------- Comment From drbr...@us.ibm.com 2015-07-29 14:29 EDT------- This is not critical to have in 14.04.3 release for 8/06. However, it should go into service stream and must be in 16.04. According to George, it is a security issue in that it will falsely show that no logins took place when the admin specifically looks for them. It could cause an audit noncompliance for a variety of hardening standards (Common Criteria)
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to audit in Ubuntu. https://bugs.launchpad.net/bugs/1478087 Title: ISST-LTE: aureport -l couldn't print out login info on ubuntu 14.04.3 Status in audit package in Ubuntu: New Bug description: -- Problem Description -- We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login info. root@lakelp1:~# /etc/init.d/auditd status * auditd is running. root@lakelp1:~# auditctl -e 1 AUDIT_STATUS: enabled=1 flag=1 pid=38784 rate_limit=0 backlog_limit=320 lost=12 backlog=1 root@lakelp1:~# grep -i login /var/log/audit/audit.log type=LOGIN msg=audit(1437641256.987:67): pid=11752 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=4 res=1 type=LOGIN msg=audit(1437642646.478:85): pid=44269 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=5 res=1 type=LOGIN msg=audit(1437642700.295:90): pid=21504 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=6 res=1 type=LOGIN msg=audit(1437642765.339:104): pid=16628 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=7 res=1 type=LOGIN msg=audit(1437644638.593:130): pid=44443 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=8 res=1 root@lakelp1:~# aureport -l Login Report ============================================ # date time auid host term exe success event ============================================ <no events of interest were found> This looks like a bug in aureport or libaudit. In addition to giving admins falsely empty record selections, this would prevent successful completion of a Common Criteria certification. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1478087/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
