[Bug 1722313] Re: Enable auditing in util-linux.

[Bug Watch Updater]

** Changed in: util-linux (Debian)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Launchpad Bug Tracker]

This bug was fixed in the package util-linux - 2.27.1-6ubuntu3.4

---
util-linux (2.27.1-6ubuntu3.4) xenial; urgency=medium

  * Add --with-audit to rules file and libaudit-dev to build depenedencies.
The hwclock needs audit defined in order to create audit records when
time is changed. (LP: #1722313)

 -- Joy Latten   Fri, 03 Nov 2017 17:46:07
-0500

** Changed in: util-linux (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Launchpad Bug Tracker]

This bug was fixed in the package util-linux - 2.30.1-0ubuntu4.1

---
util-linux (2.30.1-0ubuntu4.1) artful; urgency=medium

  * Add --with-audit to rules file and libaudit-dev to build depenedencies.
The hwclock needs audit defined in order to create audit records when
time is changed. (LP: #1722313)

 -- Joy Latten   Sun, 05 Nov 2017 18:14:49
-0600

** Changed in: util-linux (Ubuntu Artful)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

Update on Artful regression analysis from comment #22.

1. Same as in comment #22. Hopefully these can be ignored as they were
for xenial.

2. Same as in comment #22. tests passed in different runs as stated
above. When the failures occurred, was because of time outs while
waiting for something. Failures appear to be intermittent and not
related to change made here.

3. gnocchi - appear to be a testcase usage message from python. Not
related to change made in this bug.

4. libdata-uuid-libuuid-perl (s390x) Julian did a test here using hello
and prior version of util-linux and they both failed with same error. So
this error is not related to this bug change. Something else changed
perhaps in testcase or test environment.

5. tracker passes on a re-run

6. nplan passes on a re-run

Conclusion: Hopefully above explanations result in regressions having
been resolved so util-linux in artful can be promoted.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

Summary of analysis of the autopkgtest failures listed for his SRU in
http://people.canonical.com/~ubuntu-archive/pending-sru.html

For Artful regressions:

1. dpdk (s390x), ocfs2-tools (s390x), lxcfs(s390x), ori(s390x), 
network-manager(s390x), lxd(s390x) 
These all have failing testcases that were skipped in prior version of 
util-linux. The same reason stated in comment #21 above may be applicable here 
as well. 

2. network-manager(ppc64el) - has had 2 runs. In one run, test_wpa1_ip4
fails, test_rfkill pass. In the other run, test_wpa1_ip4 pass and
test_rfkill fail. A timeout results in the failure. Seems testcases do
pass for this version of util-linux but sensitive current workload
maybe...

3. gnocchi(all platforms) - further investigating.

4. libdata-uuid-libuuid-perl(s390x) - might be to the change in test
environment such as #1.

5. tracker(arm64) - further investigation. no prior run to compare with.

6. nplan(arm64) - further investigation. no prior run to compare with.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

Summary of analysis of the autopkgtest failures listed for this SRU in
http://people.canonical.com/~ubuntu-archive/pending-sru.html

For Xenial regressions:

1. In xenial, the failing testcases had been skipped in prior versions and not 
run. 
i.e. "SKIP Test requires machine-level isolation but testbed does not provide 
that"

I talked to Julian who informed me that s390x testd went from LXC
containers to VMs.

Now those tests that had not been run before, were executing and
failing.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Robie Basak]

Please could someone check the autopkgtest failures listed against this
SRU in http://people.canonical.com/~ubuntu-archive/pending-sru.html?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

verified successfully in amd64 VM for zesty.

$ cat /etc/os-release 
NAME="Ubuntu"
VERSION="17.04 (Zesty Zapus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 17.04"
VERSION_ID="17.04"
HOME_URL="https://www.ubuntu.com/;
SUPPORT_URL="https://help.ubuntu.com/;
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/;
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy;
VERSION_CODENAME=zesty
UBUNTU_CODENAME=zesty

$ dpkg -l | grep util-linux
ii  util-linux 2.29-1ubuntu2.2  
 amd64miscellaneous system utilities

$ uname -a
Linux zestyguest 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 
x86_64 x86_64 x86_64 GNU/Linux

message logged after altering hardware clock,

type=USYS_CONFIG msg=audit(1512158548.257:24): pid=3081 uid=0 auid=1000
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=? addr=?
terminal=pts/0 res=success'




** Tags added: verification-done-zesty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

Verified on xenial on a P8 and a z13 zlpar.

>From P8:
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/;
SUPPORT_URL="http://help.ubuntu.com/;
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/;
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

$ uname -a
Linux  4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:53:44 UTC 2017 
ppc64le ppc64le ppc64le GNU/Linux

$ dpkg -l | grep util-linux
ii  util-linux 2.27.1-6ubuntu3.4
  ppc64el  miscellaneous system utilities

resulting log message, after altering system clock,

type=USYS_CONFIG msg=audit(1512153890.632:29): pid=26156 uid=0 auid=1000
ses=998 msg='changing system time exe="/sbin/hwclock" hostname=? addr=?
terminal=pts/0 res=success'



Test on z-13 zlpar,

$ cat /etc/os-release 
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/;
SUPPORT_URL="http://help.ubuntu.com/;
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/;
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

uname -a
Linux  4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:35:14 UTC 2017 s390x 
s390x s390x GNU/Linux

ubuntu@s1lp12:~$ dpkg -l | grep util-linux
ii  util-linux 2.27.1-6ubuntu3.4
  s390xmiscellaneous system utilities

$ /usr/bin/sudo hwclock --set --date "1/1/2000 00:00:00"
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --debug option to see the details of our search for an access 
method.

This is correct behaviour since zlpar cannot access the hw clock and is
consistent with prior versions.

message logged indicates the failure, 
type=USYS_CONFIG msg=audit(1512154473.517:12321): pid=84471 uid=0 auid=1000 
ses=1134 msg='changing system time exe="/sbin/hwclock" hostname=? addr=? 
terminal=pts/1 res=failed'


** Tags added: verification-done-xenial

** Description changed:

  [IMPACT]
  Enable auditing in util-linux. The config option, --with-audit enables 
auditing.
-  
- Only the hwclock and the login commands within util-linux package have source 
code for auditing. But that source code is disabled by default and requires the 
config option, --with-audit to enable it. The login command is not built nor 
shipped in util-linux. Ubuntu uses the login command from shadow instead. Thus, 
only hwclock command would be affected by this change.
+ 
+ Only the hwclock and the login commands within util-linux package have
+ source code for auditing. But that source code is disabled by default
+ and requires the config option, --with-audit to enable it. The login
+ command is not built nor shipped in util-linux. Ubuntu uses the login
+ command from shadow instead. Thus, only hwclock command would be
+ affected by this change.
  
  The change would enable the hwclock command to generate an audit log
  message to /var/log/audit/audit.log whenever it changes the hardware
- clock. This message will only get logged if auditd daemon is running.
- Otherwise, nothing gets logged.
+ clock. This message will only get logged to /var/log/audit/audit.log, if
+ auditd daemon is running. Otherwise, if the auditd is not running, like
+ most log messages, it will get logged to /var/log/kern.log and|or
+ /var/log/syslog if these services are enabled.
  
  That the hwclock generates an audit message when hardware clock is
  changed is a requirement for Common Criteria EAL2 certification for
  Xenial.
  
  [TEST]
  
  This has been tested on both P8 and amd64 architectures. With the patch
  all the Common Criteria testcases pass for hwclock. Before this patch,
  the functional part of the testcase passed, but the check for the
  triggered audit records would fail. Attached the Common Criteria
  testcase below.
  
  Also, the util-linux package has testcases that get run during the
  build. All of these pass. Pointer to build log below.
  
  [REGRESSION POTENTIAL]
  The regression potential for this should be small. This change does not take 
away from any current functionality. It just adds the ability to generate an 
audit entry when system hardware clock is altered.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Brian Murray]

Hello Joy, or anyone else affected,

Accepted util-linux into xenial-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/util-
linux/2.27.1-6ubuntu3.4 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, details of your
testing will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: util-linux (Ubuntu Xenial)
   Status: In Progress => Fix Committed

** Changed in: util-linux (Ubuntu Zesty)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

** Tags added: verification-done-artful

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

version of package verified on artful,
 
ubuntu@artfulguest:~$ dpkg -l | grep util-linux
ii  util-linux 2.30.1-0ubuntu4.1
amd64miscellaneous system utilities

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

Sorry, comment #13 had a cut-and-paste issue.

log message is, 
type=USYS_CONFIG msg=audit(1511898182.500:184): pid=3305 uid=0 auid=1000 ses=2 
msg='op=change-system-time exe="/sbin/hwclock" hostname=artfulguest addr=? 
terminal=pts/0 res=success'

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

Generated an artful VM and verified that this is fixed in artful.

ubuntu@artfulguest:~$ cat /etc/os-release 
NAME="Ubuntu"
VERSION="17.10 (Artful Aardvark)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 17.10"
VERSION_ID="17.10"
HOME_URL="https://www.ubuntu.com/;
SUPPORT_URL="https://help.ubuntu.com/;
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/;
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy;
VERSION_CODENAME=artful
UBUNTU_CODENAME=artful

altered the hwclock via "sudo hwclock --set --date "1/1/2000 00:00:00"

received following audit log message in appropriate log files when applicable.
type=USER_CMD msg=audit(1511896792.291:29): pid=3008 uid=1000 auid=1000 ses=2 
msg='cwd="/home/ubuntu" cmd="hwclock" terminal=pts/0 res=success'

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Łukasz Zemczak]

Hello Joy, or anyone else affected,

Accepted util-linux into artful-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/util-
linux/2.30.1-0ubuntu4.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-artful to verification-done-artful. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-artful. In either case, details of your
testing will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: util-linux (Ubuntu Artful)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Łukasz Zemczak]

** Changed in: util-linux (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Marc Deslauriers]

ACK on the debdiffs, uploaded for processing by the SRU team with a
couple of minor changelog changes: added bug number, fixed versioning.

Thanks!

** Changed in: util-linux (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: util-linux (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: util-linux (Ubuntu Artful)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] Re: Enable auditing in util-linux.

[Joy Latten]

** Summary changed:

- [SRU][xenial] Enable auditing in util-linux.
+ Enable auditing in util-linux.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs