The bug is not in aureport or libaudit. aureport looks for AUDIT_USER_LOGIN events in the audit log but we're not generating them in login programs due to libaudit support not being enabled at build time or, in the case of lightdm, missing libaudit support.
Note that we are generating an AUDIT_LOGIN event from the kernel upon login but aureport and friends are looking for AUDIT_USER_LOGIN events from userspace. This will require changes to a several packages. So far, I've been able to determine that openssh needs to be built with --enable-audit=linux and lightdm needs to be patched to generate AUDIT_USER_LOGIN events. The lightdm pam configs may also need updating for calling out to pam_loginuid.so but I'm not sure if that's required at this point. The shadow package was recently modified to enable libaudit support (https://launchpad.net/ubuntu/+source/shadow/1:4.1.5.1-1.1ubuntu5) so that change will need to be SRU'ed. The util-linux source package can generate AUDIT_USER_INFO events from its login program but we're using the login program from the shadow source package. After looking at the util-linux source, I don't see a reason to build it against libaudit at this time. ** Also affects: openssh (Ubuntu) Importance: Undecided Status: New ** Also affects: lightdm (Ubuntu) Importance: Undecided Status: New ** Also affects: shadow (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1478087 Title: ISST-LTE: aureport -l couldn't print out login info on ubuntu 14.04.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1478087/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
