Project

General

Profile

Feature #9830

praudit should be able to map users and groups correctly

Added by Peter Tribble about 1 year ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
2018-09-10
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage

Description

It's common to aggregate audit logs onto a central system. However, running praudit will use the passwd and group files on the system where it's running to resolve the UID and GID in the audit records, which may differ from the values on the system from which the logs are taken. What you need is a way to feed praudit the group and passwd entries appropriate to the system the logs were taken from.

The plan is to leverage the uid/gid cache introduced in #9106. Specifically, preload the caches from given group and passwd files. In this case, praudit will only attempt to resolve unknown values against the system it's running on.

History

#1

Updated by Peter Tribble 2 months ago

Testing:

Run praudit with the -p and -g flags, verified that it resolves uids and gids correctly. Verified that without the flags being used, we get the same (wrong) results as before.

#2

Updated by Electric Monk 2 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 8bb3e7e36ac2547e9cc8555dfd4a6dc6821f5396

commit  8bb3e7e36ac2547e9cc8555dfd4a6dc6821f5396
Author: Peter Tribble <peter.tribble@gmail.com>
Date:   2019-08-14T07:19:35.000Z

    9830 praudit should be able to map users and groups correctly
    Reviewed by: Andy Fiddaman <andy@omniosce.org>
    Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
    Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF