Remove AUDIT_SHELL option

The concept of logging shell commands through audit subsystem is not useful because it is too hard to configure, requires special privledges, doesn't handle background commands, and is missing the necessary information...
author: Stephen Hemminger <stephen.hemminger@vyatta.com> 2010-06-17 10:05:01 -0700
committer: Stephen Hemminger <stephen.hemminger@vyatta.com> 2010-06-17 10:14:48 -0700
commit: 6d5107b8266f06e6fdf6daf2ffc8191dbe171466 (patch)
tree: fd6833daf73acbab4dfd0e1d106099d33946d522
parent: 17e6dd57b0b329888f64491a0bfdd0c9793dd216 (diff)
download: vyatta-bash-6d5107b8266f06e6fdf6daf2ffc8191dbe171466.tar.gz
vyatta-bash-6d5107b8266f06e6fdf6daf2ffc8191dbe171466.zip
13 files changed, 6 insertions, 151 deletions
diff --git a/Makefile.in b/Makefile.in
index f792c37..421458f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -365,8 +365,6 @@ MALLOC_LIBRARY = @MALLOC_LIBRARY@
 MALLOC_LDFLAGS = @MALLOC_LDFLAGS@
 MALLOC_DEP = @MALLOC_DEP@
 
-AUDIT_LIB = @AUDIT_LIB@
-
 ALLOC_HEADERS = $(ALLOC_LIBSRC)/getpagesize.h $(ALLOC_LIBSRC)/shmalloc.h \
 		$(ALLOC_LIBSRC)/imalloc.h $(ALLOC_LIBSRC)/mstats.h \
 		$(ALLOC_LIBSRC)/table.h $(ALLOC_LIBSRC)/watch.h
diff --git a/config-bot.h b/config-bot.h
index aca6578..ffa393b 100644
--- a/config-bot.h
+++ b/config-bot.h
@@ -97,11 +97,6 @@
 #  define RESTRICTED_SHELL_NAME "rbash"
 #endif
 
-/* If the shell is called by this name, it will become audited. */
-#if defined (AUDIT_SHELL)
-#  define AUDIT_SHELL_NAME "vbash"
-#endif
-
 /***********************************************************/
 /* Make sure feature defines have necessary prerequisites. */
 /***********************************************************/
diff --git a/config.h.in b/config.h.in
index e1846a8..0ae1f1c 100644
--- a/config.h.in
+++ b/config.h.in
@@ -81,11 +81,6 @@
    flag. */
 #undef RESTRICTED_SHELL
 
-/* Define AUDIT_SHELL if you want the generated shell to audit all
-   actions performed by root account.  The shell thus generated can become
-   audited by being run with the name "vbash". */
-#undef AUDIT_SHELL
-
 /* Define DISABLED_BUILTINS if you want "builtin foo" to always run the
    shell builtin "foo", even if it has been disabled with "enable -n foo". */
 #undef DISABLED_BUILTINS
diff --git a/configure b/configure
index 9e31790..5cfe42d 100755
--- a/configure
+++ b/configure
@@ -678,7 +678,6 @@ HELPDIR
 HELPDIRDEFINE
 HELPINSTALL
 HELPSTRINGS
-AUDIT_LIB
 CC
 CFLAGS
 LDFLAGS
@@ -2468,13 +2467,6 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
 
 fi
-if test $opt_audit = yes; then
-cat >>confdefs.h <<\_ACEOF
-#define AUDIT_SHELL 1
-_ACEOF
-
-AUDIT_LIB='-laudit'
-fi
 if test $opt_process_subst = yes; then
 cat >>confdefs.h <<\_ACEOF
 #define PROCESS_SUBSTITUTION 1
@@ -2635,8 +2627,6 @@ fi
 
 
 
-
-
 echo ""
 echo "Beginning configuration for bash-$BASHVERS-$RELSTATUS for ${host_cpu}-${host_vendor}-${host_os}"
 echo ""
@@ -28375,7 +28365,6 @@ HELPDIR!$HELPDIR$ac_delim
 HELPDIRDEFINE!$HELPDIRDEFINE$ac_delim
 HELPINSTALL!$HELPINSTALL$ac_delim
 HELPSTRINGS!$HELPSTRINGS$ac_delim
-AUDIT_LIB!$AUDIT_LIB$ac_delim
 CC!$CC$ac_delim
 CFLAGS!$CFLAGS$ac_delim
 LDFLAGS!$LDFLAGS$ac_delim
@@ -28412,6 +28401,7 @@ INSTALL_DATA!$INSTALL_DATA$ac_delim
 AR!$AR$ac_delim
 RANLIB!$RANLIB$ac_delim
 YACC!$YACC$ac_delim
+YFLAGS!$YFLAGS$ac_delim
 _ACEOF
 
   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -28453,7 +28443,6 @@ _ACEOF
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
   cat >conf$$subs.sed <<_ACEOF
-YFLAGS!$YFLAGS$ac_delim
 SET_MAKE!$SET_MAKE$ac_delim
 MAKE_SHELL!$MAKE_SHELL$ac_delim
 SIZE!$SIZE$ac_delim
@@ -28510,7 +28499,7 @@ LOCAL_DEFS!$LOCAL_DEFS$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 55; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 54; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
diff --git a/configure.in b/configure.in
index 9807f68..7c1aac2 100644
--- a/configure.in
+++ b/configure.in
@@ -256,10 +256,6 @@ fi
 if test $opt_restricted = yes; then
 AC_DEFINE(RESTRICTED_SHELL)
 fi
-if test $opt_audit = yes; then
-AC_DEFINE(AUDIT_SHELL)
-AUDIT_LIB='-laudit'
-fi
 if test $opt_process_subst = yes; then
 AC_DEFINE(PROCESS_SUBSTITUTION)
 fi
@@ -361,8 +357,6 @@ AC_SUBST(HELPDIRDEFINE)
 AC_SUBST(HELPINSTALL)
 AC_SUBST(HELPSTRINGS)
 
-AC_SUBST(AUDIT_LIB)
-
 echo ""
 echo "Beginning configuration for bash-$BASHVERS-$RELSTATUS for ${host_cpu}-${host_vendor}-${host_os}"
 echo ""
diff --git a/debian/control b/debian/control
index ad32344..5efa3fe 100644
--- a/debian/control
+++ b/debian/control
@@ -4,15 +4,13 @@ Priority: optional
 Maintainer: Vyatta Package Maintainers <maintainers@vyatta.com>
 Standards-Version: 3.6.2
 Build-Depends: autoconf, patch, bison, libncurses5-dev, texinfo, autotools-dev, 
-	       debhelper (>= 4.1), texi2html, locales, libaudit-dev
+	       debhelper (>= 4.1), texi2html, locales
 Build-Depends-Indep: tetex-bin
 
 Package: vyatta-bash
 Architecture: any
 Pre-Depends: ${shlibs:Pre-Depends}
-Depends: base-files (>= 2.1.12), debianutils (>= 2.15),
- bash (>= 3.1), libaudit0
-Suggests: auditd
+Depends: base-files (>= 2.1.12), debianutils (>= 2.15), bash (>= 3.1)
 Section: shells
 Priority: optional
 Description: The Vyatta Shell based on GNU bash
diff --git a/debian/rules b/debian/rules
index 95f95bf..0ff2789 100755
--- a/debian/rules
+++ b/debian/rules
@@ -43,7 +43,6 @@ d	= debian/$(p)
 conf_args = \
 	--with-curses \
 	--disable-net-redirections \
-	--enable-audit \
 	--enable-largefile \
 	--prefix=/usr \
 	--infodir=/usr/share/info \
diff --git a/doc/bash.1 b/doc/bash.1
index 8cc22b8..fe0dba0 100644
--- a/doc/bash.1
+++ b/doc/bash.1
@@ -155,12 +155,6 @@ single-character options to be recognized.
 .PP
 .PD 0
 .TP
-.B \-\-audit
-The shell logs all commands run by the root user (see
-.SM
-.B "AUDIT SHELL"
-below).
-.TP
 .B \-\-debugger
 Arrange for the debugger profile to be executed before the shell
 starts.
@@ -8802,17 +8796,6 @@ turns off any restrictions in the shell spawned to execute the
 script.
 .\" end of rbash.1
 .if \n(zY=1 .ig zY
-.SH "AUDIT SHELL"
-.zY
-.PP
-If
-.B bash
-is started with the name
-.BR aubash ,
-or the
-.B \-\-audit
-option is supplied at invocation, the shell logs all commands issued by the root user to the audit system.
-.if \n(zY=1 .ig zY
 .SH "SEE ALSO"
 .PD 0
 .TP
diff --git a/eval.c b/eval.c
index 8c8d39c..293d177 100644
--- a/eval.c
+++ b/eval.c
@@ -45,12 +45,6 @@
 #  include "bashhist.h"
 #endif
 
-#if defined (AUDIT_SHELL)
-#  include "filecntl.h"
-#  include <libaudit.h>
-#  include <errno.h>
-#endif
-
 extern int EOF_reached;
 extern int indirection_level;
 extern int posixly_correct;
@@ -68,51 +62,13 @@ extern char *current_readline_line;
 extern int current_readline_line_index;
 #endif
 
-#if defined (AUDIT_SHELL)
-static int audit_fd = -1;
-static char *audit_tty;
-
-static int
-audit_start ()
-{
-  if (audit_fd < 0)
-    {
-      audit_fd = audit_open ();
-      if (audit_fd < 0) 
-	{
-	  if (errno != EINVAL && errno != EPROTONOSUPPORT 
-	      && errno != EAFNOSUPPORT)
-	    return -1;
-	}
-      else
-	SET_CLOSE_ON_EXEC(audit_fd);
-    }
-
-  if (audit_tty == NULL)
-    {
-      char *tty = ttyname(fileno(stdin));
-      if (tty)
-	audit_tty = strdup(tty);
-    }
-
-  return 0;
-}
-
-static void
-audit (result)
-        int result;
-{
-  audit_log_user_command (audit_fd, AUDIT_USER_CMD, current_readline_line,
-			  audit_tty, result == EXECUTION_SUCCESS);
-}
-#endif
 
 /* Read and execute commands until EOF is reached.  This assumes that
    the input source has already been initialized. */
 int
 reader_loop ()
 {
-  int our_indirection_level, result;
+  int our_indirection_level;
   COMMAND * volatile current_command;
 
   current_command = (COMMAND *)NULL;
@@ -120,11 +76,6 @@ reader_loop ()
 
   our_indirection_level = ++indirection_level;
 
-#if defined (AUDIT_SHELL)
-  if (audited && interactive_shell && audit_start () < 0)
-	  return EXECUTION_FAILURE;
-#endif
-
   while (EOF_Reached == 0)
     {
       int code;
@@ -200,10 +151,7 @@ reader_loop ()
 	      executing = 1;
 	      stdin_redir = 0;
 
-	      result = execute_command (current_command);
-#if defined (AUDIT_SHELL)
-	      audit (result);
-#endif
+	      execute_command (current_command);
 
 	    exec_done:
 	      QUIT;
diff --git a/externs.h b/externs.h
index f60d354..bc28eda 100644
--- a/externs.h
+++ b/externs.h
@@ -77,10 +77,6 @@ extern int shell_is_restricted __P((char *));
 extern int maybe_make_restricted __P((char *));
 #endif
 
-#if defined (AUDIT_SHELL)
-extern int maybe_make_audited __P((char *));
-#endif
-
 extern void unset_bash_input __P((int));
 extern void get_current_user_info __P((void));
 
diff --git a/flags.c b/flags.c
index e50d6dc..0c0868b 100644
--- a/flags.c
+++ b/flags.c
@@ -142,12 +142,6 @@ int restricted = 0;		/* currently restricted */
 int restricted_shell = 0;	/* shell was started in restricted mode. */
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-/* Non-zero means that this shell is audited. An audited shell records
-   each command that the root user executes. */
-int audited = 0;		/* shell was started in audit mode. */
-#endif /* AUDIT_SHELL */
-
 /* Non-zero means that this shell is running in `privileged' mode.  This
    is required if the shell is to run setuid.  If the `-p' option is
    not supplied at startup, and the real and effective uids or gids
diff --git a/flags.h b/flags.h
index 1ee63c8..f16e604 100644
--- a/flags.h
+++ b/flags.h
@@ -66,10 +66,6 @@ extern int restricted;
 extern int restricted_shell;
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-extern int audited;
-#endif /* AUDIT_SHELL */
-
 extern int *find_flag __P((int));
 extern int change_flag __P((int, int));
 extern char *which_set_flags __P((void));
diff --git a/shell.c b/shell.c
index 9836035..1aac510 100644
--- a/shell.c
+++ b/shell.c
@@ -236,9 +236,6 @@ struct {
 #if defined (RESTRICTED_SHELL)
   { "restricted", Int, &restricted, (char **)0x0 },
 #endif
-#if defined (AUDIT_SHELL)
-  { "audit", Int, &audited, (char **)0x0 },
-#endif
   { "verbose", Int, &echo_input_at_read, (char **)0x0 },
   { "version", Int, &do_version, (char **)0x0 },
   { "wordexp", Int, &wordexp_only, (char **)0x0 },
@@ -637,10 +634,6 @@ main (argc, argv, env)
     maybe_make_restricted (shell_name);
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-    maybe_make_audited (shell_name);
-#endif
-
   if (wordexp_only)
     {
       startup_state = 3;
@@ -1140,29 +1133,6 @@ maybe_make_restricted (name)
 }
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-/* Perhaps make this shell an `audited' one, based on NAME.  If the
-   basename of NAME is "vbash", then this shell is audited.  The
-   name of the audited shell is a configurable option, see config.h.
-   In an audited shell, all actions performed by root will be logged
-   to the audit system.
-   Do this also if `audited' is already set to 1 maybe the shell was
-   started with --audit. */
-int
-maybe_make_audited (name)
-     char *name;
-{
-  char *temp;
-
-  temp = base_pathname (name);
-  if (*temp == '-')
-    temp++;
-  if (audited || (STREQ (temp, AUDIT_SHELL_NAME)))
-    audited = 1;
-  return (audited);
-}
-#endif /* AUDIT_SHELL */
-
 /* Fetch the current set of uids and gids and return 1 if we're running
    setuid or setgid. */
 static int
author	Stephen Hemminger <stephen.hemminger@vyatta.com>	2010-06-17 10:05:01 -0700
committer	Stephen Hemminger <stephen.hemminger@vyatta.com>	2010-06-17 10:14:48 -0700
commit	6d5107b8266f06e6fdf6daf2ffc8191dbe171466 (patch)
tree	fd6833daf73acbab4dfd0e1d106099d33946d522
parent	17e6dd57b0b329888f64491a0bfdd0c9793dd216 (diff)
download	vyatta-bash-6d5107b8266f06e6fdf6daf2ffc8191dbe171466.tar.gz vyatta-bash-6d5107b8266f06e6fdf6daf2ffc8191dbe171466.zip