2015-07-24 16:50:24 |
bugproxy |
bug |
|
|
added bug |
2015-07-24 16:50:26 |
bugproxy |
tags |
|
architecture-ppc64le bugnameltc-127965 severity-critical targetmilestone-inin--- |
|
2015-07-24 16:58:54 |
Luciano Chavez |
affects |
ubuntu |
audit (Ubuntu) |
|
2015-07-24 16:58:54 |
Luciano Chavez |
audit (Ubuntu): assignee |
|
Taco Screen team (taco-screen-team) |
|
2015-07-24 17:02:01 |
bugproxy |
tags |
architecture-ppc64le bugnameltc-127965 severity-critical targetmilestone-inin--- |
architecture-ppc64le bugnameltc-127965 severity-critical targetmilestone-inin14043 |
|
2015-08-03 18:00:19 |
bugproxy |
tags |
architecture-ppc64le bugnameltc-127965 severity-critical targetmilestone-inin14043 |
architecture-ppc64le bugnameltc-127965 severity-high targetmilestone-inin1510 |
|
2015-09-01 00:05:38 |
Tyler Hicks |
bug task added |
|
openssh (Ubuntu) |
|
2015-09-01 00:05:53 |
Tyler Hicks |
bug task added |
|
lightdm (Ubuntu) |
|
2015-09-01 00:06:19 |
Tyler Hicks |
bug task added |
|
shadow (Ubuntu) |
|
2015-09-01 00:06:35 |
Tyler Hicks |
nominated for series |
|
Ubuntu Vivid |
|
2015-09-01 00:06:35 |
Tyler Hicks |
nominated for series |
|
Ubuntu Wily |
|
2015-09-01 00:06:35 |
Tyler Hicks |
nominated for series |
|
Ubuntu Trusty |
|
2015-09-01 09:54:46 |
Robie Basak |
bug |
|
|
added subscriber Michael Hohnbaum |
2015-09-02 01:54:55 |
Launchpad Janitor |
branch linked |
|
lp:~tyhicks/lightdm/auditing |
|
2015-09-02 02:31:21 |
Tyler Hicks |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797727 |
|
2015-09-11 01:33:30 |
Tyler Hicks |
bug task added |
|
shadow (Ubuntu Trusty) |
|
2015-09-11 01:33:30 |
Tyler Hicks |
bug task added |
|
openssh (Ubuntu Trusty) |
|
2015-09-11 01:33:30 |
Tyler Hicks |
bug task added |
|
audit (Ubuntu Trusty) |
|
2015-09-11 01:33:30 |
Tyler Hicks |
bug task added |
|
lightdm (Ubuntu Trusty) |
|
2015-09-11 01:33:51 |
Tyler Hicks |
bug task added |
|
shadow (Ubuntu Vivid) |
|
2015-09-11 01:33:51 |
Tyler Hicks |
bug task added |
|
openssh (Ubuntu Vivid) |
|
2015-09-11 01:33:51 |
Tyler Hicks |
bug task added |
|
audit (Ubuntu Vivid) |
|
2015-09-11 01:33:51 |
Tyler Hicks |
bug task added |
|
lightdm (Ubuntu Vivid) |
|
2015-09-11 01:33:58 |
Tyler Hicks |
bug task added |
|
shadow (Ubuntu Wily) |
|
2015-09-11 01:33:58 |
Tyler Hicks |
bug task added |
|
openssh (Ubuntu Wily) |
|
2015-09-11 01:33:58 |
Tyler Hicks |
bug task added |
|
audit (Ubuntu Wily) |
|
2015-09-11 01:33:58 |
Tyler Hicks |
bug task added |
|
lightdm (Ubuntu Wily) |
|
2015-09-11 01:35:01 |
Tyler Hicks |
bug task deleted |
audit (Ubuntu Trusty) |
|
|
2015-09-11 01:35:10 |
Tyler Hicks |
bug task deleted |
audit (Ubuntu Vivid) |
|
|
2015-09-11 01:35:21 |
Tyler Hicks |
bug task deleted |
audit (Ubuntu Wily) |
|
|
2015-09-11 01:35:37 |
Tyler Hicks |
audit (Ubuntu): status |
New |
Invalid |
|
2015-09-11 01:35:59 |
Tyler Hicks |
lightdm (Ubuntu Wily): status |
New |
Triaged |
|
2015-09-11 01:36:10 |
Tyler Hicks |
lightdm (Ubuntu Vivid): status |
New |
Triaged |
|
2015-09-11 01:36:20 |
Tyler Hicks |
lightdm (Ubuntu Trusty): status |
New |
Triaged |
|
2015-09-11 01:36:38 |
Tyler Hicks |
openssh (Ubuntu Trusty): status |
New |
Triaged |
|
2015-09-11 01:36:49 |
Tyler Hicks |
openssh (Ubuntu Vivid): status |
New |
Triaged |
|
2015-09-11 01:37:00 |
Tyler Hicks |
openssh (Ubuntu Wily): status |
New |
Triaged |
|
2015-09-11 01:37:34 |
Tyler Hicks |
shadow (Ubuntu Wily): status |
New |
Fix Released |
|
2015-09-11 01:37:45 |
Tyler Hicks |
shadow (Ubuntu Vivid): status |
New |
Triaged |
|
2015-09-11 01:37:55 |
Tyler Hicks |
shadow (Ubuntu Trusty): status |
New |
Triaged |
|
2015-09-11 11:51:24 |
Launchpad Janitor |
openssh (Ubuntu Wily): status |
Triaged |
Fix Released |
|
2015-09-16 17:28:05 |
Robert Ancell |
bug task added |
|
lightdm |
|
2015-09-16 17:28:21 |
Robert Ancell |
nominated for series |
|
lightdm/1.10 |
|
2015-09-16 17:28:21 |
Robert Ancell |
bug task added |
|
lightdm/1.10 |
|
2015-09-16 17:28:21 |
Robert Ancell |
nominated for series |
|
lightdm/1.2 |
|
2015-09-16 17:28:21 |
Robert Ancell |
bug task added |
|
lightdm/1.2 |
|
2015-09-16 17:28:21 |
Robert Ancell |
nominated for series |
|
lightdm/1.14 |
|
2015-09-16 17:28:21 |
Robert Ancell |
bug task added |
|
lightdm/1.14 |
|
2015-09-16 17:28:21 |
Robert Ancell |
nominated for series |
|
lightdm/1.16 |
|
2015-09-16 17:28:21 |
Robert Ancell |
bug task added |
|
lightdm/1.16 |
|
2015-09-16 17:28:54 |
Robert Ancell |
lightdm: importance |
Undecided |
Medium |
|
2015-09-16 17:28:54 |
Robert Ancell |
lightdm: status |
New |
Fix Committed |
|
2015-09-16 17:29:08 |
Robert Ancell |
lightdm: milestone |
|
1.17.0 |
|
2015-09-16 17:29:27 |
Robert Ancell |
lightdm/1.16: importance |
Undecided |
Medium |
|
2015-09-16 17:29:27 |
Robert Ancell |
lightdm/1.16: status |
New |
Fix Committed |
|
2015-09-16 17:29:27 |
Robert Ancell |
lightdm/1.16: milestone |
|
1.16.1 |
|
2015-09-16 17:29:43 |
Robert Ancell |
lightdm/1.2: importance |
Undecided |
Medium |
|
2015-09-16 17:29:43 |
Robert Ancell |
lightdm/1.2: status |
New |
Won't Fix |
|
2015-09-16 17:31:10 |
Launchpad Janitor |
branch linked |
|
lp:lightdm/1.14 |
|
2015-09-16 17:31:20 |
Robert Ancell |
lightdm/1.10: importance |
Undecided |
Medium |
|
2015-09-16 17:31:20 |
Robert Ancell |
lightdm/1.10: status |
New |
Triaged |
|
2015-09-16 17:31:20 |
Robert Ancell |
lightdm/1.10: milestone |
|
1.10.6 |
|
2015-09-16 17:31:35 |
Robert Ancell |
lightdm/1.10: status |
Triaged |
Fix Committed |
|
2015-09-16 17:32:05 |
Robert Ancell |
lightdm/1.14: importance |
Undecided |
Medium |
|
2015-09-16 17:32:05 |
Robert Ancell |
lightdm/1.14: status |
New |
Fix Committed |
|
2015-09-16 17:32:05 |
Robert Ancell |
lightdm/1.14: milestone |
|
1.14.3 |
|
2015-09-16 17:32:30 |
Robert Ancell |
lightdm (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2015-09-16 17:36:59 |
Robert Ancell |
lightdm (Ubuntu Vivid): importance |
Undecided |
Medium |
|
2015-09-16 17:37:11 |
Robert Ancell |
lightdm (Ubuntu Wily): importance |
Undecided |
Medium |
|
2015-09-16 17:48:25 |
Launchpad Janitor |
branch linked |
|
lp:lightdm/1.16 |
|
2015-09-16 17:49:30 |
Robert Ancell |
lightdm/1.16: status |
Fix Committed |
Fix Released |
|
2015-09-16 18:19:13 |
Launchpad Janitor |
branch linked |
|
lp:lightdm/1.10 |
|
2015-09-17 16:11:08 |
Launchpad Janitor |
lightdm (Ubuntu Wily): status |
Triaged |
Fix Released |
|
2015-09-17 16:55:44 |
Robert Ancell |
bug |
|
|
added subscriber Robert Ancell |
2015-10-16 10:49:01 |
Robert Ancell |
summary |
ISST-LTE: aureport -l couldn't print out login info on ubuntu 14.04.3 |
Add libaudit support |
|
2015-10-16 18:33:52 |
Steve Langasek |
audit (Ubuntu): assignee |
Taco Screen team (taco-screen-team) |
|
|
2015-10-19 17:51:35 |
bugproxy |
tags |
architecture-ppc64le bugnameltc-127965 severity-high targetmilestone-inin1510 |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 |
|
2015-10-28 02:34:33 |
Robert Ancell |
lightdm: status |
Fix Committed |
Fix Released |
|
2015-11-03 02:57:00 |
Robert Ancell |
lightdm/1.14: status |
Fix Committed |
Fix Released |
|
2016-01-13 19:15:24 |
Steve Langasek |
openssh (Ubuntu Trusty): assignee |
|
Mathieu Trudel-Lapierre (mathieu-tl) |
|
2016-01-13 19:15:56 |
Steve Langasek |
shadow (Ubuntu Trusty): assignee |
|
Mathieu Trudel-Lapierre (mathieu-tl) |
|
2016-01-22 18:35:37 |
Mathieu Trudel-Lapierre |
description |
-- Problem Description --
We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to
ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login
info.
root@lakelp1:~# /etc/init.d/auditd status
* auditd is running.
root@lakelp1:~# auditctl -e 1
AUDIT_STATUS: enabled=1 flag=1 pid=38784 rate_limit=0 backlog_limit=320 lost=12 backlog=1
root@lakelp1:~# grep -i login /var/log/audit/audit.log
type=LOGIN msg=audit(1437641256.987:67): pid=11752 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=4 res=1
type=LOGIN msg=audit(1437642646.478:85): pid=44269 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=5 res=1
type=LOGIN msg=audit(1437642700.295:90): pid=21504 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=6 res=1
type=LOGIN msg=audit(1437642765.339:104): pid=16628 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=7 res=1
type=LOGIN msg=audit(1437644638.593:130): pid=44443 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=8 res=1
root@lakelp1:~# aureport -l
Login Report
============================================
# date time auid host term exe success event
============================================
<no events of interest were found>
This looks like a bug in aureport or libaudit. In addition to giving admins falsely empty record selections, this would prevent successful completion of a Common Criteria certification. |
[Impact]
Auditing support is a commonly used feature in large enterprises, and allows better tracking of actions happening on secured systems, especially when it comes to accounting for login events.
Such systems fail to correctly list login events in aureport due to some software not integrating libaudit.
[Test Case]
1) Install auditd
2) Login to the system multiple times (or allow for others to connect to the system)
3) Run aureport -l
System should list login information.
[Regression Potential]
There is minimal risk for issues since libaudit support only allows for generating extra logging saved on the local system. A possible side-effect of this may be that systems on which auditing is enabled and where there are many users of the affected software (see bug tasks), such as many logins over SSH, there may be an increased demand on disk space necessary for the auditing data.
---
-- Problem Description --
We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to
ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login
info.
root@lakelp1:~# /etc/init.d/auditd status
* auditd is running.
root@lakelp1:~# auditctl -e 1
AUDIT_STATUS: enabled=1 flag=1 pid=38784 rate_limit=0 backlog_limit=320 lost=12 backlog=1
root@lakelp1:~# grep -i login /var/log/audit/audit.log
type=LOGIN msg=audit(1437641256.987:67): pid=11752 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=4 res=1
type=LOGIN msg=audit(1437642646.478:85): pid=44269 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=5 res=1
type=LOGIN msg=audit(1437642700.295:90): pid=21504 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=6 res=1
type=LOGIN msg=audit(1437642765.339:104): pid=16628 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=7 res=1
type=LOGIN msg=audit(1437644638.593:130): pid=44443 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=8 res=1
root@lakelp1:~# aureport -l
Login Report
============================================
# date time auid host term exe success event
============================================
<no events of interest were found>
This looks like a bug in aureport or libaudit. In addition to giving admins falsely empty record selections, this would prevent successful completion of a Common Criteria certification. |
|
2016-01-27 00:46:31 |
Steve Langasek |
shadow (Ubuntu Trusty): status |
Triaged |
Fix Committed |
|
2016-01-27 00:46:37 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2016-01-27 00:46:40 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
2016-01-27 00:46:45 |
Steve Langasek |
tags |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 verification-needed |
|
2016-01-27 01:32:22 |
Steve Langasek |
openssh (Ubuntu Trusty): status |
Triaged |
Fix Committed |
|
2016-02-01 11:26:23 |
Breno Leitão |
tags |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 verification-needed |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 verification-failed |
|
2016-02-02 03:07:43 |
Mathew Hodson |
bug task deleted |
audit (Ubuntu) |
|
|
2016-02-02 03:21:00 |
Mathew Hodson |
openssh (Ubuntu): importance |
Undecided |
Medium |
|
2016-02-02 03:21:22 |
Mathew Hodson |
shadow (Ubuntu): importance |
Undecided |
Medium |
|
2016-02-02 03:22:26 |
Mathew Hodson |
openssh (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2016-02-02 03:22:40 |
Mathew Hodson |
openssh (Ubuntu Vivid): importance |
Undecided |
Low |
|
2016-02-02 03:22:52 |
Mathew Hodson |
openssh (Ubuntu Wily): importance |
Undecided |
Medium |
|
2016-02-02 03:23:03 |
Mathew Hodson |
shadow (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2016-02-02 03:23:15 |
Mathew Hodson |
shadow (Ubuntu Wily): importance |
Undecided |
Medium |
|
2016-02-02 03:27:37 |
Mathew Hodson |
shadow (Ubuntu Vivid): importance |
Undecided |
Low |
|
2016-02-02 03:28:57 |
Mathew Hodson |
bug task added |
|
openssh (Debian) |
|
2016-02-02 03:30:53 |
Mathieu Trudel-Lapierre |
tags |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 verification-failed |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 verification-needed |
|
2016-02-02 21:37:09 |
Bug Watch Updater |
openssh (Debian): status |
Unknown |
Fix Released |
|
2016-02-03 00:41:18 |
Mathieu Trudel-Lapierre |
attachment added |
|
trusty-auditd.txt https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1478087/+attachment/4562606/+files/trusty-auditd.txt |
|
2016-02-03 00:47:15 |
Mathieu Trudel-Lapierre |
tags |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 verification-needed |
architecture-ppc64le bugnameltc-127965 severity-medium targetmilestone-inin1510 verification-done |
|
2016-02-04 22:54:55 |
Launchpad Janitor |
shadow (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2016-02-04 22:55:01 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2016-02-04 23:06:25 |
Launchpad Janitor |
openssh (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2017-01-10 17:26:47 |
Mathieu Trudel-Lapierre |
shadow (Ubuntu Vivid): status |
Triaged |
Won't Fix |
|
2017-01-10 17:27:02 |
Mathieu Trudel-Lapierre |
openssh (Ubuntu Vivid): status |
Triaged |
Won't Fix |
|
2017-01-10 17:27:16 |
Mathieu Trudel-Lapierre |
lightdm (Ubuntu Vivid): status |
Triaged |
Won't Fix |
|