Bug#334445: kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#334445: kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Mon, 17 Oct 2005 23:22:02 +0100
Message-id: <[🔎] E1ERdMo-0004Gk-CF@lkcl.net>
Reply-to: Luke Kenneth Casson Leighton <lkcl@lkcl.net>, 334445@bugs.debian.org

Package: kernel-image-2.6.12-1-686
Severity: normal

on selinux mailing list, copy of message from russell coker:

On Tuesday 18 October 2005 02:39, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > (In or out of enforcing mode).  What's the best way for me to get
> > the kernel to log the appropriate messages somewhere?
>
> In 2.6, SELinux was converted over to using the native kernel audit
> subsystem for logging its denials.  So:
> - Does your kernel have auditing enabled (CONFIG_AUDIT=y)?  If not, time
> to rebuild your kernel.

The Debian kernel binary packages are built with SE Linux enabled but auditing
disabled.  I have sent several messages to the relevant people about this
matter and had no positive response.  Several 2.6.x kernels have been
released in this state.

> - Are you running auditd?  If so, look in /var/log/audit/audit.log or
> wherever /etc/auditd.conf directs audit messages.  If not, look
> in /var/log/messages or wherever /etc/syslog.conf directs kern.warn
> messages.

auditd is not yet packaged for Debian.  The first person to volunteer gave up
because it was too difficult.  I gave it a go but found that the kernel
headers packaged with Debian did not support the interfaces needed by auditd
(this was my impression at the time and I'm going from memory - this
statement may not be entirely correct).  When I get back from AUUG2005 I'll
give it another go.

Incidentally being able to build from the standard headers is a requirement
for Debian.  All Debian packages get automatically built for architectures
other than the one used for the initial build, so the headers in question
need to be installed in all build machines.  I could hack the compile process
for i386 but not for all the rest (I tried it before in the old-selinux days
and it wasn't fun).

--
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.12-1-686 #1 Wed Jul 20 22:07:17 UTC 2005 i686
Locale: LANG=C, LC_CTYPE=C

Reply to:

Follow-Ups:
- Bug#334445: marked as done (kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Bug#333858: Proposed improved patch for yaird
Next by Date: Processed: Re: Bug#334445: kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces
Previous by thread: Processed: merge
Next by thread: Bug#334445: marked as done (kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces)
Index(es):
- Date
- Thread