts/0 res=success' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
Hello Joy, or anyone else affected, Accepted util-linux into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util- linux/2.30.1-0ubuntu4.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: util-linux (Ubuntu Artful) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
** Changed in: util-linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
ACK on the debdiffs, uploaded for processing by the SRU team with a couple of minor changelog changes: added bug number, fixed versioning. Thanks! ** Changed in: util-linux (Ubuntu Xenial) Status: New => In Progress ** Changed in: util-linux (Ubuntu Zesty) Status: New => In Progress ** Changed in: util-linux (Ubuntu Artful) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1722313] Re: Enable auditing in util-linux.
** Summary changed: - [SRU][xenial] Enable auditing in util-linux. + Enable auditing in util-linux. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs