bugzilla-daemon at bugzilla.mindrot.org
2007-Dec-12 08:43 UTC
[Bug 1402] New: [RFE] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Summary: [RFE] Support auditing through Linux Audit subsystem
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: t8m at centrum.cz
Created an attachment (id=1396)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1396)
Proposed patch
The attached patch adds support for auditing through the Linux Audit
subsystem. The patch is included in Fedora and RHEL builds of OpenSSH.
It was written by Steve Grubb, I did some small adjustments to it too.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Dec-12 12:42 UTC
[Bug 1402] [RFE] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2007-12-12
23:42:18 ---
Is there any reason you did not use the existing audit framework in
audit.c rather than adding new code in the mainline? Also, what's the
purpose of the "hexescape" code, and could strnvis be used for this
purpose instead?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Dec-12 16:20 UTC
[Bug 1402] [RFE] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #2 from Tomas Mraz <t8m at centrum.cz> 2007-12-13 03:20:41 --- (In reply to comment #1)> Is there any reason you did not use the existing audit framework in > audit.c rather than adding new code in the mainline? Also, what's theThe patch is rather old and it was originaly written for openssh-3.9p1 I think. But you're right that it should be rewritten to use the audit.c framework.> purpose of the "hexescape" code, and could strnvis be used for this > purpose instead?The escaping in Linux Audit is different from strnvis - either the whole string is escaped by using hexadecimal numbers or it starts and ends with '"' character. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Dec-21 01:25 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[RFE] Support auditing |Support auditing through
|through Linux Audit |Linux Audit subsystem
|subsystem |
Severity|normal |enhancement
CC| |djm at mindrot.org
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-01 07:44 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jchadima at redhat.com
--- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2009-09-01
17:44:10 EST ---
*** Bug 1642 has been marked as a duplicate of this bug. ***
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Sep-25 18:50 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1396|0 |1
is obsolete| |
--- Comment #4 from jchadima at redhat.com 2010-09-26 04:50:35 EST ---
Created attachment 1930
--> https://bugzilla.mindrot.org/attachment.cgi?id=1930
Patch using the ssh_audit subsystem
Finally I got the time to rewrite the patch, can anybody review it?
Please.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-01 07:33 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1930|0 |1
is obsolete| |
--- Comment #5 from jchadima at redhat.com 2010-10-01 17:33:04 EST ---
Created attachment 1931
--> https://bugzilla.mindrot.org/attachment.cgi?id=1931
improoved patch
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-04 09:57 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|4.7p1 |5.6p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-12 02:54 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1803
--- Comment #6 from Darren Tucker <dtucker at zip.com.au> 2010-10-12
13:54:10 EST ---
Thanks, this looks pretty good, target 5.7.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-12 03:20 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #7 from Darren Tucker <dtucker at zip.com.au> 2010-10-12 14:20:29 EST --- Comment on attachment 1931 --> https://bugzilla.mindrot.org/attachment.cgi?id=1931 improoved patch>+/* #pragma ident "@(#)audit-linux.c 1.1 01/09/17 SMI" */It looks like this file was originally based on the Sun-copyright audit-bsm.c. That said, it looks like none of the original Sun code remains.>+ else >+ return 0; /* Must prevent login */whitespace.>+ if (rc >= 0) >+ return 1; >+ else >+ return 0;return(rc >= 0); ?>+ if (linux_audit_record_event(li->uid, NULL, li->hostname, >+ NULL, li->line, 1) == 0)indenting wrong (see http://www.openbsd.org/cgi-bin/man.cgi?query=style for the guidelines).>+ fatal("linux_audit_write_entry failed: %s", strerror(errno));the close() call in linux_audit_record_event() can reset errno, so if you're relying on what audit_log_acct_message sets you should save errno and restore it.> AUDIT_MODULE=none > AC_ARG_WITH(audit, >- [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], >+ [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm,linux)],I'm removing the EXPERIMENTAL tag as BSM has been in for years.>- audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \ >+ audit.o audit-bsm.o audit-linux.o platform.o sftp-server.o sftp-common.o \I'm moving the audit bits to a line on its own just for ease of maintenance. Will attach an updated patch shortly. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-12 03:35 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1931|0 |1
is obsolete| |
--- Comment #8 from Darren Tucker <dtucker at zip.com.au> 2010-10-12
14:35:37 EST ---
Created attachment 1934
--> https://bugzilla.mindrot.org/attachment.cgi?id=1934
clean up patch some more
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-26 02:13 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #9 from jchadima at redhat.com 2010-10-26 13:13:07 EST --- Created attachment 1939 --> https://bugzilla.mindrot.org/attachment.cgi?id=1939 aditinal patch fr auditing authrized keys usage -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-26 02:18 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #10 from jchadima at redhat.com 2010-10-26 13:18:22 EST --- Attached anther patch component, which allow to audit authorized keys usage. The key type, size and fingerprint are logged in the case of successful authorization using authorized (user) keys. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Oct-26 14:50 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1939|0 |1
is obsolete| |
--- Comment #11 from jchadima at redhat.com 2010-10-27 01:50:00 EST ---
Created attachment 1940
--> https://bugzilla.mindrot.org/attachment.cgi?id=1940
Aditional patch for auditing authorized keys usage
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-02 11:55 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1940|0 |1
is obsolete| |
--- Comment #12 from jchadima at redhat.com 2010-11-02 22:55:34 EST ---
Created attachment 1942
--> https://bugzilla.mindrot.org/attachment.cgi?id=1942
Aditional patch for auditing authorized keys usage
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-02 20:17 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1942|0 |1
is obsolete| |
--- Comment #13 from jchadima at redhat.com 2010-11-03 07:17:36 EST ---
Created attachment 1943
--> https://bugzilla.mindrot.org/attachment.cgi?id=1943
Aditional patch for auditing authorized keys usage
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-03 13:39 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #14 from jchadima at redhat.com 2010-11-04 00:39:43 EST --- Created attachment 1945 --> https://bugzilla.mindrot.org/attachment.cgi?id=1945 Aditional patch for auditing protocol negotiation results -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-04 23:15 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1934| |ok?(djm at mindrot.org)
Flags| |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-05 09:31 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1943|0 |1
is obsolete| |
--- Comment #15 from jchadima at redhat.com 2010-11-05 20:31:09 EST ---
Created attachment 1950
--> https://bugzilla.mindrot.org/attachment.cgi?id=1950
Aditional patch for auditing authorized keys usage
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-05 15:03 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1950|0 |1
is obsolete| |
--- Comment #16 from jchadima at redhat.com 2010-11-06 02:03:49 EST ---
Created attachment 1951
--> https://bugzilla.mindrot.org/attachment.cgi?id=1951
Aditional patch for auditing (user and host) authorized keys usage
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-05 15:04 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1945|0 |1
is obsolete| |
--- Comment #17 from jchadima at redhat.com 2010-11-06 02:04:52 EST ---
Created attachment 1952
--> https://bugzilla.mindrot.org/attachment.cgi?id=1952
Aditional patch for auditing protocol negotiation results
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-05 15:08 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #18 from jchadima at redhat.com 2010-11-06 02:08:38 EST --- Add the possibility to audit host based keys to the additional patch for audit authorized keys usage. Update the audit protocol negotiation patch to match with the authorized keys patch. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-11 11:29 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1951|0 |1
is obsolete| |
--- Comment #19 from jchadima at redhat.com 2010-11-11 22:29:28 EST ---
Created attachment 1954
--> https://bugzilla.mindrot.org/attachment.cgi?id=1954
Aditional patch for auditing (user and host) authorized keys usage
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-18 12:33 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Ludwig Nussel <ludwig.nussel at suse.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ludwig.nussel at suse.de
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Dec-11 06:16 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #20 from jchadima at redhat.com 2010-12-11 17:16:20 EST --- Created attachment 1974 --> https://bugzilla.mindrot.org/attachment.cgi?id=1974 Please add this to "clean up patch some more" This little add on repairs the reviewed patch. Without it the sshd cannot be run as non root user. Please add it to 5.7 also. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Dec-11 06:19 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1954|0 |1
is obsolete| |
--- Comment #21 from jchadima at redhat.com 2010-12-11 17:19:00 EST ---
Created attachment 1975
--> https://bugzilla.mindrot.org/attachment.cgi?id=1975
Aditional patch for auditing (user and host) authorized keys usage
Improve the patch. Enable the sshd run as non root user.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Dec-11 06:21 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1952|0 |1
is obsolete| |
--- Comment #22 from jchadima at redhat.com 2010-12-11 17:21:07 EST ---
Created attachment 1976
--> https://bugzilla.mindrot.org/attachment.cgi?id=1976
Aditional patch for auditing protocol negotiation results
Improve the patch, enable run sshd as mnon root user, enable rekeying.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-17 00:52 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1934|0 |1
is obsolete| |
Attachment #1974|0 |1
is obsolete| |
Attachment #1934|ok?(djm at mindrot.org) |
Flags| |
Attachment #1981| |ok?(djm at mindrot.org)
Flags| |
--- Comment #23 from Darren Tucker <dtucker at zip.com.au> 2011-01-17
11:52:20 EST ---
Created attachment 1981
--> https://bugzilla.mindrot.org/attachment.cgi?id=1981
base linux audit support (combined #1934 and #1974)
This is the base-level audit support which I intend to put in for 5.7.
I think the additional auditing capabilities/code needs further review.
I changed the root-check to geteuid() and moved it to before the errno
restore in case geteuid messes with errno (unlikely).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-17 01:37 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1981|ok?(djm at mindrot.org) |ok+
Flags| |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-17 10:16 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1981|0 |1
is obsolete| |
--- Comment #24 from Darren Tucker <dtucker at zip.com.au> 2011-01-17
21:16:40 EST ---
Comment on attachment 1981
--> https://bugzilla.mindrot.org/attachment.cgi?id=1981
base linux audit support (combined #1934 and #1974)
thanks, patch #1981 has been committed and will be in the 5.7p1
release. We'll look at the other parts next release.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 01:30 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|1803 |
--- Comment #25 from Damien Miller <djm at mindrot.org> 2011-01-24
12:30:47 EST ---
Retarget unclosed bugs from 5.7=>5.8
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 01:31 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1845
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:44 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #26 from jchadima at redhat.com 2011-03-17 20:44:17 EST --- Created attachment 2010 --> https://bugzilla.mindrot.org/attachment.cgi?id=2010 patch removing duplicate audit -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:47 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #27 from jchadima at redhat.com 2011-03-17 20:47:08 EST --- Created attachment 2011 --> https://bugzilla.mindrot.org/attachment.cgi?id=2011 patch for better audit of user actions -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:48 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #28 from jchadima at redhat.com 2011-03-17 20:48:49 EST --- Created attachment 2012 --> https://bugzilla.mindrot.org/attachment.cgi?id=2012 patch adding logging the key based authentzations -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:50 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #29 from jchadima at redhat.com 2011-03-17 20:50:09 EST --- Created attachment 2013 --> https://bugzilla.mindrot.org/attachment.cgi?id=2013 patch adding results of the kex exchange -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:51 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #30 from jchadima at redhat.com 2011-03-17 20:51:36 EST --- Created attachment 2014 --> https://bugzilla.mindrot.org/attachment.cgi?id=2014 patch adding audit of session key destruction -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:52 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #31 from jchadima at redhat.com 2011-03-17 20:52:41 EST --- Created attachment 2015 --> https://bugzilla.mindrot.org/attachment.cgi?id=2015 patch adding audit of server kay destruction -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:55 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #32 from jchadima at redhat.com 2011-03-17 20:55:29 EST --- upload new patch set for linux audit (and general audit also) the patchset depends on bz#1879 fingerprint patch -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-17 09:55 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |1879
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Apr-12 05:33 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Bug 1402 depends on bug 1879, which changed state.
Bug 1879 Summary: After sigterm sshd should exit with exit status 0
https://bugzilla.mindrot.org/show_bug.cgi?id=1879
What |Old Value |New Value
----------------------------------------------------------------------------
Resolution| |FIXED
Status|NEW |RESOLVED
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-20 21:23 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Petr Cerny [:hrosik] <pcerny at suse.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pcerny at suse.cz
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:34 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1930
--- Comment #33 from Damien Miller <djm at mindrot.org> 2011-09-06
10:34:11 EST ---
Retarget unresolved bugs/features to 6.0 release
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:36 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #34 from Damien Miller <djm at mindrot.org> 2011-09-06 10:36:25 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:38 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|1845 |
--- Comment #35 from Damien Miller <djm at mindrot.org> 2011-09-06
10:38:59 EST ---
Retarget unresolved bugs/features to 6.0 release
(try again - bugzilla's "change several" isn't)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-12 08:18 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #36 from jchadima at redhat.com 2011-09-12 18:18:21 EST --- Current patch set (especially audit of session key destruction) does not work with openssh-5.9p1. I'm preparing the improved patches. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:39 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2010|0 |1
is obsolete| |
--- Comment #37 from jchadima at redhat.com 2011-09-18 12:39:10 EST ---
Created attachment 2085
--> https://bugzilla.mindrot.org/attachment.cgi?id=2085
00 remving duplicate audit suitable for 5.9p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:43 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2011|0 |1
is obsolete| |
--- Comment #38 from jchadima at redhat.com 2011-09-18 12:43:03 EST ---
Created attachment 2086
--> https://bugzilla.mindrot.org/attachment.cgi?id=2086
01 better audit of user actions suitable for 5.9p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:45 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1975|0 |1
is obsolete| |
Attachment #2012|0 |1
is obsolete| |
--- Comment #39 from jchadima at redhat.com 2011-09-18 12:45:26 EST ---
Created attachment 2087
--> https://bugzilla.mindrot.org/attachment.cgi?id=2087
02 log the key based authentications suitable for 5.9p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:47 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1976|0 |1
is obsolete| |
Attachment #2013|0 |1
is obsolete| |
--- Comment #40 from jchadima at redhat.com 2011-09-18 12:47:25 EST ---
Created attachment 2088
--> https://bugzilla.mindrot.org/attachment.cgi?id=2088
03 audit protocol negotition results suitable for 5.9p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:48 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2014|0 |1
is obsolete| |
--- Comment #41 from jchadima at redhat.com 2011-09-18 12:48:32 EST ---
Created attachment 2089
--> https://bugzilla.mindrot.org/attachment.cgi?id=2089
04 audit session key destruction suitable for 5.9p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:49 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2015|0 |1
is obsolete| |
--- Comment #42 from jchadima at redhat.com 2011-09-18 12:49:50 EST ---
Created attachment 2090
--> https://bugzilla.mindrot.org/attachment.cgi?id=2090
05 audit server key destruction suitable for 5.9p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:51 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #43 from jchadima at redhat.com 2011-09-18 12:51:04 EST --- The status of the bug was updated for the openssh 5.9p1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-18 02:53 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
jchadima at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |1872
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-19 00:08 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #44 from Damien Miller <djm at mindrot.org> 2011-09-19 10:08:07 EST --- (In reply to comment #42)> Created attachment 2090 [details] > 05 audit server key destruction suitable for 5.9p1I don't see the point of this one at all. Should every bzero() be an audit event? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-19 07:33 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402 --- Comment #45 from jchadima at redhat.com 2011-09-19 17:33:05 EST --- Of course not :) These particular cases are required to meet common criteria. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-25 05:26 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Jan F. Chadima <jfch at jagda.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jfch at jagda.eu
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-23 23:34 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1986
--- Comment #46 from Damien Miller <djm at mindrot.org> 2012-02-24
10:34:19 EST ---
Retarget from 6.0 to 6.1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-23 23:37 UTC
[Bug 1402] Support auditing through Linux Audit subsystem
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|1930 |
--- Comment #47 from Damien Miller <djm at mindrot.org> 2012-02-24
10:37:57 EST ---
Retarget 6.0 => 6.1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Seemingly Similar Threads
- [Bug 1642] New: Add user login auditing
- [Bug 1889] New: bug in packet.c sometimes cause segfault
- [Bug 1891] New: selinux policy does not like to exec passwd from sshd directly
- [Bug 1663] New: Allow to use agent for distribution of public keys.
- [Bug 1614] New: ssh-copy-id doesn't seem to set correct selinux permissions