[Ubuntu 15.04] Ubuntu should audit account modification events
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shadow (Ubuntu) |
Fix Released
|
High
|
Mathieu Trudel-Lapierre |
Bug Description
Ubuntu should log user modification events to the system audit trail (/var/log/
Steps to Verify:
- Install Ubuntu 14.04 on an x86_64 VM
- apt install auditd
- useradd testuser
- ausearch -i
Expected Results:
An audit record should be appended to the audit trail that indicates testuser was added.
Actual Results:
An appropriate audit event was not appended to the audit trail. A record is logged in /var/log/auth.log.
Discussion:
Auditable system events should be logged in the standard audit trail via the Linux audit subsystem. Doing so provides a central location where sysadmins can monitor security events. The Linux audit subsystem can be used to meet Common Criteria and compliance hardening standards requirements. OSPP v2.0 [https:/
Related branches
tags: | added: architecture-all bugnameltc-120769 severity-high targetmilestone-inin1504 |
affects: | ubuntu → audit (Ubuntu) |
Changed in audit (Ubuntu): | |
assignee: | nobody → Taco Screen team (taco-screen-team) |
tags: |
added: targetmilestone-inin1510 removed: targetmilestone-inin1504 |
Changed in audit (Ubuntu): | |
importance: | Undecided → High |
assignee: | Taco Screen team (taco-screen-team) → Mathieu Trudel-Lapierre (mathieu-tl) |
Looks like this is in fact an issue with shadow, which has its audit support disabled.