This bug was fixed in the package util-linux - 2.27.1-6ubuntu3.4
util-linux (2.27.1-6ubuntu3.4) xenial; urgency=medium
* Add --with-audit to rules file and libaudit-dev to build depenedencies.
The hwclock needs audit defined in order to create audit records when
time is changed. (LP: #1722313)
-- Joy Latten <joy.lat...@canonical.com> Fri, 03 Nov 2017 17:46:07
** Changed in: util-linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
Enable auditing in util-linux.
Status in util-linux package in Ubuntu:
Status in util-linux source package in Xenial:
Status in util-linux source package in Zesty:
Status in util-linux source package in Artful:
Status in util-linux package in Debian:
Enable auditing in util-linux. The config option, --with-audit enables
Only the hwclock and the login commands within util-linux package have
source code for auditing. But that source code is disabled by default
and requires the config option, --with-audit to enable it. The login
command is not built nor shipped in util-linux. Ubuntu uses the login
command from shadow instead. Thus, only hwclock command would be
affected by this change.
The change would enable the hwclock command to generate an audit log
message to /var/log/audit/audit.log whenever it changes the hardware
clock. This message will only get logged to /var/log/audit/audit.log,
if auditd daemon is running. Otherwise, if the auditd is not running,
like most log messages, it will get logged to /var/log/kern.log and|or
/var/log/syslog if these services are enabled.
That the hwclock generates an audit message when hardware clock is
changed is a requirement for Common Criteria EAL2 certification for
This has been tested on both P8 and amd64 architectures. With the
patch all the Common Criteria testcases pass for hwclock. Before this
patch, the functional part of the testcase passed, but the check for
the triggered audit records would fail. Attached the Common Criteria
Also, the util-linux package has testcases that get run during the
build. All of these pass. Pointer to build log below.
The regression potential for this should be small. This change does not take
away from any current functionality. It just adds the ability to generate an
audit entry when system hardware clock is altered.
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~touch-packages
Post to : email@example.com
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp