Actions
Bug #9730
closed
Audit Configuration execution profile doesn't work
Start date:
2018-08-13
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
Description
If you give a user the Audit Configuration profile:
$ profiles
Audit Configuration
Basic Solaris User
All
Then it doesn't actually work:
$ pfexec auditconfig -getaudit
getaudit_addr(2) failed.
error: Not owner(1)
What should happen is:
$ pfexec auditconfig -getaudit
audit id = unknown(-2)
process preselection mask = no(0x0,0x0)
terminal id (maj,min,host) = 0,0,unknown(::)
audit session id = 0
The problem appears to be that the line in /etc/security/exec_attr is malformed:
Audit Configuration:solaris:::/usr/sbin/auditconfig:privs=sys_audit:
The third field which should contain "cmd" is missing and the remaining fields are then off by one.
Updated by
Actions