rpms
/
util-linux
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-login audit stuff

This commit is contained in:
kzak 2005-10-17 14:09:59 +00:00
parent 35b20313b2
commit f0e1d6bb17
2 changed files with 112 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
util-linux-2.13-audit-login.patch Normal file
View File

@ -0,0 +1,101 @@
diff -ur util-linux-2.13-pre4.orig/login-utils/login.c util-linux-2.13-pre4/login-utils/login.c
--- util-linux-2.13-pre4.orig/login-utils/login.c 2005-10-14 13:59:08.000000000 -0400
+++ util-linux-2.13-pre4/login-utils/login.c 2005-10-14 15:43:54.000000000 -0400
@@ -106,6 +106,7 @@
#include <sys/syslog.h>
#include <sys/sysmacros.h>
#include <netdb.h>
+#include <libaudit.h>
#include "pathnames.h"
#include "my_crypt.h"
#include "login.h"
@@ -329,6 +330,7 @@
#ifdef LOGIN_CHOWN_VCS
char vcsn[20], vcsan[20];
#endif
+ int audit_fd;
pid = getpid();
@@ -545,11 +547,25 @@
(retcode == PAM_USER_UNKNOWN) ||
(retcode == PAM_CRED_INSUFFICIENT) ||
(retcode == PAM_AUTHINFO_UNAVAIL))) {
+ struct passwd *pw;
+ char buf[64];
pam_get_item(pamh, PAM_USER, (const void **) &username);
syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
failcount, hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
+ audit_fd = audit_open();
+ pw = getpwnam(username);
+ if (pw) {
+ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty_name, 0);
+ } else {
+ snprintf(buf, sizeof(buf), "acct=%s", username);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty_name, 0);
+ }
+ close(audit_fd);
fprintf(stderr,_("Login incorrect\n\n"));
pam_set_item(pamh,PAM_USER,NULL);
@@ -557,6 +573,8 @@
}
if (retcode != PAM_SUCCESS) {
+ struct passwd *pw;
+ char buf[64];
pam_get_item(pamh, PAM_USER, (const void **) &username);
if (retcode == PAM_MAXTRIES)
@@ -567,6 +585,18 @@
syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"),
hostname, username, pam_strerror(pamh, retcode));
logbtmp(tty_name, username, hostname);
+ audit_fd = audit_open();
+ pw = getpwnam(username);
+ if (pw) {
+ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty_name, 0);
+ } else {
+ snprintf(buf, sizeof(buf), "acct=%s", username);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty_name, 0);
+ }
+ close(audit_fd);
fprintf(stderr,_("\nLogin incorrect\n"));
pam_end(pamh, retcode);
@@ -908,6 +938,15 @@
#endif
#endif
}
+
+ {
+ char buf[32];
+ audit_fd = audit_open();
+ snprintf(buf, sizeof(buf), "uid=%d", pwd->pw_uid);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty_name, 1);
+ close(audit_fd);
+ }
dolastlog(quietlog);
diff -ur util-linux-2.13-pre4.orig/login-utils/Makefile.am util-linux-2.13-pre4/login-utils/Makefile.am
--- util-linux-2.13-pre4.orig/login-utils/Makefile.am 2005-10-14 13:59:08.000000000 -0400
+++ util-linux-2.13-pre4/login-utils/Makefile.am 2005-10-14 15:45:22.000000000 -0400
@@ -55,7 +55,7 @@
if HAVE_PAM
chfn_LDADD += -lpam -lpam_misc
chsh_LDADD += -lpam -lpam_misc
-login_LDADD += -lpam -lpam_misc
+login_LDADD += -lpam -lpam_misc -laudit
login_SOURCES = login.c
else
login_SOURCES = login.c checktty.c

15
util-linux.spec
View File

@ -27,7 +27,7 @@ BuildRoot: %{_tmppath}/%{name}-root
Summary: A collection of basic system utilities.
Name: util-linux
Version: 2.13
Release: 0.4.pre4
Release: 0.5.pre4
License: distributable
Group: System Environment/Base
@ -42,7 +42,7 @@ BuildRequires: texinfo
BuildRequires: gettext
BuildRequires: libselinux-devel
BuildRequires: e2fsprogs-devel >= 1.36
BuildRequires: audit-libs-devel
BuildRequires: audit-libs-devel >= 1.0.6
### Sources
# TODO [stable]: s/2.13-pre4/%{version}/
@ -63,6 +63,7 @@ Obsoletes: clock
Conflicts: initscripts <= 4.58, timeconfig <= 3.0.1
%endif
Requires: pam >= 0.66-4, /etc/pam.d/system-auth
Requires: audit-libs >= 1.0.6
Conflicts: kernel < 2.2.12-7,
Prereq: /sbin/install-info
Provides: mount = %{version}
@ -154,8 +155,10 @@ Patch212: util-linux-2.12p-floppy-generic.patch
# 168436 - login will attempt to run if it has no read/write access to its terminal
# 168434 - login's timeout can fail - needs to call siginterrupt(SIGALRM,1)
Patch213: util-linux-2.13-login-hang.patch
# 165253 losetup missing option -a [new feature]
# 165253 - losetup missing option -a [new feature]
Patch214: util-linux-2.13-losetup-all.patch
# 170564 - add audit message to login
Patch215: util-linux-2.13-audit-login.patch
# When adding patches, please make sure that it is easy to find out what bug # the
# patch fixes.
@ -225,6 +228,7 @@ cp %{SOURCE8} %{SOURCE9} .
%patch212 -p1
%patch213 -p1
%patch214 -p1
%patch215 -p1
%build
unset LINGUAS || :
@ -619,11 +623,14 @@ fi
/sbin/losetup
%changelog
* Mon Oct 17 2005 Karel Zak <kzak@redhat.com> 2.13-0.5.pre4
* fix #170564 - add audit message to login
* Fri Oct 7 2005 Karel Zak <kzak@redhat.com> 2.13-0.4.pre4
- fix #169628 - /usr/bin/floppy doesn't work with /dev/fd0
- fix #168436 - login will attempt to run if it has no read/write access to its terminal
- fix #168434 - login's timeout can fail - needs to call siginterrupt(SIGALRM,1)
- fix #165253 losetup missing option -a [new feature]
- fix #165253 - losetup missing option -a [new feature]
- update PAM files (replace pam_stack with new "include" PAM directive)
- remove kbdrate from src.rpm
- update to 2.13pre4