mirror of
https://gitee.com/bianbu-linux/linux-6.6
synced 2025-04-24 14:07:52 -04:00
audit: log nftables configuration change events
iptables, ip6tables, arptables and ebtables table registration, replacement and unregistration configuration events are logged for the native (legacy) iptables setsockopt api, but not for the nftables netlink api which is used by the nft-variant of iptables in addition to nftables itself. Add calls to log the configuration actions in the nftables netlink api. This uses the same NETFILTER_CFG record format but overloads the table field. type=NETFILTER_CFG msg=audit(2020-05-28 17:46:41.878:162) : table=?:0;?:0 family=unspecified entries=2 op=nft_register_gen pid=396 subj=system_u:system_r:firewalld_t:s0 comm=firewalld ... type=NETFILTER_CFG msg=audit(2020-05-28 17:46:41.878:162) : table=firewalld:1;?:0 family=inet entries=0 op=nft_register_table pid=396 subj=system_u:system_r:firewalld_t:s0 comm=firewalld ... type=NETFILTER_CFG msg=audit(2020-05-28 17:46:41.911:163) : table=firewalld:1;filter_FORWARD:85 family=inet entries=8 op=nft_register_chain pid=396 subj=system_u:system_r:firewalld_t:s0 comm=firewalld ... type=NETFILTER_CFG msg=audit(2020-05-28 17:46:41.911:163) : table=firewalld:1;filter_FORWARD:85 family=inet entries=101 op=nft_register_rule pid=396 subj=system_u:system_r:firewalld_t:s0 comm=firewalld ... type=NETFILTER_CFG msg=audit(2020-05-28 17:46:41.911:163) : table=firewalld:1;__set0:87 family=inet entries=87 op=nft_register_setelem pid=396 subj=system_u:system_r:firewalld_t:s0 comm=firewalld ... type=NETFILTER_CFG msg=audit(2020-05-28 17:46:41.911:163) : table=firewalld:1;__set0:87 family=inet entries=0 op=nft_register_set pid=396 subj=system_u:system_r:firewalld_t:s0 comm=firewalld For further information please see issue https://github.com/linux-audit/audit-kernel/issues/124 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Richard Guy Briggs
Paul Moore
parent
bbccc11bc8
commit
8e6cf365e1
3 changed files with 142 additions and 3 deletions
|
|
@ -12,6 +12,7 @@
|
|||
#include <linux/sched.h>
|
||||
#include <linux/ptrace.h>
|
||||
#include <uapi/linux/audit.h>
|
||||
#include <uapi/linux/netfilter/nf_tables.h>
|
||||
|
||||
#define AUDIT_INO_UNSET ((unsigned long)-1)
|
||||
#define AUDIT_DEV_UNSET ((dev_t)-1)
|
||||
|
|
@ -98,6 +99,23 @@ enum audit_nfcfgop {
|
|||
AUDIT_XT_OP_REGISTER,
|
||||
AUDIT_XT_OP_REPLACE,
|
||||
AUDIT_XT_OP_UNREGISTER,
|
||||
AUDIT_NFT_OP_TABLE_REGISTER,
|
||||
AUDIT_NFT_OP_TABLE_UNREGISTER,
|
||||
AUDIT_NFT_OP_CHAIN_REGISTER,
|
||||
AUDIT_NFT_OP_CHAIN_UNREGISTER,
|
||||
AUDIT_NFT_OP_RULE_REGISTER,
|
||||
AUDIT_NFT_OP_RULE_UNREGISTER,
|
||||
AUDIT_NFT_OP_SET_REGISTER,
|
||||
AUDIT_NFT_OP_SET_UNREGISTER,
|
||||
AUDIT_NFT_OP_SETELEM_REGISTER,
|
||||
AUDIT_NFT_OP_SETELEM_UNREGISTER,
|
||||
AUDIT_NFT_OP_GEN_REGISTER,
|
||||
AUDIT_NFT_OP_OBJ_REGISTER,
|
||||
AUDIT_NFT_OP_OBJ_UNREGISTER,
|
||||
AUDIT_NFT_OP_OBJ_RESET,
|
||||
AUDIT_NFT_OP_FLOWTABLE_REGISTER,
|
||||
AUDIT_NFT_OP_FLOWTABLE_UNREGISTER,
|
||||
AUDIT_NFT_OP_INVALID,
|
||||
};
|
||||
|
||||
extern int is_audit_feature_set(int which);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue