OBSOLETE Patch-ID# 108876-13 Keywords: security umount2 audit c2audit audit_event TPI M_PROTO T_DISCON_IND Synopsis: Obsoleted by: 109008-10 SunOS 5.8_x86: c2audit patch Date: Jan/27/2003 Install Requirements: Reboot after installation Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 108875 Topic: SunOS 5.8_x86: c2audit patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 1253973 4132950 4224166 4290575 4307306 4308525 4311626 4322741 4325997 4331401 4336689 4336959 4339611 4344275 4349180 4353965 4457028 4499864 4525250 4712958 4761401 Changes incorporated in this version: 4457028 4499864 4712958 4761401 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: 109008-10 Files included with this patch: /etc/security/audit_event /etc/security/bsmconv /kernel/sys/c2audit /usr/include/bsm/audit_kevents.h /usr/lib/abi/abi_libbsm.so.1 /usr/lib/libbsm.a /usr/lib/libbsm.so /usr/lib/libbsm.so.1 /usr/lib/llib-lbsm /usr/lib/llib-lbsm.ln /usr/sbin/auditconfig /usr/sbin/auditd Problem Description: 4457028 c2_bsm and cron are not working together 4712958 c2_bsm should handle at-jobs spawned by unaudited user 4499864 aug_save_tid_ex does not check for a type IP address type 4761401 auditconfig -setaudit doesn't work on Solaris 8 (from 108876-12) 4132950 no AUE_inetd_connect records recorded. 4311626 na masks in audit_control are not set at system boot (from 108876-11) 4525250 Certain security relevant system calls are not auditable. (from 108876-10) 4331401 segmentation violation in au_user_mask() (from 108876-09) 4349180 praudit on Solaris 8 cannot print audit log files produced by auditd on Solaris8 1253973 bsm does not audit write or writev system calls (from 108876-08) 4353965 CDE logout / exit fails with Tooltalk message (from 108876-07) 4339611 BSM does not work with some of the option. 4344275 64 bit problem with libbsm audit_class.c (from 108876-06) 4336689 typo's in /etc/security/audit_event 4336959 audit record ID's incorrect for xmknod, xstat, lxstat (from 108876-05) 4325997 BSM lacks hooks to support administrator authentication (from 108876-04) 4307306 stopping c2 auditing does not always stop auditing in the kernel (from 108876-03) 4322741 Recent change to sonode structure needlessly breaks lsof (from 108876-02) 4224166 TPI messages get flushed if 3rd party module processes M_PROTO in service procedure 4290575 2nd connect() to determine status of non-blocking connect sends extra Syn (from 108876-01) 4308525 The umount2 system call is not audited Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: To get the complete fix for 4224166 (TPI messages get flushed if 3rd party module processes), one needs to install the following patches: 109044-01 (or newer) sonode adb macro patch 109042-01 (or newer) sockfs patch 109046-01 (or newer) /usr/sbin/i86/crash patch NOTE 2: To get the complete fix for bug 4132950 (no AUE_inetd_connect records recorded.) please install the following patch: 111625-03 (or newer) inetd patch README -- Last modified date: Thursday, February 27, 2003