Ok, the MIR description has been updated to reflect changes that have occurred since I originally opened this MIR request and I've re- subscribed ubuntu-mir.
** Description changed: This is a MIR to bring a portion of binary packages built from the audit source package into main. The binary packages of interest (some of which are created by the attached debdiff for the audit package) are: - auditd - - libaudit-common + - libaudit-common - libaudit-dev - - libaudit1 - - libauparse-dev - - libauparse0 + - libaudit1 + - libauparse-dev + - libauparse0 - python-audit The binary pacakges that may remain in universe are: - audispd-plugins Availability: - Available in universe for all arches Rationale: - Discussed as part of the P and Q security catch all blueprints + https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all + https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all - libaudit0 is a build dependency of the Debian cron package + https://launchpad.net/bugs/878155 - The audit log can already be used by AppArmor + http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files - - linux-tools perf depends on libaudit-dev + - linux-tools perf depends on libaudit-dev Security: - One CVE (CVE-2008-1628) in the project's history - Note that CVEs have been assigned for the kernel audit subsystem, but those are unrelated to the audit userspace code - Security risk involved since auditd is a daemon that runs as root + Implementing privilege dropping would not be trivial: http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html - auditd can open up a port and listen for audit messages from remote machines - + NOTE: This is no longer true as of auditd 1:2.2.2-1ubuntu2, which disabled - the network listener support + + NOTE: This is no longer true as of auditd 1:2.2.2-1ubuntu2, which disabled + the network listener support + The default auditd.conf is *not* configured to open a port + auditd doesn't create a socket unless tcp_listen_port is set in auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c) + The upstream build system does not allow disabling of the networking code - The audispd-plugins binary package contains functionality to send audit messages to remote machines but a main inclusion is not being requested for audispd-plugins Quality Assurance: - Basic audit logging works immediately after auditd package installation - The upstream maintainer is active on the mailing list + https://www.redhat.com/mailman/listinfo/linux-audit - The lastest upstream release was on March 23, 2012 - - 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit - source package + - 1 "low" bug opened against Ubuntu audit source package + https://bugs.launchpad.net/ubuntu/+source/audit - - 5 "normal" bugs opened against the Debian audit source package + - 4 bugs opened against the Debian audit source package + + 1 important, 2 minor, 1 wishlist + http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit - 'make check' tests are enabled in the build - debian/watch exists UI Standards: - The only end-user application is in the system-config-audit binary package, which is not included in this MIR Dependencies: - One build dependency is not in main + libprelude-dev binary and source package is in universe - + NOTE: libev-dev is a current Build-Dependency, but it is not required because - audit contains its own libev. The attached debdiff removes it from audit's - Build-Dependency list. - - All relevant binary dependencies are in in main - + check-mir points out menu and chkconfig, but they are dependencies of - system-config-audit, which is not included in this MIR + - All external binary dependencies are in in main Standards Compliance: - No lintian errors - 9 overridden lintian warnings due to non-standard file/dir permissions because config and log files are intentionally installed with restrictive file permissions due to the security-related nature of the package (see debian/auditd.lintian-overrides) Maintenance: - This is a relatively simple package that seems to be well maintained upstream and in Debian - Should not require a dedicated maintainer in Ubuntu ** Changed in: libprelude (Ubuntu) Status: Invalid => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1026852 Title: [MIR] audit (pulls in libprelude) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1026852/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
