[Ubuntu 15.04] Ubuntu should audit account modification events
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| shadow (Ubuntu) |
Fix Released
|
High
|
Mathieu Trudel-Lapierre | ||
Bug Description
Ubuntu should log user modification events to the system audit trail (/var/log/
Steps to Verify:
- Install Ubuntu 14.04 on an x86_64 VM
- apt install auditd
- useradd testuser
- ausearch -i
Expected Results:
An audit record should be appended to the audit trail that indicates testuser was added.
Actual Results:
An appropriate audit event was not appended to the audit trail. A record is logged in /var/log/auth.log.
Discussion:
Auditable system events should be logged in the standard audit trail via the Linux audit subsystem. Doing so provides a central location where sysadmins can monitor security events. The Linux audit subsystem can be used to meet Common Criteria and compliance hardening standards requirements. OSPP v2.0 [https:/
Related branches
| tags: | added: architecture-all bugnameltc-120769 severity-high targetmilestone-inin1504 |
| affects: | ubuntu → audit (Ubuntu) |
| Changed in audit (Ubuntu): | |
| assignee: | nobody → Taco Screen team (taco-screen-team) |
| tags: |
added: targetmilestone-inin1510 removed: targetmilestone-inin1504 |
| Changed in audit (Ubuntu): | |
| importance: | Undecided → High |
| assignee: | Taco Screen team (taco-screen-team) → Mathieu Trudel-Lapierre (mathieu-tl) |
| Mathieu Trudel-Lapierre (cyphermox) wrote | #1 |
| affects: | audit (Ubuntu) → shadow (Ubuntu) |
| Changed in shadow (Ubuntu): | |
| status: | New → In Progress |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in shadow (Ubuntu): | |
| status: | In Progress → Fix Released |
Looks like this is in fact an issue with shadow, which has its audit support disabled.