iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Richard Guy Briggs c520292f29 audit: log nftables configuration change events once per table 
Reduce logging of nftables events to a level similar to iptables.
Restore the table field to list the table, adding the generation.

Indicate the op as the most significant operation in the event.

A couple of sample events:

type=PROCTITLE msg=audit(2021-03-18 09:30:49.801:143) : proctitle=/usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
type=SYSCALL msg=audit(2021-03-18 09:30:49.801:143) : arch=x86_64 syscall=sendmsg success=yes exit=172 a0=0x6 a1=0x7ffdcfcbe650 a2=0x0 a3=0x7ffdcfcbd52c items=0 ppid=1 pid=367 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=roo
t sgid=root fsgid=root tty=(none) ses=unset comm=firewalld exe=/usr/bin/python3.9 subj=system_u:system_r:firewalld_t:s0 key=(null)
type=NETFILTER_CFG msg=audit(2021-03-18 09:30:49.801:143) : table=firewalld:2 family=ipv6 entries=1 op=nft_register_table pid=367 subj=system_u:system_r:firewalld_t:s0 comm=firewalld
type=NETFILTER_CFG msg=audit(2021-03-18 09:30:49.801:143) : table=firewalld:2 family=ipv4 entries=1 op=nft_register_table pid=367 subj=system_u:system_r:firewalld_t:s0 comm=firewalld
type=NETFILTER_CFG msg=audit(2021-03-18 09:30:49.801:143) : table=firewalld:2 family=inet entries=1 op=nft_register_table pid=367 subj=system_u:system_r:firewalld_t:s0 comm=firewalld

type=PROCTITLE msg=audit(2021-03-18 09:30:49.839:144) : proctitle=/usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
type=SYSCALL msg=audit(2021-03-18 09:30:49.839:144) : arch=x86_64 syscall=sendmsg success=yes exit=22792 a0=0x6 a1=0x7ffdcfcbe650 a2=0x0 a3=0x7ffdcfcbd52c items=0 ppid=1 pid=367 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=r
oot sgid=root fsgid=root tty=(none) ses=unset comm=firewalld exe=/usr/bin/python3.9 subj=system_u:system_r:firewalld_t:s0 key=(null)
type=NETFILTER_CFG msg=audit(2021-03-18 09:30:49.839:144) : table=firewalld:3 family=ipv6 entries=30 op=nft_register_chain pid=367 subj=system_u:system_r:firewalld_t:s0 comm=firewalld
type=NETFILTER_CFG msg=audit(2021-03-18 09:30:49.839:144) : table=firewalld:3 family=ipv4 entries=30 op=nft_register_chain pid=367 subj=system_u:system_r:firewalld_t:s0 comm=firewalld
type=NETFILTER_CFG msg=audit(2021-03-18 09:30:49.839:144) : table=firewalld:3 family=inet entries=165 op=nft_register_chain pid=367 subj=system_u:system_r:firewalld_t:s0 comm=firewalld

The issue was originally documented in
https://github.com/linux-audit/audit-kernel/issues/124

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-03-31 22:34:11 +02:00
..
6lowpan
6lowpan: Fix some typos in nhc_udp.c
2021-03-24 17:52:11 -07:00
9p
net: 9p: Correct function names in the kerneldoc comments
2021-03-28 17:56:56 -07:00
802
8021q
net: bridge: resolve forwarding path for VLAN tag actions in bridge devices
2021-03-24 12:48:38 -07:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-02-12 16:40:28 -08:00
atm
net: atm: pppoatm: use new API for wakeup tasklet
2021-01-29 18:24:05 -08:00
ax25
net: ax25: Fix fall-through warnings for Clang
2021-03-10 12:45:15 -08:00
batman-adv
mld: convert ifmcaddr6 to RCU
2021-03-26 15:14:56 -07:00
bluetooth
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kern
2021-02-11 14:59:01 -08:00
bpf
bpf: Add PROG_TEST_RUN support for sk_lookup programs
2021-03-04 19:11:29 -08:00
bpfilter
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
bridge
netfilter: nf_log_bridge: merge with nf_log_syslog
2021-03-31 22:34:05 +02:00
caif
net: caif: Use netif_rx_any_context().
2021-02-15 13:21:48 -08:00
can
can: isotp: tx-path: zero initialize outgoing CAN frames
2021-03-20 20:21:35 +01:00
ceph
net: ceph: Fix a typo in osdmap.c
2021-03-25 17:05:07 -07:00
core
net: core: Correct function name netevent_unregister_notifier() in the kerneldoc
2021-03-28 17:56:56 -07:00
dcb
net: dcb: use obj-$(CONFIG_DCB) form in net/Makefile
2021-01-27 17:03:52 -08:00
dccp
ipv6: weaken the v4mapped source check
2021-03-18 11:19:23 -07:00
decnet
net: decnet: Fix a typo in dn_nsp_in.c
2021-03-25 17:05:07 -07:00
dns_resolver
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
dsa
net: dsa: Fix a typo in tag_rtl4_a.c
2021-03-25 17:05:08 -07:00
ethernet
ethernet: avoid retpoline overhead on TEB (GENEVE, NvGRE, VxLAN) GRO
2021-03-18 19:51:12 -07:00
ethtool
ethtool: fec: fix FEC_NONE check
2021-03-26 15:09:45 -07:00
hsr
/net/hsr: fix misspellings using codespell tool
2021-03-18 19:13:41 -07:00
ieee802154
treewide: rename nla_strlcpy to nla_strscpy.
2020-11-16 08:08:54 -08:00
ife
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
ipv4
netfilter: nf_log_arp: merge with nf_log_syslog
2021-03-31 00:37:27 +02:00
ipv6
netfilter: nf_log_ipv6: merge with nf_log_syslog
2021-03-31 00:37:27 +02:00
iucv
iucv: af_iucv.c: Couple of typo fixes
2021-03-28 17:31:13 -07:00
kcm
kcm: kcmsock.c: Couple of typo fixes
2021-03-28 17:31:13 -07:00
key
af_key: relax availability checks for skb size calculation
2021-01-04 10:05:50 +01:00
l2tp
net: l2tp: Fix a typo
2021-03-22 13:17:49 -07:00
l3mdev
l3mdev: Correct function names in the kerneldoc comments
2021-03-28 17:56:55 -07:00
lapb
net: lapb: Make "lapb_t1timer_running" able to detect an already running timer
2021-03-23 14:14:50 -07:00
llc
llc: llc_core.c: COuple of typo fixes
2021-03-28 17:31:13 -07:00
mac80211
mac80211: cfg.c: A typo fix
2021-03-28 17:31:13 -07:00
mac802154
net: mac802154: convert tasklets to use new tasklet_setup() API
2020-11-07 10:40:56 -08:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-09 16:12:20 -08:00
mptcp
mptcp: subflow.c: Fix a typo
2021-03-28 17:31:13 -07:00
ncsi
ncsi: internal.h: Fix a spello
2021-03-28 17:31:13 -07:00
netfilter
audit: log nftables configuration change events once per table
2021-03-31 22:34:11 +02:00
netlabel
netlabel: Correct function name netlbl_mgmt_add() in the kerneldoc comments
2021-03-28 17:56:55 -07:00
netlink
mptcp: avoid lock_fast usage in accept path
2021-02-12 16:31:46 -08:00
netrom
nfc
NFC: digital: Correct function name in the kerneldoc comments
2021-03-28 17:56:56 -07:00
nsh
openvswitch
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-03-25 15:31:22 -07:00
packet
net/packet: Fix a typo in af_packet.c
2021-03-24 17:52:11 -07:00
phonet
psample
psample: Add additional metadata attributes
2021-03-14 15:00:43 -07:00
qrtr
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
2021-03-14 14:28:22 -07:00
rds
net: rds: Fix a typo
2021-03-28 17:52:50 -07:00
rfkill
rfkill: add a reason to the HW rfkill state
2020-12-11 12:47:17 +01:00
rose
net: rose: Fix fall-through warnings for Clang
2021-03-10 12:45:15 -08:00
rxrpc
rxrpc: Fix dependency on IPv6 in udp tunnel config
2021-02-12 16:42:05 -08:00
sched
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-03-25 15:31:22 -07:00
sctp
net: sctp: Fix some typos
2021-03-28 17:52:50 -07:00
smc
net/smc: use memcpy instead of snprintf to avoid out of bounds read
2021-01-12 20:22:01 -08:00
strparser
sunrpc
Miscellaneous NFSD fixes for v5.12-rc.
2021-03-16 10:22:50 -07:00
switchdev
net: bridge: propagate extack through switchdev_port_attr_set
2021-02-14 17:38:11 -08:00
tipc
tipc: fix htmldoc and smatch warnings
2021-03-29 16:28:50 -07:00
tls
net/tls: Fix a typo in tls_device.c
2021-03-24 17:52:11 -07:00
unix
af_unix: handle idmapped mounts
2021-01-24 14:27:18 +01:00
vmw_vsock
net: vsock: Fix a typo
2021-03-28 17:52:51 -07:00
wireless
reg.c: Fix a spello
2021-03-28 17:31:14 -07:00
x25
af_x25.c: Fix a spello
2021-03-28 17:31:13 -07:00
xdp
bpf, xdp: Restructure redirect actions
2021-03-10 01:06:34 +01:00
xfrm
xfrm_user.c: Added a punctuation
2021-03-28 17:31:14 -07:00
compat.c
iov_iter: transparently handle compat iovecs in import_iovec
2020-10-03 00:02:13 -04:00
devres.c
Kconfig
net: add CONFIG_PCPU_DEV_REFCNT
2021-03-19 13:38:46 -07:00
Makefile
net: l3mdev: use obj-$(CONFIG_NET_L3_MASTER_DEV) form in net/Makefile
2021-01-27 17:03:52 -08:00
socket.c
net: Fix a misspell in socket.c
2021-03-25 16:56:27 -07:00
sysctl_net.c