Verified on xenial on a P8 and a z13 zlpar. >From P8: $ cat /etc/os-release NAME="Ubuntu" VERSION="16.04.3 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.3 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/"; SUPPORT_URL="http://help.ubuntu.com/"; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"; VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial
$ uname -a Linux xxxx 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:53:44 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux $ dpkg -l | grep util-linux ii util-linux 2.27.1-6ubuntu3.4 ppc64el miscellaneous system utilities resulting log message, after altering system clock, type=USYS_CONFIG msg=audit(1512153890.632:29): pid=26156 uid=0 auid=1000 ses=998 msg='changing system time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/0 res=success' -------------------- Test on z-13 zlpar, $ cat /etc/os-release NAME="Ubuntu" VERSION="16.04.3 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.3 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/"; SUPPORT_URL="http://help.ubuntu.com/"; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"; VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial uname -a Linux xxxx 4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:35:14 UTC 2017 s390x s390x s390x GNU/Linux ubuntu@s1lp12:~$ dpkg -l | grep util-linux ii util-linux 2.27.1-6ubuntu3.4 s390x miscellaneous system utilities $ /usr/bin/sudo hwclock --set --date "1/1/2000 00:00:00" hwclock: Cannot access the Hardware Clock via any known method. hwclock: Use the --debug option to see the details of our search for an access method. This is correct behaviour since zlpar cannot access the hw clock and is consistent with prior versions. message logged indicates the failure, type=USYS_CONFIG msg=audit(1512154473.517:12321): pid=84471 uid=0 auid=1000 ses=1134 msg='changing system time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/1 res=failed' ** Tags added: verification-done-xenial ** Description changed: [IMPACT] Enable auditing in util-linux. The config option, --with-audit enables auditing. - - Only the hwclock and the login commands within util-linux package have source code for auditing. But that source code is disabled by default and requires the config option, --with-audit to enable it. The login command is not built nor shipped in util-linux. Ubuntu uses the login command from shadow instead. Thus, only hwclock command would be affected by this change. + + Only the hwclock and the login commands within util-linux package have + source code for auditing. But that source code is disabled by default + and requires the config option, --with-audit to enable it. The login + command is not built nor shipped in util-linux. Ubuntu uses the login + command from shadow instead. Thus, only hwclock command would be + affected by this change. The change would enable the hwclock command to generate an audit log message to /var/log/audit/audit.log whenever it changes the hardware - clock. This message will only get logged if auditd daemon is running. - Otherwise, nothing gets logged. + clock. This message will only get logged to /var/log/audit/audit.log, if + auditd daemon is running. Otherwise, if the auditd is not running, like + most log messages, it will get logged to /var/log/kern.log and|or + /var/log/syslog if these services are enabled. That the hwclock generates an audit message when hardware clock is changed is a requirement for Common Criteria EAL2 certification for Xenial. [TEST] This has been tested on both P8 and amd64 architectures. With the patch all the Common Criteria testcases pass for hwclock. Before this patch, the functional part of the testcase passed, but the check for the triggered audit records would fail. Attached the Common Criteria testcase below. Also, the util-linux package has testcases that get run during the build. All of these pass. Pointer to build log below. [REGRESSION POTENTIAL] The regression potential for this should be small. This change does not take away from any current functionality. It just adds the ability to generate an audit entry when system hardware clock is altered. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. Status in util-linux package in Ubuntu: Fix Released Status in util-linux source package in Xenial: Fix Committed Status in util-linux source package in Zesty: Fix Committed Status in util-linux source package in Artful: Fix Committed Status in util-linux package in Debian: New Bug description: [IMPACT] Enable auditing in util-linux. The config option, --with-audit enables auditing. Only the hwclock and the login commands within util-linux package have source code for auditing. But that source code is disabled by default and requires the config option, --with-audit to enable it. The login command is not built nor shipped in util-linux. Ubuntu uses the login command from shadow instead. Thus, only hwclock command would be affected by this change. The change would enable the hwclock command to generate an audit log message to /var/log/audit/audit.log whenever it changes the hardware clock. This message will only get logged to /var/log/audit/audit.log, if auditd daemon is running. Otherwise, if the auditd is not running, like most log messages, it will get logged to /var/log/kern.log and|or /var/log/syslog if these services are enabled. That the hwclock generates an audit message when hardware clock is changed is a requirement for Common Criteria EAL2 certification for Xenial. [TEST] This has been tested on both P8 and amd64 architectures. With the patch all the Common Criteria testcases pass for hwclock. Before this patch, the functional part of the testcase passed, but the check for the triggered audit records would fail. Attached the Common Criteria testcase below. Also, the util-linux package has testcases that get run during the build. All of these pass. Pointer to build log below. [REGRESSION POTENTIAL] The regression potential for this should be small. This change does not take away from any current functionality. It just adds the ability to generate an audit entry when system hardware clock is altered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
