[Bug 1478087] Re: ISST-LTE: aureport -l couldn't print out login info on ubuntu 14.04.3

Tue Sep 1 00:05:11 UTC 2015

The bug is not in aureport or libaudit. aureport looks for
AUDIT_USER_LOGIN events in the audit log but we're not generating them
in login programs due to libaudit support not being enabled at build
time or, in the case of lightdm, missing libaudit support.

Note that we are generating an AUDIT_LOGIN event from the kernel upon
login but aureport and friends are looking for AUDIT_USER_LOGIN events
from userspace.

This will require changes to a several packages. So far, I've been able
to determine that openssh needs to be built with --enable-audit=linux
and lightdm needs to be patched to generate AUDIT_USER_LOGIN events. The
lightdm pam configs may also need updating for calling out to
pam_loginuid.so but I'm not sure if that's required at this point.

The shadow package was recently modified to enable libaudit support
(https://launchpad.net/ubuntu/+source/shadow/1:4.1.5.1-1.1ubuntu5) so
that change will need to be SRU'ed.

The util-linux source package can generate AUDIT_USER_INFO events from
its login program but we're using the login program from the shadow
source package. After looking at the util-linux source, I don't see a
reason to build it against libaudit at this time.

** Also affects: openssh (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: lightdm (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: shadow (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1478087

Title:
  ISST-LTE: aureport -l couldn't print out login info on ubuntu 14.04.3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1478087/+subscriptions