[Bug 1948357] Re: sshd have no USER_LOGOUT audit event

Athos Ribeiro 1948357 at bugs.launchpad.net
Tue Nov 23 15:23:58 UTC 2021 

As per [1], the difference reported in the bug is seen due to a pair of
patches carried by Fedora/RH.

This seems to be a feature (not a fix), therefore, I am not sure if this
would be suitable for an SRU.

The patch proposed in [1] seems to be under review for a long time (and
parts of the patch have landed upstream over the years).

The last upstream comment [2] (from Jan. 2020) states that the patch is
obsolete. Moreover, the Red Hat bug mentioned in their spec file which
points to the bug where the patch was likely discussed and proposed is
private [3]. Therefore, I wonder if we want to introduce this feature in
22.04 (LTS) or wait for further upstream feedback in [1].

Since the next steps are not clear, I am removing the server-
next/server-todo tags from the bug.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=1402
[2] https://bugzilla.mindrot.org/show_bug.cgi?id=1402#c81
[3] https://src.fedoraproject.org/rpms/openssh/blob/c5e4c28ae15caed8a03d682c1adf2fa619968222/f/openssh.spec#_84

** Bug watch added: OpenSSH Portable Bugzilla #1402
   https://bugzilla.mindrot.org/show_bug.cgi?id=1402

** Tags removed: server-next server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1948357

Title:
  sshd have no USER_LOGOUT audit event

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  ubuntu 18.04

  lizj at FNSTPC:~$ sudo aureport -e -i --summary | grep USER
  43241  USER_END
  16946  USER_START
  16718  USER_ACCT
  658  USER_AUTH
  543  USER_CMD
  255  USER_LOGIN
  9  USER_ROLE_CHANGE
  5  USER_ERR
  2  USER_CHAUTHTOK
  1  ADD_USER
  lizj at FNSTPC:~/.local/bin$ dpkg -l | grep openssh
  ii  openssh-client                                1:7.6p1-4ubuntu0.5                                  amd64        secure shell (SSH) client, for secure access to remote machines
  ii  openssh-server                                1:7.6p1-4ubuntu0.5                                  amd64        secure shell (SSH) server, for secure access from remote machines
  ii  openssh-sftp-server                           1:7.6p1-4ubuntu0.5                                  amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines
  lizj at FNSTPC:~/.local/bin$ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 18.04.6 LTS
  Release:	18.04
  Codename:	bionic

  
  while in my fedora 33 host, it includes USER_LOGOUT as below

  fedora 33
  [root at iaas-rpma linux]# aureport -e -i --summary | grep USER
  7356  CRYPTO_KEY_USER
  2103  USER_START
  1649  USER_END
  1268  USER_ACCT
  1108  USER_ROLE_CHANGE
  1029  USER_AUTH
  895  USER_LOGIN
  789  USER_LOGOUT
  60  USER_CMD
  14  USER_ERR
  3  USER_MGMT
  3  USER_CHAUTHTOK
  1  ADD_USER
  [root at iaas-rpma ~]# rpm -qa | grep openssh
  openssh-8.4p1-1.1.fc33.x86_64
  openssh-clients-8.4p1-1.1.fc33.x86_64
  openssh-server-8.4p1-1.1.fc33.x86_64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1948357/+subscriptions

More information about the foundations-bugs mailing list