another audit improovements

This commit is contained in:
Jan F 2011-02-22 15:07:26 +01:00
parent c2b0098c73
commit 842f4397cd
4 changed files with 37 additions and 21 deletions

View File

@ -0,0 +1,15 @@
diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit1a 2011-02-22 14:42:30.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-22 14:47:03.000000000 +0100
@@ -199,6 +199,11 @@ audit_event(ssh_audit_event_t event)
break;
case SSH_CONNECTION_CLOSE:
+ if (user_login_count)
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
+ break;
+
case SSH_CONNECTION_ABANDON:
case SSH_INVALID_USER:
linux_audit_user_logxxx(-1, audit_username(), NULL,

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit2 2011-01-17 11:15:29.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-22 14:04:27.000000000 +0100
@@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li
/* not implemented */
}
@ -16,7 +16,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
{
diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit2 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-22 14:04:27.000000000 +0100
@@ -36,6 +36,7 @@
#include "key.h"
#include "hostfile.h"
@ -68,7 +68,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit2 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-22 14:04:27.000000000 +0100
@@ -28,6 +28,7 @@
# define _SSH_AUDIT_H
@ -86,8 +86,8 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit2 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 20:04:37.000000000 +0100
--- openssh-5.8p1/audit-linux.c.audit2 2011-02-22 14:04:27.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-22 14:05:28.000000000 +0100
@@ -41,6 +41,8 @@
#include "servconf.h"
#include "canohost.h"
@ -137,7 +137,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
/* Below is the sshd audit API code */
diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
--- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200
+++ openssh-5.8p1/auth2-hostbased.c 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/auth2-hostbased.c 2011-02-22 14:04:27.000000000 +0100
@@ -136,6 +136,18 @@ done:
return authenticated;
}
@ -159,7 +159,7 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
--- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100
+++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/auth2-pubkey.c 2011-02-22 14:04:27.000000000 +0100
@@ -177,6 +177,18 @@ done:
return authenticated;
}
@ -181,7 +181,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
{
diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
--- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200
+++ openssh-5.8p1/auth.h 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/auth.h 2011-02-22 14:04:27.000000000 +0100
@@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt
char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *);
@ -200,7 +200,7 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
--- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100
+++ openssh-5.8p1/auth-rsa.c 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/auth-rsa.c 2011-02-22 14:04:27.000000000 +0100
@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU
{
u_char buf[32], mdbuf[16];
@ -239,7 +239,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
/*
diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit2 2010-09-10 03:23:34.000000000 +0200
+++ openssh-5.8p1/monitor.c 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-22 14:04:27.000000000 +0100
@@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m)
if (!valid_data)
fatal("%s: bad signature data blob", __func__);

View File

@ -1,17 +1,18 @@
diff -up openssh-5.8p1/log.h.wIm openssh-5.8p1/log.h
--- openssh-5.8p1/log.h.wIm 2008-06-13 02:22:54.000000000 +0200
+++ openssh-5.8p1/log.h 2011-02-17 11:41:51.000000000 +0100
@@ -63,6 +63,7 @@ void verbose(const char *, ...) __at
+++ openssh-5.8p1/log.h 2011-02-22 09:21:58.000000000 +0100
@@ -63,6 +63,8 @@ void verbose(const char *, ...) __at
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
+void debug_wIm(const char *);
+void _debug_wIm_body(const char *, const char *);
+#define debug_wIm(a) _debug_wIm_body(a,__func__)
void do_log(LogLevel, const char *, va_list);
void cleanup_exit(int) __attribute__((noreturn));
diff -up openssh-5.8p1/Makefile.in.wIm openssh-5.8p1/Makefile.in
--- openssh-5.8p1/Makefile.in.wIm 2011-02-04 01:42:13.000000000 +0100
+++ openssh-5.8p1/Makefile.in 2011-02-17 11:44:05.000000000 +0100
+++ openssh-5.8p1/Makefile.in 2011-02-22 09:20:18.000000000 +0100
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
@ -23,7 +24,7 @@ diff -up openssh-5.8p1/Makefile.in.wIm openssh-5.8p1/Makefile.in
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
diff -up openssh-5.8p1/sshd.c.wIm openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.wIm 2011-01-11 07:20:31.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-17 11:41:51.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-22 09:20:18.000000000 +0100
@@ -139,6 +139,9 @@ int deny_severity;
extern char *__progname;
@ -60,15 +61,15 @@ diff -up openssh-5.8p1/sshd.c.wIm openssh-5.8p1/sshd.c
(void)set_auth_parameters(ac, av);
#endif
diff -up openssh-5.8p1/whereIam.c.wIm openssh-5.8p1/whereIam.c
--- openssh-5.8p1/whereIam.c.wIm 2011-02-17 11:41:51.000000000 +0100
+++ openssh-5.8p1/whereIam.c 2011-02-17 11:41:51.000000000 +0100
--- openssh-5.8p1/whereIam.c.wIm 2011-02-22 09:20:18.000000000 +0100
+++ openssh-5.8p1/whereIam.c 2011-02-22 09:24:01.000000000 +0100
@@ -0,0 +1,9 @@
+
+int whereIam = -1;
+
+void debug_wIm(const char *txt)
+void _debug_wIm_body(const char *txt, const char *func)
+{
+ debug("%s: %s wIm = %d, euid=%d", txt, __func__, whereIam, geteuid());
+ debug("%s: %s wIm = %d, uid=%d, euid=%d", txt, func, whereIam, getuid(), geteuid());
+}
+
+

View File

@ -71,7 +71,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.8p1
%define openssh_rel 5
%define openssh_rel 6
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 30
@ -616,7 +616,7 @@ fi
%endif
%changelog
* Mon Feb 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-5 + 0.9.2-30
* Tue Feb 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-6 + 0.9.2-30
- another audit improovements
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30