[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#797727: marked as done (openssh should be built with audit support on Linux)

Your message dated Thu, 10 Sep 2015 11:49:02 +0000
with message-id <E1Za0Le-0000Yt-FY@franck.debian.org>
and subject line Bug#797727: fixed in openssh 1:6.9p1-2
has caused the Debian Bug report #797727,
regarding openssh should be built with audit support on Linux
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
797727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797727
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh
Version: 1:6.9p1-1
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu wily ubuntu-patch

Dear Maintainer,

We've received a couple bugs in Ubuntu regarding the lack of support for
Linux Audit login event support:

  https://launchpad.net/bugs/1319278
  https://launchpad.net/bugs/1478087

The aulast and aureport tools do not work for sshd logins because
openssh is not built with audit support. This means that
AUDIT_USER_LOGIN events aren't logged by sshd so the Linux Audit tools
do not find login information in the audit log.

I've performed a test build of openssh, built with --with-audit=linux,
and verified that AUDIT_USER_LOGIN events are correctly logged:

  type=USER_LOGIN msg=audit(1441160388.221:321): pid=5751 uid=0 auid=1000 ses=11 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=10.1.8.1 addr=10.1.8.1 terminal=/dev/pts/7 res=success'

The aulast tool works as expected using the test openssh build:

  $ sudo aulast
  tyhicks  pts/7        10.1.8.1         Tue Sep  1 21:19   still logged in

I've attached a patch containing the simple changes needed to enable
audit support on Linux.

Thanks for considering the patch.

-- System Information:
Debian Release: jessie/sid
  APT prefers vivid-updates
  APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.19.0-26-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru openssh-6.9p1/debian/changelog openssh-6.9p1/debian/changelog
diff -Nru openssh-6.9p1/debian/control openssh-6.9p1/debian/control
--- openssh-6.9p1/debian/control	2015-08-20 04:34:45.000000000 -0500
+++ openssh-6.9p1/debian/control	2015-09-01 21:08:53.000000000 -0500
@@ -2,7 +2,7 @@
 Section: net
 Priority: standard
 Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4)
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libaudit-dev
 XS-Testsuite: autopkgtest
 Standards-Version: 3.9.6
 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
diff -Nru openssh-6.9p1/debian/rules openssh-6.9p1/debian/rules
--- openssh-6.9p1/debian/rules	2015-08-20 04:34:45.000000000 -0500
+++ openssh-6.9p1/debian/rules	2015-08-31 17:12:30.000000000 -0500
@@ -91,6 +91,7 @@
 confflags += --with-ssl-engine
 ifeq ($(DEB_HOST_ARCH_OS),linux)
 confflags += --with-selinux
+confflags += --with-audit=linux
 endif
 ifeq ($(DISTRIBUTOR),Ubuntu)
 confflags += --with-consolekit

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:6.9p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 797727@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 10 Sep 2015 12:26:11 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.9p1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 797727
Changes:
 openssh (1:6.9p1-2) unstable; urgency=medium
 .
   [ Colin Watson ]
   * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
     invocation onto a separate line to make it easier to copy and paste
     (LP: #1491532).
 .
   [ Tyler Hicks ]
   * Build with audit support on Linux (closes: #797727, LP: #1478087).
Checksums-Sha1:
 9ce2f514427e8e1dc1646ca98a76e3ece80b6417 2763 openssh_6.9p1-2.dsc
 6f4d338eda862b8d39c58970d5c84948c13f2288 152236 openssh_6.9p1-2.debian.tar.xz
 e4f762fd551d221c9bc53ef96f9866af846e98aa 275372 openssh-client-udeb_6.9p1-2_amd64.udeb
 20b276b7a82238fa903f8ef862bb2cccab7d9122 751090 openssh-client_6.9p1-2_amd64.deb
 05e8e02d8ea5cddbac72fe69d42a519c2f9024f5 291766 openssh-server-udeb_6.9p1-2_amd64.udeb
 bc38ba0cc92af79b1204574a4abb98836de320be 345054 openssh-server_6.9p1-2_amd64.deb
 d8ae7930e7d959dbccb1fcffd1720ad326cb538c 38026 openssh-sftp-server_6.9p1-2_amd64.deb
 70add1aebb32a7ba58a09d13f989243cf8638d99 172900 ssh-askpass-gnome_6.9p1-2_amd64.deb
 f944ba6cf59aa4e98caa4892bf2009d9113a4912 164906 ssh-krb5_6.9p1-2_all.deb
 610949c7c7035b773610fba209481bfee09255b5 165406 ssh_6.9p1-2_all.deb
Checksums-Sha256:
 bd908dbd3e50ed53e9d69468fdbe5b6323c45716c7af0d5c654537bda9784b29 2763 openssh_6.9p1-2.dsc
 d0b0e09635c742b58cb170fb71d23c18182c9345871f6e5a6c99d0cc523bcfb6 152236 openssh_6.9p1-2.debian.tar.xz
 4eac98b3da6c363eb0fb65254a3791aca1a2af3619f12f2fa920881ea15c42cb 275372 openssh-client-udeb_6.9p1-2_amd64.udeb
 8a6a1c15e6046da9c439166eb20418a44cbf136a76d1dfa7addcfe3c6df75352 751090 openssh-client_6.9p1-2_amd64.deb
 32083db5af54d1b138a532a41be21bf392483c2e133a45050f9cf16dc5302310 291766 openssh-server-udeb_6.9p1-2_amd64.udeb
 734b6c9a935222c32c3955e20623fd78acd49b430b79b4e16661c9124eac0147 345054 openssh-server_6.9p1-2_amd64.deb
 173dd9c70593cfb0f62e54c9d6fb78e92fe9475b2a7888d98c6dfd2b84be191e 38026 openssh-sftp-server_6.9p1-2_amd64.deb
 35cebc560159a3c3ac5773cb320d2eb440f22aaa788f575546fe7ec46a78a0d5 172900 ssh-askpass-gnome_6.9p1-2_amd64.deb
 28292ed4aeb021ad7b06e40d3e71398b2f1e9a237e85b97569ac0633c2b89a55 164906 ssh-krb5_6.9p1-2_all.deb
 60a8e83a4cf21a354fcfe56e23d8e8f609bc4e8e704b0e59e8ada17c2728a510 165406 ssh_6.9p1-2_all.deb
Files:
 e53cf064d6546788efb31a9338e63975 2763 net standard openssh_6.9p1-2.dsc
 390c37d806362f78bda08f64b90e2e6a 152236 net standard openssh_6.9p1-2.debian.tar.xz
 f261f32c18f5e533bdb9391bfe55d009 275372 debian-installer optional openssh-client-udeb_6.9p1-2_amd64.udeb
 040f88654425f7ec93a7d371d1d4e4a6 751090 net standard openssh-client_6.9p1-2_amd64.deb
 2ebbff648f9311395bdfac0f17cfc06f 291766 debian-installer optional openssh-server-udeb_6.9p1-2_amd64.udeb
 4f259afc5c449898d220752e01b32c9d 345054 net optional openssh-server_6.9p1-2_amd64.deb
 2ab0b710e43a66808b3a18d80e901d9d 38026 net optional openssh-sftp-server_6.9p1-2_amd64.deb
 10160b356f8db6cf3d19ab894ecd30f0 172900 gnome optional ssh-askpass-gnome_6.9p1-2_amd64.deb
 897057aff4f9aa6049bae67ef2ac67eb 164906 oldlibs extra ssh-krb5_6.9p1-2_all.deb
 c2b1612e4e799db7b05484e613d9e834 165406 net extra ssh_6.9p1-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVfFr+zk1h9l9hlALAQinKw//dmtLj0R1hIJ2Q3gsKm/zBpYWC8jlMfsv
no/oLZmPsG1ptW3h6RFLfONJHFaY6vtnUq3/hBQ+AhXHuPXvG3rF047Wcdl+K+Mv
+cxRnzhoF3+VZcDPPiUSkYhHgKrKFRw6dy56hbfrMr5UUDI26hTkRfdp+yAd4y0b
z17ROjDhKYO1wnUc/3yg7N9k0t1Le6GbM8Bdjt7STDTBqIddlwcW90gJHp44pASE
VOwoXkcun+4Yu61/NWCV1xvKAOdsuPPuIWOFOuRTh0s45WB2t4QhjUlLpafG+WP3
zv9LliTzCHBVQ3zxBPDkLiiJ5kbZ6k/0o3IxA3GDbDn5TpmE0tfEwxNYPLDGxiU5
AkCLG1WBxrnlWK1gallWWUJgugkIDXriTT3nomUvySQXnE0vLt1O0YOWSxvIo0yT
1QYD56Tp0MOZf6JZgzstpdJn5Bwe2JTFRvoaSOyCsJF0qH0hN9SlpzAi02dIWHLz
OGHdoApGpDXQk2Y7DOeeAraWIePi/VfMEHmks2S86Ku7tTMUw5OeoQOYOsLcVxGY
fR3yJWz6MbmXiDxYzkKd6g9hVq94wGpCYh7s13ObolWuIJd96F21caF4MT/Dar8H
wjWiSoc6NphwO/E+F8hF4xcLFje5RupDkMPipRDzGMu57m5RyYGUuLm1ETsjI0vZ
Vfs88Nvu2Nc=
=LFF/
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: