* Found (and fixed) ausearch checkpoint bug
@ 2018-12-22 23:01 Burn Alting
2018-12-26 15:23 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Burn Alting @ 2018-12-22 23:01 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 1119 bytes --]
When running ausearch against a single file with the --checkpoint option, the file's
device number and inode are not recorded in the resultant checkpoint file.
That is for the most recent released audit package
[root@auditdtest audit-userspace]# rpm -q audit
audit-3.0-0.5.20181218gitbdb72c0.fc29.x86_64
We see the error via
[root@auditdtest audit-userspace]# rm -f /tmp/checkpoint.txt; ausearch --input
/var/log/audit/audit.log.2 --checkpoint /tmp/checkpoint.txt > /dev/null; cat
/tmp/checkpoint.txt
dev=0x0
inode=0
output=auditdtest.auditd.test.dom 1545477871.508:116403 0x514
Which is incorrect. The following is correct.
[root@auditdtest audit-userspace]# rm -f
/tmp/checkpoint.txt; ./src/.libs/ausearch --input /var/log/audit/audit.log.2 --
checkpoint /tmp/checkpoint.txt > /dev/null; cat /tmp/checkpoint.txt
dev=0xFD00
inode=25326469
output=auditdtest.auditd.test.dom 1545477871.508:116403 0x514
[root@auditdtest audit-userspace]#
A Pull Request with the fix has been submitted on github -
https://github.com/linux-audit/audit-userspace/pull/77
Regards
Burn
[-- Attachment #1.2: Type: text/html, Size: 1801 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Found (and fixed) ausearch checkpoint bug
2018-12-22 23:01 Found (and fixed) ausearch checkpoint bug Burn Alting
@ 2018-12-26 15:23 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2018-12-26 15:23 UTC (permalink / raw)
To: linux-audit, burn
On Saturday, December 22, 2018 6:01:43 PM EST Burn Alting wrote:
> When running ausearch against a single file with the --checkpoint option,
> the file's device number and inode are not recorded in the resultant
> checkpoint file.
>
> That is for the most recent released audit package
> [root@auditdtest audit-userspace]# rpm -q audit
> audit-3.0-0.5.20181218gitbdb72c0.fc29.x86_64
>
> We see the error via
> [root@auditdtest audit-userspace]# rm -f /tmp/checkpoint.txt; ausearch
> --input /var/log/audit/audit.log.2 --checkpoint /tmp/checkpoint.txt >
> /dev/null; cat /tmp/checkpoint.txt
> dev=0x0
> inode=0
> output=auditdtest.auditd.test.dom 1545477871.508:116403 0x514
>
> Which is incorrect. The following is correct.
> [root@auditdtest audit-userspace]# rm -f
> /tmp/checkpoint.txt; ./src/.libs/ausearch --input
> /var/log/audit/audit.log.2 -- checkpoint /tmp/checkpoint.txt > /dev/null;
> cat /tmp/checkpoint.txt dev=0xFD00
> inode=25326469
> output=auditdtest.auditd.test.dom 1545477871.508:116403 0x514
> [root@auditdtest audit-userspace]#
>
> A Pull Request with the fix has been submitted on github -
> https://github.com/linux-audit/audit-userspace/pull/77
Thanks for finding this and submitting the pull request. It has been applied
to both branches.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-12-26 15:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-12-22 23:01 Found (and fixed) ausearch checkpoint bug Burn Alting
2018-12-26 15:23 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox