Do not attempt to pass hostnames to audit (inconsistency) (#1534577)
This commit is contained in:
parent
32dc9bd1cd
commit
f284c5eb83
@ -310,7 +310,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
|
|||||||
diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
||||||
--- openssh-7.6p1/audit-linux.c.audit 2017-10-02 21:34:26.000000000 +0200
|
--- openssh-7.6p1/audit-linux.c.audit 2017-10-02 21:34:26.000000000 +0200
|
||||||
+++ openssh-7.6p1/audit-linux.c 2017-10-04 17:18:32.835505053 +0200
|
+++ openssh-7.6p1/audit-linux.c 2017-10-04 17:18:32.835505053 +0200
|
||||||
@@ -33,25 +33,38 @@
|
@@ -33,27 +33,40 @@
|
||||||
|
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "audit.h"
|
#include "audit.h"
|
||||||
@ -337,7 +337,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
-linux_audit_record_event(int uid, const char *username, const char *hostname,
|
-linux_audit_record_event(int uid, const char *username, const char *hostname,
|
||||||
- const char *ip, const char *ttyn, int success)
|
- const char *ip, const char *ttyn, int success)
|
||||||
+static void
|
+static void
|
||||||
+linux_audit_user_logxxx(int uid, const char *username, const char *hostname,
|
+linux_audit_user_logxxx(int uid, const char *username,
|
||||||
+ const char *ip, const char *ttyn, int success, int event)
|
+ const char *ip, const char *ttyn, int success, int event)
|
||||||
{
|
{
|
||||||
int audit_fd, rc, saved_errno;
|
int audit_fd, rc, saved_errno;
|
||||||
@ -354,8 +354,11 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
|
- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
|
||||||
+ rc = audit_log_acct_message(audit_fd, event,
|
+ rc = audit_log_acct_message(audit_fd, event,
|
||||||
NULL, "login", username ? username : "(unknown)",
|
NULL, "login", username ? username : "(unknown)",
|
||||||
username == NULL ? uid : -1, hostname, ip, ttyn, success);
|
- username == NULL ? uid : -1, hostname, ip, ttyn, success);
|
||||||
|
+ username == NULL ? uid : -1, NULL, ip, ttyn, success);
|
||||||
saved_errno = errno;
|
saved_errno = errno;
|
||||||
|
close(audit_fd);
|
||||||
|
|
||||||
@@ -65,9 +78,97 @@ linux_audit_record_event(int uid, const
|
@@ -65,9 +78,97 @@ linux_audit_record_event(int uid, const
|
||||||
rc = 0;
|
rc = 0;
|
||||||
errno = saved_errno;
|
errno = saved_errno;
|
||||||
@ -369,7 +372,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
+
|
+
|
||||||
+static void
|
+static void
|
||||||
+linux_audit_user_auth(int uid, const char *username,
|
+linux_audit_user_auth(int uid, const char *username,
|
||||||
+ const char *hostname, const char *ip, const char *ttyn, int success, int event)
|
+ const char *ip, const char *ttyn, int success, int event)
|
||||||
+{
|
+{
|
||||||
+ int audit_fd, rc, saved_errno;
|
+ int audit_fd, rc, saved_errno;
|
||||||
+ static const char *event_name[] = {
|
+ static const char *event_name[] = {
|
||||||
@ -403,7 +406,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
+
|
+
|
||||||
+ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH,
|
+ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH,
|
||||||
+ NULL, event_name[event], username ? username : "(unknown)",
|
+ NULL, event_name[event], username ? username : "(unknown)",
|
||||||
+ username == NULL ? uid : -1, hostname, ip, ttyn, success);
|
+ username == NULL ? uid : -1, NULL, ip, ttyn, success);
|
||||||
+ saved_errno = errno;
|
+ saved_errno = errno;
|
||||||
+ close(audit_fd);
|
+ close(audit_fd);
|
||||||
+ /*
|
+ /*
|
||||||
@ -455,7 +458,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
/* Below is the sshd audit API code */
|
/* Below is the sshd audit API code */
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -76,24 +177,51 @@ audit_connection_from(const char *host,
|
@@ -76,24 +177,55 @@ audit_connection_from(const char *host,
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -465,21 +468,25 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
{
|
{
|
||||||
- /* not implemented */
|
- /* not implemented */
|
||||||
+ if (!user_login_count++)
|
+ if (!user_login_count++)
|
||||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||||
+ NULL, "ssh", 1, AUDIT_USER_LOGIN);
|
+ ssh_remote_ipaddr(active_state),
|
||||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
+ "ssh", 1, AUDIT_USER_LOGIN);
|
||||||
+ NULL, "ssh", 1, AUDIT_USER_START);
|
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||||
|
+ ssh_remote_ipaddr(active_state),
|
||||||
|
+ "ssh", 1, AUDIT_USER_START);
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+void
|
+void
|
||||||
+audit_end_command(int handle, const char *command)
|
+audit_end_command(int handle, const char *command)
|
||||||
+{
|
+{
|
||||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||||
+ NULL, "ssh", 1, AUDIT_USER_END);
|
+ ssh_remote_ipaddr(active_state),
|
||||||
|
+ "ssh", 1, AUDIT_USER_END);
|
||||||
+ if (user_login_count && !--user_login_count)
|
+ if (user_login_count && !--user_login_count)
|
||||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||||
+ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
|
+ ssh_remote_ipaddr(active_state),
|
||||||
|
+ "ssh", 1, AUDIT_USER_LOGOUT);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+void
|
+void
|
||||||
@ -496,9 +503,9 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
- fatal("linux_audit_write_entry failed: %s", strerror(errno));
|
- fatal("linux_audit_write_entry failed: %s", strerror(errno));
|
||||||
+ if (!user_login_count++)
|
+ if (!user_login_count++)
|
||||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||||
+ NULL, li->line, 1, AUDIT_USER_LOGIN);
|
+ li->line, 1, AUDIT_USER_LOGIN);
|
||||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||||
+ NULL, li->line, 1, AUDIT_USER_START);
|
+ li->line, 1, AUDIT_USER_START);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@ -506,10 +513,10 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
{
|
{
|
||||||
- /* not implemented */
|
- /* not implemented */
|
||||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||||
+ NULL, li->line, 1, AUDIT_USER_END);
|
+ li->line, 1, AUDIT_USER_END);
|
||||||
+ if (user_login_count && !--user_login_count)
|
+ if (user_login_count && !--user_login_count)
|
||||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||||
+ NULL, li->line, 1, AUDIT_USER_LOGOUT);
|
+ li->line, 1, AUDIT_USER_LOGOUT);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@ -518,16 +525,16 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
switch(event) {
|
switch(event) {
|
||||||
case SSH_AUTH_SUCCESS:
|
case SSH_AUTH_SUCCESS:
|
||||||
- case SSH_CONNECTION_CLOSE:
|
- case SSH_CONNECTION_CLOSE:
|
||||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
+ linux_audit_user_auth(-1, audit_username(),
|
||||||
+ ssh_remote_ipaddr(ssh), "ssh", 1, event);
|
+ ssh_remote_ipaddr(ssh), "ssh", 1, event);
|
||||||
+ break;
|
+ break;
|
||||||
+
|
+
|
||||||
case SSH_NOLOGIN:
|
case SSH_NOLOGIN:
|
||||||
- case SSH_LOGIN_EXCEED_MAXTRIES:
|
- case SSH_LOGIN_EXCEED_MAXTRIES:
|
||||||
case SSH_LOGIN_ROOT_DENIED:
|
case SSH_LOGIN_ROOT_DENIED:
|
||||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
+ linux_audit_user_auth(-1, audit_username(),
|
||||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, event);
|
+ ssh_remote_ipaddr(ssh), "ssh", 0, event);
|
||||||
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
+ linux_audit_user_logxxx(-1, audit_username(),
|
||||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
|
+ ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
|
||||||
break;
|
break;
|
||||||
+ case SSH_LOGIN_EXCEED_MAXTRIES:
|
+ case SSH_LOGIN_EXCEED_MAXTRIES:
|
||||||
@ -537,7 +544,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
case SSH_AUTH_FAIL_PUBKEY:
|
case SSH_AUTH_FAIL_PUBKEY:
|
||||||
case SSH_AUTH_FAIL_HOSTBASED:
|
case SSH_AUTH_FAIL_HOSTBASED:
|
||||||
case SSH_AUTH_FAIL_GSSAPI:
|
case SSH_AUTH_FAIL_GSSAPI:
|
||||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
+ linux_audit_user_auth(-1, audit_username(),
|
||||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, event);
|
+ ssh_remote_ipaddr(ssh), "ssh", 0, event);
|
||||||
+ break;
|
+ break;
|
||||||
+
|
+
|
||||||
@ -545,11 +552,11 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
+ if (user_login_count) {
|
+ if (user_login_count) {
|
||||||
+ while (user_login_count--)
|
+ while (user_login_count--)
|
||||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||||
+ session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
|
+ ssh_remote_ipaddr(ssh),
|
||||||
+ NULL, "ssh", 1, AUDIT_USER_END);
|
+ "ssh", 1, AUDIT_USER_END);
|
||||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||||
+ session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
|
+ ssh_remote_ipaddr(ssh),
|
||||||
+ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
|
+ "ssh", 1, AUDIT_USER_LOGOUT);
|
||||||
+ }
|
+ }
|
||||||
+ break;
|
+ break;
|
||||||
+
|
+
|
||||||
@ -557,7 +564,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
case SSH_INVALID_USER:
|
case SSH_INVALID_USER:
|
||||||
- linux_audit_record_event(-1, audit_username(), NULL,
|
- linux_audit_record_event(-1, audit_username(), NULL,
|
||||||
- ssh_remote_ipaddr(ssh), "sshd", 0);
|
- ssh_remote_ipaddr(ssh), "sshd", 0);
|
||||||
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
+ linux_audit_user_logxxx(-1, audit_username(),
|
||||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
|
+ ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
Loading…
Reference in New Issue
Block a user