[Bug 1414817] [NEW] [Ubuntu 15.04] Ubuntu should audit account modification events
Launchpad Bug Tracker
1414817 at bugs.launchpad.net
Tue Jun 2 14:45:34 UTC 2015
You have been subscribed to a public bug:
Ubuntu should log user modification events to the system audit trail
(/var/log/audit/audit.log) but does not.
Steps to Verify:
- Install Ubuntu 14.04 on an x86_64 VM
- apt install auditd
- useradd testuser
- ausearch -i
Expected Results:
An audit record should be appended to the audit trail that indicates
testuser was added.
Actual Results:
An appropriate audit event was not appended to the audit trail. A
record is logged in /var/log/auth.log.
Discussion:
Auditable system events should be logged in the standard audit trail via
the Linux audit subsystem. Doing so provides a central location where
sysadmins can monitor security events. The Linux audit subsystem can be
used to meet Common Criteria and compliance hardening standards
requirements. OSPP v2.0
[https://www.commoncriteriaportal.org/files/ppfiles/pp0067b_pdf.pdf]
should provide a good reference for commonly logged audit events and
other audit requirements.
** Affects: shadow (Ubuntu)
Importance: High
Assignee: Mathieu Trudel-Lapierre (mathieu-tl)
Status: In Progress
** Tags: architecture-all bugnameltc-120769 severity-high targetmilestone-inin1510
--
[Ubuntu 15.04] Ubuntu should audit account modification events
https://bugs.launchpad.net/bugs/1414817
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to shadow in Ubuntu.
More information about the foundations-bugs
mailing list