Project

General

Profile

Actions
Copy link

Bug #9730

closed

Audit Configuration execution profile doesn't work

Added by Peter Tribble almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Peter Tribble
Category:
cmd - userland programs
Start date:
2018-08-13
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

If you give a user the Audit Configuration profile:

$ profiles
Audit Configuration
Basic Solaris User
All

Then it doesn't actually work:

$ pfexec auditconfig -getaudit
getaudit_addr(2) failed.
error: Not owner(1)

What should happen is:

$ pfexec auditconfig -getaudit
audit id = unknown(-2)
process preselection mask = no(0x0,0x0)
terminal id (maj,min,host) = 0,0,unknown(::)
audit session id = 0

The problem appears to be that the line in /etc/security/exec_attr is malformed:

Audit Configuration:solaris:::/usr/sbin/auditconfig:privs=sys_audit:

The third field which should contain "cmd" is missing and the remaining fields are then off by one.

Actions
Copy link
 #1

Updated by Electric Monk almost 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 223ffd476e2703f912aa332a875dfb72ab5d7010

commit  223ffd476e2703f912aa332a875dfb72ab5d7010
Author: Peter Tribble <peter.tribble@gmail.com>
Date:   2018-08-13T19:17:01.000Z

    9730 Audit Configuration execution profile doesn't work
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions
Copy link

Also available in: Atom PDF