Project

General

Profile

Actions
Copy link

Feature #9830

closed

praudit should be able to map users and groups correctly

Added by Peter Tribble about 5 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Peter Tribble
Category:
cmd - userland programs
Start date:
2018-09-10
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

It's common to aggregate audit logs onto a central system. However, running praudit will use the passwd and group files on the system where it's running to resolve the UID and GID in the audit records, which may differ from the values on the system from which the logs are taken. What you need is a way to feed praudit the group and passwd entries appropriate to the system the logs were taken from.

The plan is to leverage the uid/gid cache introduced in #9106. Specifically, preload the caches from given group and passwd files. In this case, praudit will only attempt to resolve unknown values against the system it's running on.

Actions
Copy link
 #1

Updated by Peter Tribble about 4 years ago

Testing:

Run praudit with the -p and -g flags, verified that it resolves uids and gids correctly. Verified that without the flags being used, we get the same (wrong) results as before.

Actions
Copy link
 #2

Updated by Electric Monk about 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 8bb3e7e36ac2547e9cc8555dfd4a6dc6821f5396

commit  8bb3e7e36ac2547e9cc8555dfd4a6dc6821f5396
Author: Peter Tribble <peter.tribble@gmail.com>
Date:   2019-08-14T07:19:35.000Z

    9830 praudit should be able to map users and groups correctly
    Reviewed by: Andy Fiddaman <andy@omniosce.org>
    Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
    Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions
Copy link

Also available in: Atom PDF