Hello,
The freeze of the new debian release is approaching (early next year)
and I'm looking a bit for guidance about what do with the audit package.
Should I start cherry-picking patches, wait for a new (pre-)release?
Keep the good 2.8?
Kind regards,
Laurent Bigonville
--
Linux-audit
Le 06/12/17 à 18:51, Tyler Hicks a écrit :
If so, does everyone agree that 1500-1599 would be acceptable for
AppArmor to use?
FTR, the apparmor usespace library seems to support the 15xx range for
quite sometimes already, I see the following commit in the git repository:
commit
Le 09/09/17 à 16:22, Steve Grubb a écrit :
On Saturday, September 9, 2017 6:02:02 AM EDT Laurent Bigonville wrote:
Le 11/07/17 à 00:23, Paul Moore a écrit :
On Mon, Jul 10, 2017 at 4:01 PM, Laurent Bigonville <bi...@debian.org>
wrote:
Le 10/07/17 à 18:00, Paul Moore a écrit :
On Mon,
Le 11/07/17 à 00:23, Paul Moore a écrit :
On Mon, Jul 10, 2017 at 4:01 PM, Laurent Bigonville <bi...@debian.org> wrote:
Le 10/07/17 à 18:00, Paul Moore a écrit :
On Mon, Jul 10, 2017 at 10:59 AM, Laurent Bigonville <bi...@debian.org>
wrote:
Hi,
With 4.11.6 (that has been upload
Le 10/07/17 à 18:00, Paul Moore a écrit :
On Mon, Jul 10, 2017 at 10:59 AM, Laurent Bigonville <bi...@debian.org> wrote:
Hi,
With 4.11.6 (that has been uploaded in debian unstable) I get a lot of
messages in dmesg like
[100052.120468] audit: audit_lost=66041 audit_rate_l
in auditd logs anymore.
https://git.kernel.org/linus/264d509637d95f9404e52ced5003ad352e0f6a26
seems to be included in this release
An idea?
Regards,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Le 30/03/17 à 15:56, cgzones a écrit :
Hi,
I just received the following bug in debian:
ausearch segfaults on the following input in interpret mode:
/sbin/ausearch -i --input file
type=AVC msg=audit(1490829425.686:121): avc: denied { bind } for
pid=1034 comm="darkstat"
Hi,
Could you please merge the following patches that have been proposed to
debian by Nicolas Braud-Santoni?
The patches add the Documentation key in the .service file and also fix
some typos.
Cheers,
Laurent Bigonville
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: T
Le 10/07/16 à 19:18, Steve Grubb a écrit :
On Sunday, July 10, 2016 10:45:13 AM EDT Laurent Bigonville wrote:
Le 09/07/16 à 23:41, Steve Grubb a écrit :
On Saturday, July 9, 2016 11:02:44 PM EDT Laurent Bigonville wrote:
Apparently the fix is not 100% correct:
The "Libs.private" fi
Le 05/07/16 à 14:15, Steve Grubb a écrit :
Hello,
On Monday, July 4, 2016 2:08:14 PM EDT Laurent Bigonville wrote:
Apparently the audit.pc file is missing flags to allow libaudit to be
statically linked (see [0]).
Adding something like "Requires.private: libcap-ng" should fix the pr
Le 06/07/16 à 20:13, Steve Grubb a écrit :
Hello,
I revceived the strace file which made the email too big for the mail list.
I'm including the important part below.
On Wednesday, July 6, 2016 6:31:00 PM EDT Laurent Bigonville wrote:
Le 06/07/16 à 18:23, Steve Grubb a écrit :
So, I'm note
going on?
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
.
Shouldn't the LDFLAGS also be reset when building these executables?
Regards,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Le 03/05/16 à 17:10, Steve Grubb a écrit :
On Tuesday, May 03, 2016 05:04:04 PM Laurent Bigonville wrote:
Hello,
In debian, during the build of a package, we have a tool checking if
symbols are removed from shared librearies.
With the 2.5.2 release, I get the following output:
--- debian
audit_set_backlog_wait_time@Base 1:2.4.2
audit_set_enabled@Base 1:2.2.1
Is that expected that these 4 symbols have been removed?
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
:
On 11/06/2015 11:10 AM, Laurent Bigonville wrote:
Hi,
When the policy is reloaded, systemd and dbus are sending a USER_AVC
audit event instead of a USER_MAC_POLICY_LOAD one.
Looking at an other object manager (the xserver) it uses the following
code:
http://cgit.freedesktop.org/xorg/xserver
Le 05/11/15 09:32, Laurent Bigonville a écrit :
Le 05/11/15 04:23, Steve Grubb a écrit :
I tested this on Fedora 22 and did not get a USER_AVC from dbus, but
I also
did not get an error message in syslog. So, I don't know what to make
of it.
(And for the record, I have a bz open saying
Le 05/11/15 04:23, Steve Grubb a écrit :
On Tuesday, November 03, 2015 09:48:31 PM Laurent Bigonville wrote:
Le 03/11/15 21:08, Richard Guy Briggs a écrit :
On 15/11/03, Steve Grubb wrote:
On Tuesday, November 03, 2015 06:12:07 PM Laurent Bigonville wrote:
I'm running in permissive mode
Le 06/11/15 00:03, Steve Grubb a écrit :
On Thursday, November 05, 2015 09:32:09 AM Laurent Bigonville wrote:
Le 05/11/15 04:23, Steve Grubb a écrit :
On Tuesday, November 03, 2015 09:48:31 PM Laurent Bigonville wrote:
Le 03/11/15 21:08, Richard Guy Briggs a écrit :
On 15/11/03, Steve Grubb
Le 03/11/15 17:28, Steve Grubb a écrit :
On Tuesday, November 03, 2015 05:05:55 PM Laurent Bigonville wrote:
Hi,
With dbus 1.10.2 (on Debian), when I'm running "semodule -B", the system
dbus daemon is complaining with the following message:
nov 03 15:02:57 soldur dbus[1057]:
Le 03/11/15 21:08, Richard Guy Briggs a écrit :
On 15/11/03, Steve Grubb wrote:
On Tuesday, November 03, 2015 06:12:07 PM Laurent Bigonville wrote:
I'm running in permissive mode.
I'm seeing a netlink open to the audit:
dbus-daem 1057 messagebus7u netlink 0t0 15248 AUDIT
Apparently
ilities:
$ sudo getpcaps 1057
Capabilities for `1057': = cap_audit_write+ep
All other user_avc seems to be properly logged in audit.
An idea?
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
. There was however a small thread [1] about this on
upstream ML.
Not sure what's the policy regarding patching embedded copy of libev.
Cheers,
Laurent Bigonville
[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787066
[1] http://lists.schmorp.de/pipermail/libev/2015q1/002480.html
--
Linux-audit
the logging when free disk space is
available again?
I had to restart the daemon completely as reloading it was not enough.
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
have one (unrelated) issue where aulast think that my
user that has login using gdm is down.
Cheers,
Laurent Bigonville
Upstream-commit: aa589a1
Cc: sta...@vger.kernel.org # v3.14-rc1 to v3.14
Reported-by: Steve Grubb sgr...@redhat.com
Signed-off-by: Richard Guy Briggs r...@redhat.com
Le Tue, 17 Jun 2014 09:29:21 -0400,
Steve Grubb sgr...@redhat.com a écrit :
On Monday, June 16, 2014 05:20:10 PM Eric Paris wrote:
[...]
I'd call this a pretty clear userspace bug where it just completely
drops records, even if it can't parse them...
That theory can be tested by using:
Le Thu, 5 Jun 2014 19:34:04 +0200,
Laurent Bigonville bi...@debian.org a écrit :
Le Wed, 04 Jun 2014 19:04:52 -0400,
Steve Grubb sgr...@redhat.com a écrit :
[...]
You are missing a type=LOGIN event right here. If you do a cat
/proc/self/loginuid and its set to something besides -1, we have
Le Wed, 04 Jun 2014 19:04:52 -0400,
Steve Grubb sgr...@redhat.com a écrit :
On Thursday, June 05, 2014 12:42:39 AM Laurent Bigonville wrote:
Le Wed, 04 Jun 2014 18:23:29 -0400,
Steve Grubb sgr...@redhat.com a écrit :
On Thursday, June 05, 2014 12:04:05 AM Laurent Bigonville wrote
the login name to the aulast command doesn't seems to work
at all even with the --bad option.
OTOH, the aulastlog command seems to work as expected.
An idea?
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Le Fri, 11 Apr 2014 09:42:50 -0400,
Steve Grubb sgr...@redhat.com a écrit :
On Friday, April 11, 2014 08:54:37 AM Laurent Bigonville wrote:
Le Thu, 10 Apr 2014 07:25:42 -0400,
Steve Grubb sgr...@redhat.com a écrit :
On Thursday, April 10, 2014 09:06:11 AM Laurent Bigonville wrote
Le Thu, 10 Apr 2014 07:25:42 -0400,
Steve Grubb sgr...@redhat.com a écrit :
On Thursday, April 10, 2014 09:06:11 AM Laurent Bigonville wrote:
With 2.3.5, libauparse is exporting a new symbol (clear_config())
It seems that all the other symbols are prefixed with either
auparse_ or audit_
Hello,
With 2.3.5, libauparse is exporting a new symbol (clear_config())
It seems that all the other symbols are prefixed with either auparse_
or audit_, so is this expected?
Cheers,
Laurent Bigonville
Output of some debian tools:
--- debian/libauparse0.symbols (libauparse0_1:2.3.5-1_amd64
to see this merged
upstream _before_ it was pushed to the debian archive).
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
that it
should be used in this case.
As a side note, it seems that the *.spec file is stopping the daemon in
the %preun so this could fail I guess?
Any thoughts on this?
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
against the main auditd.service file?
This way the user could enable that new service instead of copying
files by hand. This sounds better in distribution-wise and in cases
changes are made to the .service file, the user will not be stuck with
an old version in /etc.
Any idea on this?
Cheers
Laurent
/audit/audit.rules
fi
This way if its a new install, you get a copy of the rules and if
there are any previously existing rules, they are not overwritten.
Thanks, yes I figured that out too, I should probably not post emails
before my 1st cup of coffee on Sunday morning :)
Cheers
Laurent
From: Laurent Bigonville bi...@bigon.be
Hi,
Please find here some patches for the audit manpages.
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
From: Laurent Bigonville bi...@bigon.be
This makes it possible for people using UTF-8 encoding to easily
copy/paste options from the manpages.
This fix Debian lintian warnings: hyphen-used-as-minus-sign
---
docs/audit_log_acct_message.3 |2 +-
docs/auditctl.8 |2 +-
docs
WITH_ARMEB
_S(MACH_ARMEB, armeb )
+_S(MACH_ARMEB, armv5tel)
_S(MACH_ARMEB, armv5tejl)
_S(MACH_ARMEB, armv7l)
_S(MACH_ARMEB, armv6l)
Cheers
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Le Fri, 30 Nov 2012 12:44:54 -0500 (EST),
Miloslav Trmac m...@redhat.com a écrit :
- Original Message -
Le Fri, 30 Nov 2012 09:05:19 -0500,
Steve Grubb sgr...@redhat.com a écrit :
On Friday, November 30, 2012 02:42:27 PM Laurent Bigonville wrote:
Le Mon, 26 Nov 2012 12:21
Unexpected match `a1'
FAIL: lookup_test
An idea?
Thanks for your previous answers
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
tables to ausyscall. Why are these syscall table conditional?
2) Is --with-armeb meant for ARMEB (aka ARM big-endian) or is it meant
for ARM with embedded ABI? The help message of the configure says the
later but it seems to be badly named.
If somebody could enlighten me,
Kind regards
Laurent
42 matches
Mail list logo