From: Christian Kastner Date: Thu, 07 Jan 2016 23:21:25 +0100 Subject: Linux Audit support Add support for logging using the Linux Auditing System. Contributed by Steve Grubb. Bug-Debian: https://bugs.debian.org/383741 Forwarded: no Last-Update: 2015-01-07 Index: cron/Makefile =================================================================== --- cron.orig/Makefile +++ cron/Makefile @@ -55,7 +55,7 @@ DESTMAN = $(DESTROOT)/share/man INCLUDE = -I. #INCLUDE = #<> -LIBS = $(PAM_LIBS) $(SELINUX_LIBS) +LIBS = $(PAM_LIBS) $(SELINUX_LIBS) $(AUDIT_LIBS) #<> #OPTIM = -O OPTIM = -g @@ -73,7 +73,7 @@ LINTFLAGS = -hbxa $(INCLUDE) $(COMPAT) $ #<> # Allow override from command line DEBUG_DEFS ?= -DDEBUGGING=0 -DEFS = $(DEBUG_DEFS) $(PAM_DEFS) $(SELINUX_DEFS) +DEFS = $(DEBUG_DEFS) $(PAM_DEFS) $(SELINUX_DEFS) $(AUDIT_DEFS) #(SGI IRIX systems need this) #DEFS = -D_BSD_SIGNALS -Dconst= #<> Index: cron/misc.c =================================================================== --- cron.orig/misc.c +++ cron/misc.c @@ -35,6 +35,9 @@ static char rcsid[] = "$Id: misc.c,v 2.9 #include #include #include +#ifdef WITH_AUDIT +#include +#endif #if defined(SYSLOG) # include #endif @@ -476,6 +479,15 @@ allowed(username) isallowed = !in_file(username, deny); #endif +#ifdef WITH_AUDIT + /* Log an audit message if the user is rejected */ + if (isallowed == FALSE) { + int audit_fd = audit_open(); + audit_log_user_message(audit_fd, AUDIT_USER_START, "cron deny", + NULL, NULL, NULL, 0); + close(audit_fd); + } +#endif return isallowed; } Index: cron/cron.8 =================================================================== --- cron.orig/cron.8 +++ cron/cron.8 @@ -120,6 +120,8 @@ PAM support, .IP \(em SELinux support, .IP \(em +auditlog support, +.IP \(em Debian-specific file locations and commands, .IP \(em Debian-specific configuration (/etc/default/cron),