| 2012-07-20 00:19:46 |
Tyler Hicks |
bug |
|
|
added bug |
| 2012-07-20 00:23:14 |
Tyler Hicks |
bug |
|
|
added subscriber MIR approval team |
| 2012-07-20 00:58:43 |
Tyler Hicks |
description |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest are:
- auditd
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- Two build dependencies are not in main
+ libprelude-dev binary and source package is in universe
+ libev-dev binary and source package is in universe
+ TODO: More investigation is currently needed to resolve this problem
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest are:
- auditd
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- Two build dependencies are not in main
+ libprelude-dev binary and source package is in universe
+ libev-dev binary and source package is in universe
+ TODO: More investigation is currently needed to resolve this problem
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
|
| 2012-07-20 01:42:48 |
Tyler Hicks |
summary |
[MIR] audit |
[MIR] audit (pulls in libprelude and maybe libev) |
|
| 2012-07-20 01:43:14 |
Tyler Hicks |
bug task added |
|
libprelude (Ubuntu) |
|
| 2012-07-20 01:43:47 |
Tyler Hicks |
bug task added |
|
libev (Ubuntu) |
|
| 2012-07-20 01:44:15 |
Tyler Hicks |
description |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest are:
- auditd
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- Two build dependencies are not in main
+ libprelude-dev binary and source package is in universe
+ libev-dev binary and source package is in universe
+ TODO: More investigation is currently needed to resolve this problem
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest are:
- auditd
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- Two build dependencies are not in main
+ libprelude-dev binary and source package is in universe
+ libev-dev binary and source package is in universe
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
|
| 2012-07-20 19:53:17 |
Tyler Hicks |
removed subscriber MIR approval team |
|
|
|
| 2012-07-20 19:53:35 |
Tyler Hicks |
libev (Ubuntu): status |
New |
Invalid |
|
| 2012-07-20 19:53:38 |
Tyler Hicks |
libprelude (Ubuntu): status |
New |
Invalid |
|
| 2012-11-26 20:51:25 |
Tyler Hicks |
attachment added |
|
audit_1.7.18-1ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1026852/+attachment/3444387/+files/audit_1.7.18-1ubuntu2.debdiff |
|
| 2012-11-26 20:51:37 |
Tyler Hicks |
summary |
[MIR] audit (pulls in libprelude and maybe libev) |
[MIR] audit (pulls in libprelude) |
|
| 2012-11-26 20:56:26 |
Tyler Hicks |
description |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest are:
- auditd
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- Two build dependencies are not in main
+ libprelude-dev binary and source package is in universe
+ libev-dev binary and source package is in universe
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest (some of which are created by the attached debdiff for the audit package) are:
- auditd-common
- auditd-light
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- auditd
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- One build dependency is not in main
+ libprelude-dev binary and source package is in universe
+ NOTE: libev-dev is a current Build-Dependency, but it is not required because
audit contains its own libev. The attached debdiff removes it from audit's
Build-Dependency list.
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
|
| 2012-11-27 00:16:26 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2012-11-27 00:16:33 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
| 2012-12-01 15:09:51 |
Laurent Bigonville |
bug |
|
|
added subscriber Laurent Bigonville |
| 2012-12-05 15:51:59 |
Marc Deslauriers |
removed subscriber Ubuntu Sponsors Team |
|
|
|
| 2013-02-06 17:22:28 |
Tim Gardner |
bug |
|
|
added subscriber Tim Gardner |
| 2013-02-06 23:00:53 |
Tyler Hicks |
attachment added |
|
audit_2.2.2-1ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1026852/+attachment/3517835/+files/audit_2.2.2-1ubuntu2.debdiff |
|
| 2013-02-07 00:23:03 |
Tyler Hicks |
description |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest (some of which are created by the attached debdiff for the audit package) are:
- auditd-common
- auditd-light
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- auditd
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- One build dependency is not in main
+ libprelude-dev binary and source package is in universe
+ NOTE: libev-dev is a current Build-Dependency, but it is not required because
audit contains its own libev. The attached debdiff removes it from audit's
Build-Dependency list.
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest (some of which are created by the attached debdiff for the audit package) are:
- auditd
- libaudit-common
- libaudit-dev
- libaudit1
- libauparse-dev
- libauparse0
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already be used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
- linux-tools perf depends on libaudit-dev
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ NOTE: This is no longer true as of auditd 1:2.2.2-1ubuntu2, which disabled
the network listener support
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- One build dependency is not in main
+ libprelude-dev binary and source package is in universe
+ NOTE: libev-dev is a current Build-Dependency, but it is not required because
audit contains its own libev. The attached debdiff removes it from audit's
Build-Dependency list.
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
|
| 2013-02-07 00:31:28 |
Tyler Hicks |
description |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest (some of which are created by the attached debdiff for the audit package) are:
- auditd
- libaudit-common
- libaudit-dev
- libaudit1
- libauparse-dev
- libauparse0
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already be used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
- linux-tools perf depends on libaudit-dev
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ NOTE: This is no longer true as of auditd 1:2.2.2-1ubuntu2, which disabled
the network listener support
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- One build dependency is not in main
+ libprelude-dev binary and source package is in universe
+ NOTE: libev-dev is a current Build-Dependency, but it is not required because
audit contains its own libev. The attached debdiff removes it from audit's
Build-Dependency list.
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest (some of which are created by the attached debdiff for the audit package) are:
- auditd
- libaudit-common
- libaudit-dev
- libaudit1
- libauparse-dev
- libauparse0
- python-audit
The binary pacakges that may remain in universe are:
- audispd-plugins
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already be used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
- linux-tools perf depends on libaudit-dev
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ NOTE: This is no longer true as of auditd 1:2.2.2-1ubuntu2, which disabled
the network listener support
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 1 "low" bug opened against Ubuntu audit source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 4 bugs opened against the Debian audit source package
+ 1 important, 2 minor, 1 wishlist
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- One build dependency is not in main
+ libprelude-dev binary and source package is in universe
- All external binary dependencies are in in main
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu |
|
| 2013-02-07 00:34:53 |
Tyler Hicks |
libprelude (Ubuntu): status |
Invalid |
New |
|
| 2013-02-07 00:35:17 |
Tyler Hicks |
bug |
|
|
added subscriber MIR approval team |
| 2013-02-07 00:52:06 |
Tyler Hicks |
bug task deleted |
libev (Ubuntu) |
|
|
| 2013-02-07 06:25:15 |
Launchpad Janitor |
audit (Ubuntu): status |
New |
Fix Released |
|
| 2013-02-07 17:15:34 |
Tyler Hicks |
audit (Ubuntu): status |
Fix Released |
New |
|
| 2013-02-07 20:50:13 |
Jamie Strandboge |
audit (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2013-02-07 20:50:17 |
Jamie Strandboge |
libprelude (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2013-02-07 21:10:00 |
Jamie Strandboge |
libprelude (Ubuntu): status |
New |
Fix Committed |
|
| 2013-02-07 21:10:00 |
Jamie Strandboge |
libprelude (Ubuntu): assignee |
Jamie Strandboge (jdstrand) |
|
|
| 2013-02-07 21:42:32 |
Jamie Strandboge |
audit (Ubuntu): status |
New |
In Progress |
|
| 2013-02-07 21:42:32 |
Jamie Strandboge |
audit (Ubuntu): assignee |
Jamie Strandboge (jdstrand) |
Tyler Hicks (tyhicks) |
|
| 2013-02-09 02:27:54 |
Adam Conrad |
libprelude (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2013-02-09 03:26:08 |
Tyler Hicks |
attachment added |
|
audit_2.2.2-1ubuntu3.debdiff https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1026852/+attachment/3521690/+files/audit_2.2.2-1ubuntu3.debdiff |
|
| 2013-02-09 07:54:12 |
Launchpad Janitor |
audit (Ubuntu): status |
In Progress |
Fix Released |
|
