** Also affects: audit (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Precise)
Status: New => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1158500
Title:
auditd fails to add rules when used in precise with -lts-quantal
kernel
Status in audit package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Invalid
Status in audit source package in Precise:
Confirmed
Status in linux source package in Precise:
Invalid
Bug description:
auditctl fails to add rules when run with the -lts-quantal kernel
Eample:
# auditctl -l
No rules
# auditctl -a entry,always -F arch=b64 -S execve -k exec
Error sending add rule data request (Invalid argument)
#
Looks like the syscall table needs updating, it works with the 3.2.0
kernel.
Tagging this as a security vulnerability because it fails fairly
quietly and may lead to high security systems not having required
auditing (like PCI compliant systems), I only noticed by looking in
/var/log/boot.log.
Description: Ubuntu 12.04.2 LTS
Release: 12.04
ii auditd 1.7.18-1ubuntu1
User space tools for security auditing
ii linux-image-generic-lts-quantal 3.5.0.26.33
Generic Linux kernel image
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
