You have been subscribed to a public bug: Ubuntu should log user modification events to the system audit trail (/var/log/audit/audit.log) but does not.
Steps to Verify: - Install Ubuntu 14.04 on an x86_64 VM - apt install auditd - useradd testuser - ausearch -i Expected Results: An audit record should be appended to the audit trail that indicates testuser was added. Actual Results: An appropriate audit event was not appended to the audit trail. A record is logged in /var/log/auth.log. Discussion: Auditable system events should be logged in the standard audit trail via the Linux audit subsystem. Doing so provides a central location where sysadmins can monitor security events. The Linux audit subsystem can be used to meet Common Criteria and compliance hardening standards requirements. OSPP v2.0 [https://www.commoncriteriaportal.org/files/ppfiles/pp0067b_pdf.pdf] should provide a good reference for commonly logged audit events and other audit requirements. ** Affects: audit (Ubuntu) Importance: Undecided Assignee: Taco Screen team (taco-screen-team) Status: New ** Tags: architecture-all bugnameltc-120769 severity-high targetmilestone-inin1504 -- [Ubuntu 15.04] Ubuntu should audit account modification events https://bugs.launchpad.net/bugs/1414817 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to audit in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
