From b32f1200b45a73ae6eb5841bd7fcfff0a4a4b352 Mon Sep 17 00:00:00 2001 From: Jan F Date: Mon, 14 Mar 2011 16:20:20 +0100 Subject: [PATCH] improove ssh-ldap (documentation) --- openssh-5.8p1-audit1.patch | 10 +++++----- openssh-5.8p1-audit3.patch | 4 ++-- openssh-5.8p1-audit4.patch | 2 +- openssh-5.8p1-audit5.patch | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch index a4ac470..59713ea 100644 --- a/openssh-5.8p1-audit1.patch +++ b/openssh-5.8p1-audit1.patch @@ -271,16 +271,16 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c case SSH_AUTH_SUCCESS: - case SSH_CONNECTION_CLOSE: + linux_audit_user_auth(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 1, event); ++ get_remote_ipaddr(), "ssh", 1, event); + break; + case SSH_NOLOGIN: - case SSH_LOGIN_EXCEED_MAXTRIES: case SSH_LOGIN_ROOT_DENIED: + linux_audit_user_auth(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0, event); ++ get_remote_ipaddr(), "ssh", 0, event); + linux_audit_user_logxxx(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); ++ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); break; + case SSH_LOGIN_EXCEED_MAXTRIES: @@ -291,7 +291,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c case SSH_AUTH_FAIL_HOSTBASED: case SSH_AUTH_FAIL_GSSAPI: + linux_audit_user_auth(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0, event); ++ get_remote_ipaddr(), "ssh", 0, event); + break; + + case SSH_CONNECTION_CLOSE: @@ -309,7 +309,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c - linux_audit_record_event(-1, audit_username(), NULL, - get_remote_ipaddr(), "sshd", 0); + linux_audit_user_logxxx(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); ++ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); break; default: diff --git a/openssh-5.8p1-audit3.patch b/openssh-5.8p1-audit3.patch index 8cd142d..b486a9d 100644 --- a/openssh-5.8p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -121,7 +121,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + const static char *name[] = { "cipher", "mac", "comp" }; + int audit_fd; + -+ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d", ++ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ", + name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()), + get_local_port()); + audit_fd = audit_open(); @@ -144,7 +144,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + const static char *direction[] = { "from-server", "from-client", "both" }; + Cipher *cipher = cipher_by_name(enc); + -+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", ++ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ", + direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, + (intmax_t)pid, (intmax_t)uid, + get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index c191364..a8c959d 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -85,7 +85,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + -+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d", ++ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ", + direction[ctos], (intmax_t)pid, (intmax_t)uid, + get_remote_port(), + get_local_ipaddr(packet_get_connection_in()), diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index 3e4238a..76fa8db 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -85,7 +85,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + -+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd", ++ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd ", + fp, (intmax_t)pid, (intmax_t)uid); + audit_fd = audit_open(); + if (audit_fd < 0) { @@ -110,7 +110,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + -+ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=?", fp); ++ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=? ", fp); + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno != EINVAL && errno != EPROTONOSUPPORT &&