** Description changed: [IMPACT] There is a requirement for Common Criteria EAL2 certification that changes to the system's hardware clock be audited/monitored. In Ubuntu the hwclock command can be used to alter the system's hardware clock. Thus this event needs to be audited for EAL2. The hwclock command within util-linux has the ability to create an audit event when the system's hardware clock is altered, but this ability is enabled via the --with-audit config option. This option is currently not enabled. - Only the hwclock and the login commands within util-linux package use - this --with-audit config option to enable auditing. However, it appears - the login command is not built nor shipped in util-linux. Ubuntu uses - the login command from shadow instead. Thus, only hwclock command would - be affected by this change. The change would enable (1) call to - audit_open to create a netlink socket descritor. (2) generate an audit - entry when system hardware clock altered. The entry will be logged into - the /var/log/audit/audit.log IF auditd is installed and running. - - [FIX] - + Only the hwclock and the login commands within util-linux package use this --with-audit config option to enable auditing. However, it appears the login command is not built nor shipped in util-linux. Ubuntu uses the login command from shadow instead. Thus, only hwclock command would be affected by this change. The change would enable (1) call to audit_open to create a netlink socket descritor. (2) generate an audit entry when system hardware clock altered. The entry will be logged into the /var/log/audit/audit.log IF auditd is installed and running. + [TEST] This has been tested on both P8 and amd64 architectures. With the patch all the Common Criteria testcases pass for hwclock. Before this patch, the functional part of the testcase passed, but the check for the triggered audit records would fail. [REGRESSION POTENTIAL] The regression potential for this should be small. This change does not take away from any current functionality. It just adds the ability to generate an audit entry when system hardware clock is altered.
** Attachment added: "debdiff of version 3.3 and 3.4~joyppa2" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+attachment/4966026/+files/debdiff.out -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered. Status in util-linux package in Ubuntu: New Bug description: [IMPACT] There is a requirement for Common Criteria EAL2 certification that changes to the system's hardware clock be audited/monitored. In Ubuntu the hwclock command can be used to alter the system's hardware clock. Thus this event needs to be audited for EAL2. The hwclock command within util-linux has the ability to create an audit event when the system's hardware clock is altered, but this ability is enabled via the --with-audit config option. This option is currently not enabled. Only the hwclock and the login commands within util-linux package use this --with-audit config option to enable auditing. However, it appears the login command is not built nor shipped in util-linux. Ubuntu uses the login command from shadow instead. Thus, only hwclock command would be affected by this change. The change would enable (1) call to audit_open to create a netlink socket descritor. (2) generate an audit entry when system hardware clock altered. The entry will be logged into the /var/log/audit/audit.log IF auditd is installed and running. [TEST] This has been tested on both P8 and amd64 architectures. With the patch all the Common Criteria testcases pass for hwclock. Before this patch, the functional part of the testcase passed, but the check for the triggered audit records would fail. [REGRESSION POTENTIAL] The regression potential for this should be small. This change does not take away from any current functionality. It just adds the ability to generate an audit entry when system hardware clock is altered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
