openstack-ansible

Running augenrules should trigger an auditd restart

Bug #1590916 reported by Major Hayden
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
Fix Released
Medium
Major Hayden

Bug Description

The security role runs augenrules to create the main audit rules file whenever the rules template changes, but the handlers weren't set up to restart the audit daemon right after. We should chain the handlers so that the augenrules handler will trigger a restart of auditd.

This bug exists in master, mitaka, and liberty.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (master)

Fix proposed to branch: master
Review: https://review.openstack.org/327863

Changed in openstack-ansible:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (master)

Reviewed: https://review.openstack.org/327863
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=809b6cb52db069fc2cfc4e22f11fef417a893195
Submitter: Jenkins
Branch: master

commit 809b6cb52db069fc2cfc4e22f11fef417a893195
Author: Major Hayden <email address hidden>
Date: Thu Jun 9 15:14:42 2016 -0500

    Restart auditd after running augenrules

    The augenrules command joins together all of the audit rules from
    rules.d and it is run any time the audit rules template changes. However,
    the augenrules handler didn't actually restart auditd to apply the
    changes to the system.

    This patch fires off the auditd restart handler anytime the augenrules
    handler is notified.

    Closes-bug: 1590916

    Change-Id: Ice83fe17ebb0e9edff9da897e435ae96c1778580

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/328278

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (liberty)

Fix proposed to branch: liberty
Review: https://review.openstack.org/328279

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (liberty)

Reviewed: https://review.openstack.org/328279
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=e26c9112f95b2b3503dd8650bb9f49c11940d5a6
Submitter: Jenkins
Branch: liberty

commit e26c9112f95b2b3503dd8650bb9f49c11940d5a6
Author: Major Hayden <email address hidden>
Date: Thu Jun 9 15:14:42 2016 -0500

    Restart auditd after running augenrules

    The augenrules command joins together all of the audit rules from
    rules.d and it is run any time the audit rules template changes. However,
    the augenrules handler didn't actually restart auditd to apply the
    changes to the system.

    This patch fires off the auditd restart handler anytime the augenrules
    handler is notified.

    Closes-bug: 1590916

    Change-Id: Ice83fe17ebb0e9edff9da897e435ae96c1778580
    (cherry picked from commit 809b6cb52db069fc2cfc4e22f11fef417a893195)

tags: added: in-liberty
tags: added: in-stable-mitaka
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (stable/mitaka)

Reviewed: https://review.openstack.org/328278
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=bf195e2ec7c85b4e521385092f2d30adae05205e
Submitter: Jenkins
Branch: stable/mitaka

commit bf195e2ec7c85b4e521385092f2d30adae05205e
Author: Major Hayden <email address hidden>
Date: Thu Jun 9 15:14:42 2016 -0500

    Restart auditd after running augenrules

    The augenrules command joins together all of the audit rules from
    rules.d and it is run any time the audit rules template changes. However,
    the augenrules handler didn't actually restart auditd to apply the
    changes to the system.

    This patch fires off the auditd restart handler anytime the augenrules
    handler is notified.

    Closes-bug: 1590916

    Change-Id: Ice83fe17ebb0e9edff9da897e435ae96c1778580
    (cherry picked from commit 809b6cb52db069fc2cfc4e22f11fef417a893195)

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible-security 13.1.4

This issue was fixed in the openstack/openstack-ansible-security 13.1.4 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible-security 12.0.16

This issue was fixed in the openstack/openstack-ansible-security 12.0.16 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible-security 14.0.0.0b2

This issue was fixed in the openstack/openstack-ansible-security 14.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.