Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail
bugzilla-daemon at mindrot
May 31, 2004, 5:25 AM
Post #1 of 2 (114 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=125

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #619 is|0 |1
obsolete| |



------- Additional Comments From dtucker@zip.com.au 2004-05-31 23:25 -------
Created an attachment (id=647)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=647&action=view)
(DO NOT USE) More work-in-progress for comment.

More work on the sshd hooks, the implementation in port-solaris.c is still
incomplete. I'm interested on feedback about (a) whether or not the interface
(see sshaudit.h) is sane and (b) if it's adequate for other systems requiring
this kind of intrumentation.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail [ In reply to ]
bugzilla-daemon at mindrot
May 31, 2004, 2:36 PM
Post #2 of 2 (117 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=125





------- Additional Comments From djm@mindrot.org 2004-06-01 08:36 -------
(From update of attachment 647)
>+#ifdef AUDIT_EVENTS
>+ PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
>+#endif

How about removing the #ifdefs and just making audit_event a no-op for the
non-audit case?

>Index: sshaudit.h
>===================================================================
>RCS file: sshaudit.h
>diff -N sshaudit.h
>--- /dev/null 1 Jan 1970 00:00:00 -0000
>+++ sshaudit.h 31 May 2004 12:10:20 -0000
>@@ -0,0 +1,22 @@
>+#include "auth.h"
>+
>+#ifndef SSHAUDIT_H
>+# define SSHAUDIT_H
>+enum audit_event_type {
>+ AUTH_FAILED, /* ? */
>+ LOGIN_SUCCESS,
>+ LOGIN_EXCEED_MAXTRIES,
>+ LOGIN_FAIL_BADPW,
>+ ILLEGAL_USER,
>+ ROOT_NOT_CONSOLE,
>+ NOLOGIN,
>+ LOGOUT
>+};

indenting looks wonky here

>+#if defined(HAVE_GETAUDIT_ADDR)
>+ (void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
>+ debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
>+#else
>+ ia = inet_addr(host);
>+ memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
>+ sav_iptype = 0; /* not used, but just in case */
>+#endif

How does this cope with INET6 addresses? or is this code path only taken when
the machine is old ipv4 API only?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal