OBSOLETE Patch-ID# 107117-05 Keywords: security BSM job crontab ftpd trail auditreduce praudit c2audit panic Synopsis: OBSOLETED by 106541 Date: Sep/03/99 Solaris Release: 7 SunOS Release: 5.7 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 107118 Topic: SunOS 5.7: libbsm patch ********************************************************************* NOTE: This patch may contain one or more OEM-specific platform ports. See the appropriate OEM_NOTES file within the patch for information specific to these platforms. DO NOT INSTALL this patch on an OEM system if a corresponding OEM_NOTES file is not present (or is present, but instructs not to install the patch), unless the OEM vendor directs otherwise. ********************************************************************* BugId's fixed with this patch: 4166626 4167174 4168892 4172111 4172702 4174308 4179861 4182072 4187811 4188193 4194454 4196408 4196541 4218800 Changes incorporated in this version: 4218800 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: 106832-03 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: 106541 on Nov/18/99 Files included with this patch: /etc/security/audit_class /etc/security/audit_event /kernel/sys/c2audit /kernel/sys/sparcv9/c2audit /usr/include/bsm/audit_record.h /usr/lib/libbsm.a /usr/lib/libbsm.so.1 /usr/lib/llib-lbsm /usr/lib/sparcv9/libbsm.so.1 /usr/sbin/auditreduce /usr/sbin/praudit Problem Description: 4218800 cl AUE_CLOSE close(2) events logged regardless of success or failure (from 107117-04) 4179861 au_to_arg and au_to_return disappeared Some of the libbsm interfaces were renamed (e.g. au_to_arg -> au_to_arg32). Restore old interfaces that were renamed. (from 107117-03) 4196408 details of cron command not written to audit trail (from 107117-02) 4196541 in.ftpd does not set audit characteristics for user after authentication (from 107117-01) 4188193 cron BSM records logged as unknown job (from 106832-03) 4194454 auditing to pipe causes system to panic (from 106832-02) 4187811 auditing of read or write system calls can cause system panic 4182072 praudit -l command merges output for several records into one line (from 106832-01) 4172702 system panics when ssh is used 4168892 Solaris 7 auditreduce does not work with pre-Solaris 7 audit trails 4172111 Audreduce gives random diagnostics. 4174308 auditreduce command confused of format of AUT_SOCKET token 4167174 praudit cannot process Solaris 2.6 audit trails 4166626 praudit produces core when it process record of failure event with errno > 128 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7 release, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None.