You have been subscribed to a public bug:
== Comment: #0 - Miao Tao Feng <fen...@cn.ibm.com> - 2016-11-23 02:46:25 ==
When we develop new testcase for audit, we found that command "aureport -l"
print out wrong auid "-1" on ubuntu16.04 and it should be 1000 according to
the audit.log.
The following are details:
root@roselp2:~# aureport -l
Login Report
============================================
# date time auid host term exe success event
============================================
1. 11/23/2016 02:20:12 -1 10.33.24.118 /dev/pts/0 /usr/sbin/sshd yes 18
The auid "-1" on the above line should be "1000? according to the
audit.log.
root@roselp2:~# grep ":18" /var/log/audit/audit.log
type=USER_LOGIN msg=audit(1479889212.292:18): pid=4177 uid=0 auid=1000 ses=4
msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=10.33.24.118
addr=10.33.24.118 terminal=/dev/pts/0 res=success'
root@roselp2:~# dpkg -s auditd
Package: auditd
Status: install ok installed
Priority: extra
Section: admin
Installed-Size: 1051
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Architecture: ppc64el
Source: audit
Version: 1:2.4.5-1ubuntu2
Depends: lsb-base (>= 3.0-6), mawk | gawk, init-system-helpers (>= 1.18~),
libaudit1 (>= 1:2.4.2), libauparse0 (>= 1:2.3.1), libc6 (>= 2.17)
Suggests: audispd-plugins
root@roselp2:~# uname -a
Linux roselp2 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:38:24 UTC 2016
ppc64le ppc64le ppc64le GNU/Linux
root@roselp2:~# service auditd status
? auditd.service - Security Auditing Service
Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: e
Active: active (running) since Wed 2016-11-23 02:19:21 CST; 19s ago
Main PID: 4085 (auditd)
CGroup: /system.slice/auditd.service
??4085 /sbin/auditd -n
Nov 23 02:19:21 roselp2 auditctl[4086]: enabled 0
Nov 23 02:19:21 roselp2 auditctl[4086]: failure 1
Nov 23 02:19:21 roselp2 auditctl[4086]: pid 0
Nov 23 02:19:21 roselp2 auditctl[4086]: rate_limit 0
Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_limit 320
Nov 23 02:19:21 roselp2 auditctl[4086]: lost 0
Nov 23 02:19:21 roselp2 auditctl[4086]: backlog 0
Nov 23 02:19:21 roselp2 auditctl[4086]: backlog_wait_time 15000
Nov 23 02:19:21 roselp2 systemd[1]: Started Security Auditing Service.
Nov 23 02:19:21 roselp2 auditd[4085]: Init complete, auditd 2.4.5 listening for
Please cherry pick https://github.com/linux-audit/audit-
userspace/commit/25097d64344828a80acf681da5c1dacc4ea3c069
** Affects: audit (Ubuntu)
Importance: Undecided
Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
Status: New
** Tags: architecture-ppc64le bugnameltc-149041 severity-medium
targetmilestone-inin---
--
ISST-LTE: pVM: aureport couldn't get the right auid from the audit log on
ubuntu16.04
https://bugs.launchpad.net/bugs/1724152
You received this bug notification because you are a member of Ubuntu Touch
seeded packages, which is subscribed to audit in Ubuntu.
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
