Running augenrules should trigger an auditd restart

Bug #1590916 reported by Major Hayden on 2016-06-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
Medium
Major Hayden

Bug Description

The security role runs augenrules to create the main audit rules file whenever the rules template changes, but the handlers weren't set up to restart the audit daemon right after. We should chain the handlers so that the augenrules handler will trigger a restart of auditd.

This bug exists in master, mitaka, and liberty.

Fix proposed to branch: master
Review: https://review.openstack.org/327863

Changed in openstack-ansible:
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/327863
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=809b6cb52db069fc2cfc4e22f11fef417a893195
Submitter: Jenkins
Branch: master

commit 809b6cb52db069fc2cfc4e22f11fef417a893195
Author: Major Hayden <email address hidden>
Date: Thu Jun 9 15:14:42 2016 -0500

    Restart auditd after running augenrules

    The augenrules command joins together all of the audit rules from
    rules.d and it is run any time the audit rules template changes. However,
    the augenrules handler didn't actually restart auditd to apply the
    changes to the system.

    This patch fires off the auditd restart handler anytime the augenrules
    handler is notified.

    Closes-bug: 1590916

    Change-Id: Ice83fe17ebb0e9edff9da897e435ae96c1778580

Changed in openstack-ansible:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/328279
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=e26c9112f95b2b3503dd8650bb9f49c11940d5a6
Submitter: Jenkins
Branch: liberty

commit e26c9112f95b2b3503dd8650bb9f49c11940d5a6
Author: Major Hayden <email address hidden>
Date: Thu Jun 9 15:14:42 2016 -0500

    Restart auditd after running augenrules

    The augenrules command joins together all of the audit rules from
    rules.d and it is run any time the audit rules template changes. However,
    the augenrules handler didn't actually restart auditd to apply the
    changes to the system.

    This patch fires off the auditd restart handler anytime the augenrules
    handler is notified.

    Closes-bug: 1590916

    Change-Id: Ice83fe17ebb0e9edff9da897e435ae96c1778580
    (cherry picked from commit 809b6cb52db069fc2cfc4e22f11fef417a893195)

tags: added: in-liberty
tags: added: in-stable-mitaka

Reviewed: https://review.openstack.org/328278
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=bf195e2ec7c85b4e521385092f2d30adae05205e
Submitter: Jenkins
Branch: stable/mitaka

commit bf195e2ec7c85b4e521385092f2d30adae05205e
Author: Major Hayden <email address hidden>
Date: Thu Jun 9 15:14:42 2016 -0500

    Restart auditd after running augenrules

    The augenrules command joins together all of the audit rules from
    rules.d and it is run any time the audit rules template changes. However,
    the augenrules handler didn't actually restart auditd to apply the
    changes to the system.

    This patch fires off the auditd restart handler anytime the augenrules
    handler is notified.

    Closes-bug: 1590916

    Change-Id: Ice83fe17ebb0e9edff9da897e435ae96c1778580
    (cherry picked from commit 809b6cb52db069fc2cfc4e22f11fef417a893195)

This issue was fixed in the openstack/openstack-ansible-security 13.1.4 release.

This issue was fixed in the openstack/openstack-ansible-security 12.0.16 release.

This issue was fixed in the openstack/openstack-ansible-security 14.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers