On 1/10/25 5:20 PM, Zbigniew Jędrzejewski-Szmek wrote:
On Thu, Jan 02, 2025 at 01:08:38PM -0500, Steve Grubb wrote:
* Verify that audit events exist for user and group creation:
ausearch --start recent -i -m
'ADD_USER,USER_MGMT,USER_CHAUTHTOK,ROLE_ASSIGN,ROLE_REMOVE,DEL_USER,ADD_GROUP,GRP_MGMT,GRP_CHAUTHTOK,DEL_GROUP'
* Remove the package and verify audit events exist for account and group
deletion (see above ausearch command).
I submitted https://github.com/systemd/systemd/pull/35957 to add audit
log generation to systemd-sysusers.
Awesome, thanks!
This should make systemd-sysusers
match useradd/groupadd from shadow-utils wrt. to audit logs. Actually
systemd-sysusers will probably not be used, since rpm rather calls
/usr/lib/rpm/sysusers.sh, which uses useradd/groupadd. But it's probably
a desirable change in any case, and it'll make things easier if we decide
to use systemd-sysusers, either by default or as a fallback.
Given the lack of upstream reponse in the shadow-utils ticket, this may
well be the easier route. Rpm upstream prefers the script just to avoid
a systemd dependency by default, but I see no reason to stick with the
script when the real systemd-sysusers is available. (assuming the audit
stuff is added there)
- Panu -
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
