From: Christian Kastner Date: Thu, 7 Jan 2016 23:21:25 +0100 Subject: Linux Audit support Add support for logging using the Linux Auditing System. Contributed by Steve Grubb. Bug-Debian: https://bugs.debian.org/383741 Forwarded: no Last-Update: 2015-01-07 --- Makefile | 4 ++-- cron.8 | 2 ++ misc.c | 12 ++++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index ce16df8..8877e33 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ DESTMAN = $(DESTROOT)/share/man INCLUDE = -I. #INCLUDE = #<> -LIBS = $(PAM_LIBS) $(SELINUX_LIBS) +LIBS = $(PAM_LIBS) $(SELINUX_LIBS) $(AUDIT_LIBS) #<> #OPTIM = -O OPTIM = -g @@ -73,7 +73,7 @@ LINTFLAGS = -hbxa $(INCLUDE) $(COMPAT) $(DEBUGGING) #<> # Allow override from command line DEBUG_DEFS ?= -DDEBUGGING=0 -DEFS = $(DEBUG_DEFS) $(PAM_DEFS) $(SELINUX_DEFS) +DEFS = $(DEBUG_DEFS) $(PAM_DEFS) $(SELINUX_DEFS) $(AUDIT_DEFS) #(SGI IRIX systems need this) #DEFS = -D_BSD_SIGNALS -Dconst= #<> diff --git a/cron.8 b/cron.8 index dd40322..cd49d4b 100644 --- a/cron.8 +++ b/cron.8 @@ -120,6 +120,8 @@ PAM support, .IP \(em SELinux support, .IP \(em +auditlog support, +.IP \(em Debian-specific file locations and commands, .IP \(em Debian-specific configuration (/etc/default/cron), diff --git a/misc.c b/misc.c index 8dd6b24..935d87f 100644 --- a/misc.c +++ b/misc.c @@ -35,6 +35,9 @@ static char rcsid[] = "$Id: misc.c,v 2.9 1994/01/15 20:43:43 vixie Exp $"; #include #include #include +#ifdef WITH_AUDIT +#include +#endif #if defined(SYSLOG) # include #endif @@ -476,6 +479,15 @@ allowed(username) isallowed = !in_file(username, deny); #endif +#ifdef WITH_AUDIT + /* Log an audit message if the user is rejected */ + if (isallowed == FALSE) { + int audit_fd = audit_open(); + audit_log_user_message(audit_fd, AUDIT_USER_START, "cron deny", + NULL, NULL, NULL, 0); + close(audit_fd); + } +#endif return isallowed; }