Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit update #1199

Draft
wants to merge 13 commits into
base: master
Choose a base branch
from
Draft

Audit update #1199

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
1a51b2f
lib/: group account actions definition
ikerexxe Jan 24, 2025
b2c8eff
lib/: update audit messages cleanup_group.c
ikerexxe Jan 24, 2025
7ef9252
lib/: update audit messages in cleanup_user.c
ikerexxe Jan 24, 2025
d5961cf
src/: update audit messages in chage.c
ikerexxe Jan 24, 2025
620107a
src/: update audit messages in groupadd.c
ikerexxe Jan 24, 2025
2f998da
src/: update audit messages in groupdel.c
ikerexxe Jan 24, 2025
46a4532
src/: update audit messages in groupmod.c
ikerexxe Jan 24, 2025
b53c48f
src/: update audit messages in newgrp.c
ikerexxe Jan 24, 2025
00fad2e
lib/: audit function for groups
ikerexxe Jan 24, 2025
c9e5d54
src/: update audit messages change in gpasswd.c
ikerexxe Jan 24, 2025
c655225
src:/ update audit messages in useradd.c
ikerexxe Jan 27, 2025
a39e4df
src/: update audit messages in userdel.c
ikerexxe Jan 27, 2025
6d9391c
src/: update audit messages in usermod.c
ikerexxe Jan 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/audit_help.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ void audit_help_open (void)
* This function will log a message to the audit system using a predefined
* message format. Parameter usage is as follows:
*
* type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
* type - type of message: AUDIT_USER_MGMT for changing any account
* attributes.
* pgname - program's name
* op - operation. "adding user", "changing finger info", "deleting group"
Expand Down
22 changes: 11 additions & 11 deletions lib/cleanup_group.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ void cleanup_report_mod_group (void *cleanup_info)
gr_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding

b2c8eff

You could move the filename in the subject to the prefix:

lib/cleanup_group.c: Update audit messages

Also, could you add some little explanation in the commit message of what this update is about?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding

b2c8eff

You could move the filename in the subject to the prefix:

lib/cleanup_group.c: Update audit messages

Or will you squash the commits? (I think it would make sense to squash them.)

info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
Expand All @@ -80,7 +80,7 @@ void cleanup_report_mod_gshadow (void *cleanup_info)
sgr_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
Expand All @@ -101,7 +101,7 @@ void cleanup_report_add_group_group (void *group_name)
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"adding group to /etc/group",
"adding-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
Expand All @@ -120,8 +120,8 @@ void cleanup_report_add_group_gshadow (void *group_name)

SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"adding group to /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
"adding-shadow-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
Expand All @@ -143,8 +143,8 @@ void cleanup_report_del_group_group (void *group_name)
"failed to remove group %s from %s",
name, gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"removing group from /etc/group",
audit_logger (AUDIT_DEL_GROUP, log_get_progname(),
"removing-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
Expand All @@ -166,8 +166,8 @@ void cleanup_report_del_group_gshadow (void *group_name)
"failed to remove group %s from %s",
name, sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"removing group from /etc/gshadow",
audit_logger (AUDIT_GRP_MGMT, log_get_progname(),
"removing-shadow-group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
Expand All @@ -187,7 +187,7 @@ void cleanup_unlock_group (MAYBE_UNUSED void *arg)
log_get_progname(), gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking group file",
audit_logger_message ("unlocking-group",
SHADOW_AUDIT_FAILURE);
#endif
}
Expand All @@ -207,7 +207,7 @@ void cleanup_unlock_gshadow (MAYBE_UNUSED void *arg)
log_get_progname(), sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking gshadow file",
audit_logger_message ("unlocking-gshadow",
SHADOW_AUDIT_FAILURE);
#endif
}
Expand Down
6 changes: 6 additions & 0 deletions lib/prototypes.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,12 @@ extern int audit_fd;
extern void audit_help_open (void);
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
#define AUDIT_NO_ID ((unsigned int) -1)
#ifndef AUDIT_GRP_MGMT
#define AUDIT_GRP_MGMT 1132 /* Group account was modified */
#endif
#ifndef AUDIT_GRP_CHAUTHTOK
#define AUDIT_GRP_CHAUTHTOK 1133 /* Group account password was changed */
#endif
Comment on lines +185 to +190
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason for those specific values?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They come from audit-records.h and probably they weren't available in all distributions when this patch was originally created (that happened years ago). I'm fine with removing this part of the patch as probably they will be available in all distributions.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please try removing them, and if builds everywhere, let's forget about them (and if not, reintroduce them).

typedef enum {
SHADOW_AUDIT_FAILURE = 0,
SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result;
Expand Down