* [Patch] Fix the bug of action "exec /path-to-script" can never be taken
@ 2008-07-25 2:26 chuli
2008-07-25 20:02 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: chuli @ 2008-07-25 2:26 UTC (permalink / raw)
To: 'Steve Grubb'; +Cc: 'linux-audit'
Hi Mr. Steve,
I set "space_left_action = exec /script" in /etc/audit/auditd.conf.
It is said that this parameter tells the system what action to take when
the system has detected that it is starting to get low on disk space (The
limitation of disk space size is set by space_left.) in the manual. But I
found the action "exec /script" will never be taken.
I found an error message "Audit daemon failed to exec null" in
/var/log/messages. The filename "/script" does not be gotten by auditd,
so though the disk space size is less than the value of "space_left",
/script does not be executed.
It has the same bug with admin_space_left_action, disk_full_action,
disk_error_action.
Here is my patch for audit-1.7.4. What's your opinion about such
modification?
Signed-off-by: Chu Li<chul@cn.fujitsu.com>
---
diff --git a/src/auditd-config.c b/src/auditd-config.c
index 8a81b46..a7a939e 100644
--- a/src/auditd-config.c
+++ b/src/auditd-config.c
@@ -892,17 +892,13 @@ static int space_action_parser(struct nv_pair *nv, int
line,
email_command);
}
}
- config->space_left_action = failure_actions[i].option;
- return 0;
- } else if (i == FA_EXEC) {
- if (strncasecmp(failure_actions[i].name,
- nv->value, 4) == 0){
+ if (failure_actions[i].option == FA_EXEC) {
if (check_exe_name(nv->option))
return 1;
config->space_left_exe = strdup(nv->option);
- config->space_left_action = FA_EXEC;
- return 0;
}
+ config->space_left_action = failure_actions[i].option;
+ return 0;
}
}
audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
@@ -1021,19 +1017,15 @@ static int admin_space_left_action_parser(struct
nv_pair *nv, int line,
email_command);
}
}
- config->admin_space_left_action =
- failure_actions[i].option;
- return 0;
- } else if (i == FA_EXEC) {
- if (strncasecmp(failure_actions[i].name,
- nv->value, 4) == 0){
+ if (failure_actions[i].option == FA_EXEC) {
if (check_exe_name(nv->option))
return 1;
config->admin_space_left_exe =
strdup(nv->option);
- config->admin_space_left_action = FA_EXEC;
- return 0;
}
+ config->admin_space_left_action =
+ failure_actions[i].option;
+ return 0;
}
}
audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
@@ -1049,25 +1041,20 @@ static int disk_full_action_parser(struct nv_pair *nv,
int line,
nv->value);
for (i=0; failure_actions[i].name != NULL; i++) {
if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
- if (failure_actions[i].option != FA_EMAIL) {
- config->disk_full_action =
- failure_actions[i].option;
- return 0;
- } else {
+ if (failure_actions[i].option == FA_EMAIL ) {
audit_msg(LOG_ERR,
"Illegal option %s for disk_full_action - line %d",
nv->value, line);
return 1;
}
- } else if (i == FA_EXEC) {
- if (strncasecmp(failure_actions[i].name,
- nv->value, 4) == 0){
+ if (failure_actions[i].option == FA_EXEC) {
if (check_exe_name(nv->option))
return 1;
config->disk_full_exe = strdup(nv->option);
- config->disk_full_action = FA_EXEC;
- return 0;
}
+ config->disk_full_action =
+ failure_actions[i].option;
+ return 0;
}
}
audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
@@ -1083,25 +1070,20 @@ static int disk_error_action_parser(struct nv_pair
*nv, int line,
nv->value);
for (i=0; failure_actions[i].name != NULL; i++) {
if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
- if (failure_actions[i].option != FA_EMAIL) {
- config->disk_error_action =
- failure_actions[i].option;
- return 0;
- } else {
- audit_msg(LOG_ERR,
- "Illegal option %s for disk_error_action - line %d",
+ if (failure_actions[i].option == FA_EMAIL ) {
+ audit_msg(LOG_ERR,
+ "Illegal option %s for disk_error_action - line %d",
nv->value, line);
return 1;
}
- } else if (i == FA_EXEC) {
- if (strncasecmp(failure_actions[i].name,
- nv->value, 4) == 0){
+ if (failure_actions[i].option == FA_EXEC) {
if (check_exe_name(nv->option))
return 1;
config->disk_error_exe = strdup(nv->option);
- config->disk_error_action = FA_EXEC;
- return 0;
}
+ config->disk_error_action =
+ failure_actions[i].option;
+ return 0;
}
}
audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
Regards
Chu Li
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Patch] Fix the bug of action "exec /path-to-script" can never be taken
2008-07-25 2:26 [Patch] Fix the bug of action "exec /path-to-script" can never be taken chuli
@ 2008-07-25 20:02 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2008-07-25 20:02 UTC (permalink / raw)
To: chuli; +Cc: 'linux-audit'
On Thursday 24 July 2008 22:26:43 chuli wrote:
> I found an error message "Audit daemon failed to exec null" in
> /var/log/messages.
>
> It has the same bug with admin_space_left_action, disk_full_action,
> disk_error_action.
>
> Here is my patch for audit-1.7.4. What's your opinion about such
> modification?
Good catch. Patch is applied.
Thanks,
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-07-25 20:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-25 2:26 [Patch] Fix the bug of action "exec /path-to-script" can never be taken chuli
2008-07-25 20:02 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox