Fixed
Created: May 17, 2021
Updated: Oct 22, 2021
Resolved Date: Oct 22, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.6
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
1) setup.sh
--machine xilinx-zynqmp --dl-layers --distro wrlinux-cgl --templates feature/LAMP feature/ipv6 feature/krb5 feature/lttng feature/mariadb feature/nfsd feature/ntp feature/package-management feature/software-entropy feature/sysklogd feature/system-stats feature/target-toolchain feature/tcpslice feature/tensorflow --layers meta-filesystems meta-security-compliance meta-tensorflow meta-virtualization --dl-layers
2) . ./environment-setup-x86_64-wrlinuxsdk-linux
. ./oe-init-build-env
3) modify local.conf
IMAGE_INSTALL_append += " audit"
4) bitbake lib32-wrlinux-image-glibc-cgl
5) boot the target
6) run the commands per the problem description.
root@xilinx-zynqmp:~# file -L /bin/systemctl
/bin/systemctl: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=7f9c89e3365b2dc5555176d9a628c595095eefd9, for GNU/Linux 3.2.0, stripped
root@xilinx-zynqmp:~# uname -a
Linux xilinx-zynqmp 5.4.90-yocto-standard #1 SMP PREEMPT Mon Jan 18 22:39:54 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
root@xilinx-zynqmp:~# systemctl status auditd
auditd.service - Security Auditing Service
Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-01-20 02:13:01 UTC; 25min ago
Process: 3692 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, st>
Main PID: 3691 (auditd)
Tasks: 2 (limit: 4410)
Memory: 740.0K
CGroup: /system.slice/auditd.service
3691 /sbin/auditd -n
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: backlog_wait_time 0
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: enabled 1
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: failure 1
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: pid 0
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: rate_limit 0
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: backlog_limit 8192
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: lost 0
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: backlog 0
Jan 20 02:13:01 xilinx-zynqmp auditctl[3692]: backlog_wait_time 0
Jan 20 02:13:01 xilinx-zynqmp systemd[1]: Started Security Auditing Service.
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~# cat /etc/audit/audit.rules
-D
-b 320
-f 1
-e 1
-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat -F exit=-EACCES -F key=TEST-access
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~# systemctl restart auditd
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~# auditctl -l
-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat -F exit=-EACCES -F key=TEST-access
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~# echo > /var/log/audit/audit.log
root@xilinx-zynqmp:~# useradd -U test1
root@xilinx-zynqmp:~# passwd test1
New password:
Retype new password:
passwd: password updated successfully
root@xilinx-zynqmp:~# touch /root/file
root@xilinx-zynqmp:~# chmod o-r /root/file
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~# ls -l /root/file
-rw-r----- 1 root root 0 Jan 20 02:31 /root/file
root@xilinx-zynqmp:~# su test1
test1@xilinx-zynqmp:/root$ cat /root/file
cat: /root/file: Permission denied
test1@xilinx-zynqmp:/root$ exit
exit
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~#
root@xilinx-zynqmp:~# ausearch -k TEST-access | grep success
type=SYSCALL msg=audit(1611110715.887:582): arch=40000028 syscall=322 success=yes exit=4294967283 a0=ffffff9c a1=ffb5fec8 a2=a0000 a3=0 items=1 ppid=1473 pid=3871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-userwor" exe="/lib/systemd/systemd-userwork" key="TEST-access"
type=SYSCALL msg=audit(1611110730.451:583): arch=40000028 syscall=322 success=yes exit=4294967283 a0=ffffff9c a1=ffd8c1f8 a2=a0000 a3=0 items=1 ppid=1473 pid=3874 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-userwor" exe="/lib/systemd/systemd-userwork" key="TEST-access"
type=SYSCALL msg=audit(1611110730.451:584): arch=40000028 syscall=322 success=yes exit=4294967283 a0=ffffff9c a1=ffc3cdf8 a2=a0000 a3=0 items=1 ppid=1473 pid=3873 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-userwor" exe="/lib/systemd/systemd-userwork" key="TEST-access"
type=SYSCALL msg=audit(1611110730.499:585): arch=40000028 syscall=322 success=yes exit=4294967283 a0=ffffff9c a1=ffe35e14 a2=20000 a3=0 items=1 ppid=3872 pid=3875 auid=0 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=6 comm="cat" exe="/bin/cat.coreutils" key="TEST-access"
root@xilinx-zynqmp:~# ausearch -k TEST-access | grep success=no
root@xilinx-zynqmp:~#
1) setup.sh
--machine xilinx-zynqmp --dl-layers --distro wrlinux-cgl --templates feature/LAMP feature/ipv6 feature/krb5 feature/lttng feature/mariadb feature/nfsd feature/ntp feature/package-management feature/software-entropy feature/sysklogd feature/system-stats feature/target-toolchain feature/tcpslice feature/tensorflow --layers meta-filesystems meta-security-compliance meta-tensorflow meta-virtualization --dl-layers
2) . ./environment-setup-x86_64-wrlinuxsdk-linux
. ./oe-init-build-env
3) modify local.conf
IMAGE_INSTALL_append += " audit"
4) bitbake lib32-wrlinux-image-glibc-cgl
5) boot the target
6) run the commands per the problem description.
