From f0e1d6bb1765c2d34c575bb732be8529a5758df6 Mon Sep 17 00:00:00 2001 From: kzak Date: Mon, 17 Oct 2005 14:09:59 +0000 Subject: [PATCH] -login audit stuff --- util-linux-2.13-audit-login.patch | 101 ++++++++++++++++++++++++++++++ util-linux.spec | 15 +++-- 2 files changed, 112 insertions(+), 4 deletions(-) create mode 100644 util-linux-2.13-audit-login.patch diff --git a/util-linux-2.13-audit-login.patch b/util-linux-2.13-audit-login.patch new file mode 100644 index 0000000..ca88bdc --- /dev/null +++ b/util-linux-2.13-audit-login.patch @@ -0,0 +1,101 @@ +diff -ur util-linux-2.13-pre4.orig/login-utils/login.c util-linux-2.13-pre4/login-utils/login.c +--- util-linux-2.13-pre4.orig/login-utils/login.c 2005-10-14 13:59:08.000000000 -0400 ++++ util-linux-2.13-pre4/login-utils/login.c 2005-10-14 15:43:54.000000000 -0400 +@@ -106,6 +106,7 @@ + #include + #include + #include ++#include + #include "pathnames.h" + #include "my_crypt.h" + #include "login.h" +@@ -329,6 +330,7 @@ + #ifdef LOGIN_CHOWN_VCS + char vcsn[20], vcsan[20]; + #endif ++ int audit_fd; + + pid = getpid(); + +@@ -545,11 +547,25 @@ + (retcode == PAM_USER_UNKNOWN) || + (retcode == PAM_CRED_INSUFFICIENT) || + (retcode == PAM_AUTHINFO_UNAVAIL))) { ++ struct passwd *pw; ++ char buf[64]; + pam_get_item(pamh, PAM_USER, (const void **) &username); + + syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"), + failcount, hostname, username, pam_strerror(pamh, retcode)); + logbtmp(tty_name, username, hostname); ++ audit_fd = audit_open(); ++ pw = getpwnam(username); ++ if (pw) { ++ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid); ++ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, ++ buf, hostname, NULL, tty_name, 0); ++ } else { ++ snprintf(buf, sizeof(buf), "acct=%s", username); ++ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, ++ buf, hostname, NULL, tty_name, 0); ++ } ++ close(audit_fd); + + fprintf(stderr,_("Login incorrect\n\n")); + pam_set_item(pamh,PAM_USER,NULL); +@@ -557,6 +573,8 @@ + } + + if (retcode != PAM_SUCCESS) { ++ struct passwd *pw; ++ char buf[64]; + pam_get_item(pamh, PAM_USER, (const void **) &username); + + if (retcode == PAM_MAXTRIES) +@@ -567,6 +585,18 @@ + syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"), + hostname, username, pam_strerror(pamh, retcode)); + logbtmp(tty_name, username, hostname); ++ audit_fd = audit_open(); ++ pw = getpwnam(username); ++ if (pw) { ++ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid); ++ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, ++ buf, hostname, NULL, tty_name, 0); ++ } else { ++ snprintf(buf, sizeof(buf), "acct=%s", username); ++ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, ++ buf, hostname, NULL, tty_name, 0); ++ } ++ close(audit_fd); + + fprintf(stderr,_("\nLogin incorrect\n")); + pam_end(pamh, retcode); +@@ -908,6 +938,15 @@ + #endif + #endif + } ++ ++ { ++ char buf[32]; ++ audit_fd = audit_open(); ++ snprintf(buf, sizeof(buf), "uid=%d", pwd->pw_uid); ++ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, ++ buf, hostname, NULL, tty_name, 1); ++ close(audit_fd); ++ } + + dolastlog(quietlog); + +diff -ur util-linux-2.13-pre4.orig/login-utils/Makefile.am util-linux-2.13-pre4/login-utils/Makefile.am +--- util-linux-2.13-pre4.orig/login-utils/Makefile.am 2005-10-14 13:59:08.000000000 -0400 ++++ util-linux-2.13-pre4/login-utils/Makefile.am 2005-10-14 15:45:22.000000000 -0400 +@@ -55,7 +55,7 @@ + if HAVE_PAM + chfn_LDADD += -lpam -lpam_misc + chsh_LDADD += -lpam -lpam_misc +-login_LDADD += -lpam -lpam_misc ++login_LDADD += -lpam -lpam_misc -laudit + login_SOURCES = login.c + else + login_SOURCES = login.c checktty.c diff --git a/util-linux.spec b/util-linux.spec index 403ae16..a3cd94c 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -27,7 +27,7 @@ BuildRoot: %{_tmppath}/%{name}-root Summary: A collection of basic system utilities. Name: util-linux Version: 2.13 -Release: 0.4.pre4 +Release: 0.5.pre4 License: distributable Group: System Environment/Base @@ -42,7 +42,7 @@ BuildRequires: texinfo BuildRequires: gettext BuildRequires: libselinux-devel BuildRequires: e2fsprogs-devel >= 1.36 -BuildRequires: audit-libs-devel +BuildRequires: audit-libs-devel >= 1.0.6 ### Sources # TODO [stable]: s/2.13-pre4/%{version}/ @@ -63,6 +63,7 @@ Obsoletes: clock Conflicts: initscripts <= 4.58, timeconfig <= 3.0.1 %endif Requires: pam >= 0.66-4, /etc/pam.d/system-auth +Requires: audit-libs >= 1.0.6 Conflicts: kernel < 2.2.12-7, Prereq: /sbin/install-info Provides: mount = %{version} @@ -154,8 +155,10 @@ Patch212: util-linux-2.12p-floppy-generic.patch # 168436 - login will attempt to run if it has no read/write access to its terminal # 168434 - login's timeout can fail - needs to call siginterrupt(SIGALRM,1) Patch213: util-linux-2.13-login-hang.patch -# 165253 – losetup missing option -a [new feature] +# 165253 - losetup missing option -a [new feature] Patch214: util-linux-2.13-losetup-all.patch +# 170564 - add audit message to login +Patch215: util-linux-2.13-audit-login.patch # When adding patches, please make sure that it is easy to find out what bug # the # patch fixes. @@ -225,6 +228,7 @@ cp %{SOURCE8} %{SOURCE9} . %patch212 -p1 %patch213 -p1 %patch214 -p1 +%patch215 -p1 %build unset LINGUAS || : @@ -619,11 +623,14 @@ fi /sbin/losetup %changelog +* Mon Oct 17 2005 Karel Zak 2.13-0.5.pre4 +* fix #170564 - add audit message to login + * Fri Oct 7 2005 Karel Zak 2.13-0.4.pre4 - fix #169628 - /usr/bin/floppy doesn't work with /dev/fd0 - fix #168436 - login will attempt to run if it has no read/write access to its terminal - fix #168434 - login's timeout can fail - needs to call siginterrupt(SIGALRM,1) -- fix #165253 – losetup missing option -a [new feature] +- fix #165253 - losetup missing option -a [new feature] - update PAM files (replace pam_stack with new "include" PAM directive) - remove kbdrate from src.rpm - update to 2.13pre4