Bug#975117: auditd: log_format = ENRICHED no space separator

Thu, 19 Nov 2020 00:30:14 -0800 

Package: auditd
Version: 1:2.8.5-3.1
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

set log_format = ENRICHED

   * What was the outcome of this action?
   * What outcome did you expect instead?

The additional "ENRICHED" fields are appended to log lines without a separating 
space. Example:

node=master type=SYSCALL msg=audit(1605773607.605:61353): arch=c000003e 
syscall=92 success=yes exit=0 a0=5607a0a249c0 a1=3e8 a2=3e8 a3=7fab26ff6f40 
items=1 ppid=24266 pid=24654 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=2 comm="bash" 
exe="/usr/bin/bash" subj==unconfined key="perm_mod"ARCH=x86_64 SYSCALL=chown 
AUID="sam" UID="sam" GID="sam" EUID="sam" SUID="sam" FSUID="sam" EGID="sam" 
SGID="sam" FSGID="sam"

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 10.6
  APT prefers stable
  APT policy: (900, 'stable'), (500, 'stable-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-12-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages auditd depends on:
ii  init-system-helpers  1.56+nmu1
ii  libaudit1            1:2.8.4-3
ii  libauparse0          1:2.8.4-3
ii  libc6                2.30-4
ii  libgssapi-krb5-2     1.17-3
ii  libkrb5-3            1.17-3
ii  libwrap0             7.6.q-28
ii  lsb-base             10.2019051400
ii  mawk                 1.3.3-17+b3

auditd recommends no packages.

Versions of packages auditd suggests:
ii  audispd-plugins  1:2.8.4-3

-- Configuration Files:
/etc/audisp/audispd.conf [Errno 13] Permission denied: 
'/etc/audisp/audispd.conf'
/etc/audisp/plugins.d/af_unix.conf [Errno 13] Permission denied: 
'/etc/audisp/plugins.d/af_unix.conf'
/etc/audisp/plugins.d/syslog.conf [Errno 13] Permission denied: 
'/etc/audisp/plugins.d/syslog.conf'
/etc/audit/audit-stop.rules [Errno 13] Permission denied: 
'/etc/audit/audit-stop.rules'
/etc/audit/auditd.conf [Errno 13] Permission denied: '/etc/audit/auditd.conf'
/etc/audit/rules.d/audit.rules [Errno 13] Permission denied: 
'/etc/audit/rules.d/audit.rules'

-- no debconf information

Reply via email to