[Bug 1722313] [NEW] [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

Joy Latten Mon, 09 Oct 2017 08:42:06 -0700

Public bug reported:

[IMPACT]
There is a requirement for Common Criteria EAL2 certification that changes to 
the system's hardware clock be audited/monitored. In Ubuntu the hwclock command 
can be used to alter the system's hardware clock. Thus this event needs to be 
audited for EAL2. The hwclock command within util-linux has the ability to 
create an audit event when the system's hardware clock is altered, but this 
ability is enabled via the --with-audit config option. This option is currently 
not enabled.


Only the hwclock and the login commands within util-linux package use
this --with-audit config option to enable auditing. However, it appears
the login command is not built nor shipped in util-linux. Ubuntu uses
the login command from shadow instead. Thus, only hwclock command would
be affected by this change. The change would enable (1) call to
audit_open to create a netlink socket descritor. (2) generate an audit
entry when system hardware clock altered. The entry will be logged into
the /var/log/audit/audit.log IF auditd is installed and running.

[FIX]

[TEST]

This has been tested on both P8 and amd64 architectures. With the patch
all the Common Criteria testcases pass for hwclock. Before this patch,
the functional part of the testcase passed, but the check for the
triggered audit records would fail.

[REGRESSION POTENTIAL]
The regression potential for this should be small. This change does not take 
away from any current functionality. It just adds the ability to generate an 
audit entry when system hardware clock is altered.

** Affects: util-linux (Ubuntu)
     Importance: Undecided
         Status: New

** Summary changed:

- Add "--with-audit" config option so that the hwclock command creates audit 
records when it is used to alter the hardware clock.
+ [SRU][xenial] Add "--with-audit" config option so that the hwclock command 
creates an audit record when the hardware clock is altered.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  [SRU][xenial] Add "--with-audit" config option so that the hwclock
  command creates an audit record when the hardware clock is altered.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1722313] [NEW] [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

Reply via email to