-- Problem Description --
We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to
ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login
info.
root@lakelp1:~# /etc/init.d/auditd status
* auditd is running.
Login Report
============================================
# date time auid host term exe success event
============================================
<no events of interest were found>
This looks like a bug in aureport or libaudit. In addition to giving admins falsely empty record selections, this would prevent successful completion of a Common Criteria certification.
-- Problem Description --
We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to
ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login
info.
root@lakelp1:~# /etc/init.d/auditd status
* auditd is running.
root@lakelp1:~# auditctl -e 1
AUDIT_STATUS: enabled=1 flag=1 pid=38784 rate_limit=0 backlog_limit=320 lost=12 backlog=1
root@lakelp1:~# grep -i login /var/log/ audit/audit. log 1437641256. 987:67) : pid=11752 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=4 res=1 1437642646. 478:85) : pid=44269 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=5 res=1 1437642700. 295:90) : pid=21504 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=6 res=1 1437642765. 339:104) : pid=16628 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=7 res=1 1437644638. 593:130) : pid=44443 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=8 res=1
type=LOGIN msg=audit(
type=LOGIN msg=audit(
type=LOGIN msg=audit(
type=LOGIN msg=audit(
type=LOGIN msg=audit(
root@lakelp1:~# aureport -l
Login Report ======= ======= ======= ======= ======= == ======= ======= ======= ======= ======= ==
=======
# date time auid host term exe success event
=======
<no events of interest were found>
This looks like a bug in aureport or libaudit. In addition to giving admins falsely empty record selections, this would prevent successful completion of a Common Criteria certification.