Re: logging changes in tty logging status
On Wed, Nov 13, 2013 at 03:22:49PM -0500, Steve Grubb wrote:
On Wednesday, November 13, 2013 03:04:18 PM Richard Guy Briggs
wrote:
> Hi Steve,
>
> I'm reviewing audit_receive_msg() and noticing that the AUDIT_TTY_SET
> case doesn't log a configuration change. Should it?
Yes, it should. Any change in config should be recorded with subject, old
value, new value, and results. It should match other config change events.
So perhaps something like this, but should probably re-structure the
code to make it cleaner and re-factor a formatting function...
Any opinion on the labels/tags?
diff --git a/kernel/audit.c b/kernel/audit.c
index 7b0e23a..cba0109 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -829,18 +829,36 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr
*nlh)
case AUDIT_TTY_SET: {
struct audit_tty_status s;
struct task_struct *tsk = current;
+ struct audit_buffer *ab;
memset(&s, 0, sizeof(s));
/* guard against past and future API changes */
memcpy(&s, data, min(sizeof(s), (size_t)nlh->nlmsg_len));
+ audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);
+ audit_log_format(ab, " old.audit_tty_status.enabled=%d"
+ " old.audit_tty_status.log_passwd=%d",
+ tsk->signal->audit_tty,
+ tsk->signal->audit_tty_log_passwd);
+ audit_log_format(ab, " new.audit_tty_status.enabled=%d"
+ " new.audit_tty_status.log_passwd=%d",
+ s.enabled, s.log_passwd);
if ((s.enabled != 0 && s.enabled != 1) ||
(s.log_passwd != 0 && s.log_passwd != 1))
- return -EINVAL;
+{
+ audit_log_format(ab, " res=0");
+ audit_log_end(ab);
+ return -EINVAL;
+}
spin_lock(&tsk->sighand->siglock);
tsk->signal->audit_tty = s.enabled;
tsk->signal->audit_tty_log_passwd = s.log_passwd;
spin_unlock(&tsk->sighand->siglock);
+
+ audit_log_format(ab, " res=1");
+ audit_log_end(ab);
+
+
break;
}
default:
-Steve
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545