[Bug 1026852] [NEW] [MIR] audit (pulls in libprelude)
Launchpad Bug Tracker
1026852 at bugs.launchpad.net
Tue Nov 27 00:16:33 UTC 2012
You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):
This is a MIR to bring a portion of binary packages built from the audit source
package into main. The binary packages of interest (some of which are created by the attached debdiff for the audit package) are:
- auditd-common
- auditd-light
- libaudit0
- libaudit-dev
- python-audit
The binary pacakges that may remain in universe are:
- auditd
- audispd-plugins
- system-config-audit
Availability:
- Available in universe for all arches
Rationale:
- Discussed as part of the P and Q security catch all blueprints
+ https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
+ https://blueprints.launchpad.net/ubuntu/+spec/security-q-catch-all
- libaudit0 is a build dependency of the Debian cron package
+ https://launchpad.net/bugs/878155
- The audit log can already used by AppArmor
+ http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files
Security:
- One CVE (CVE-2008-1628) in the project's history
- Note that CVEs have been assigned for the kernel audit subsystem, but those
are unrelated to the audit userspace code
- Security risk involved since auditd is a daemon that runs as root
+ Implementing privilege dropping would not be trivial:
http://www.redhat.com/archives/linux-audit/2009-October/msg00011.html
- auditd can open up a port and listen for audit messages from remote machines
+ The default auditd.conf is *not* configured to open a port
+ auditd doesn't create a socket unless tcp_listen_port is set in
auditd.conf (see auditd_tcp_listen_init() in src/auditd-listen.c)
+ The upstream build system does not allow disabling of the networking code
- The audispd-plugins binary package contains functionality to send audit
messages to remote machines but a main inclusion is not being requested for
audispd-plugins
Quality Assurance:
- Basic audit logging works immediately after auditd package installation
- The upstream maintainer is active on the mailing list
+ https://www.redhat.com/mailman/listinfo/linux-audit
- The lastest upstream release was on March 23, 2012
- 4 "normal" bugs (one linked to a Debian bug) opened against Ubuntu audit
source package
+ https://bugs.launchpad.net/ubuntu/+source/audit
- 5 "normal" bugs opened against the Debian audit source package
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=audit
- 'make check' tests are enabled in the build
- debian/watch exists
UI Standards:
- The only end-user application is in the system-config-audit binary package,
which is not included in this MIR
Dependencies:
- One build dependency is not in main
+ libprelude-dev binary and source package is in universe
+ NOTE: libev-dev is a current Build-Dependency, but it is not required because
audit contains its own libev. The attached debdiff removes it from audit's
Build-Dependency list.
- All relevant binary dependencies are in in main
+ check-mir points out menu and chkconfig, but they are dependencies of
system-config-audit, which is not included in this MIR
Standards Compliance:
- No lintian errors
- 9 overridden lintian warnings due to non-standard file/dir permissions
because config and log files are intentionally installed with restrictive
file permissions due to the security-related nature of the package (see
debian/auditd.lintian-overrides)
Maintenance:
- This is a relatively simple package that seems to be well maintained
upstream and in Debian
- Should not require a dedicated maintainer in Ubuntu
** Affects: audit (Ubuntu)
Importance: Undecided
Status: New
** Affects: libev (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: libprelude (Ubuntu)
Importance: Undecided
Status: Invalid
** Tags: patch
--
[MIR] audit (pulls in libprelude)
https://bugs.launchpad.net/bugs/1026852
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list