Add tty to syscall audit records
Steve Grubb
sgrubb at redhat.com
Sun Jan 1 19:07:00 UTC 2006
Hi,
>From the RBAC specs:
FAU_SAR.1.1 The TSF shall provide the set of authorized
RBAC administrators with the capability to read the following
audit information from the audit records:
<snip>
(e) The User Session Identifier or Terminal Type
A patch adding the tty for all syscalls is included in this email.
Please apply.
Signed-off-by: Steve Grubb <sgrubb at redhat.com>
diff -urp linux-2.6.14.orig/kernel/auditsc.c linux-2.6.14/kernel/auditsc.c
--- linux-2.6.14.orig/kernel/auditsc.c 2005-12-28 10:39:04.000000000 -0500
+++ linux-2.6.14/kernel/auditsc.c 2005-12-28 10:40:28.000000000 -0500
@@ -56,6 +56,7 @@
#include <asm/unistd.h>
#include <linux/security.h>
#include <linux/list.h>
+#include <linux/tty.h>
#include "audit.h"
@@ -567,6 +568,7 @@ static void audit_log_exit(struct audit_
int i;
struct audit_buffer *ab;
struct audit_aux_data *aux;
+ const char *tty;
ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
if (!ab)
@@ -579,11 +581,15 @@ static void audit_log_exit(struct audit_
audit_log_format(ab, " success=%s exit=%ld",
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
context->return_code);
+ if (current->signal->tty && current->signal->tty->name)
+ tty = current->signal->tty->name;
+ else
+ tty = "(none)";
audit_log_format(ab,
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
" pid=%d auid=%u uid=%u gid=%u"
" euid=%u suid=%u fsuid=%u"
- " egid=%u sgid=%u fsgid=%u",
+ " egid=%u sgid=%u fsgid=%u tty=%s",
context->argv[0],
context->argv[1],
context->argv[2],
@@ -594,7 +600,7 @@ static void audit_log_exit(struct audit_
context->uid,
context->gid,
context->euid, context->suid, context->fsuid,
- context->egid, context->sgid, context->fsgid);
+ context->egid, context->sgid, context->fsgid, tty);
audit_log_task_info(ab);
audit_log_end(ab);
More information about the Linux-audit
mailing list