[Patch] Fix the bug of action "exec /path-to-script" can never be taken

chuli chul at cn.fujitsu.com
Fri Jul 25 02:26:43 UTC 2008 

Hi Mr. Steve,

  I set "space_left_action = exec /script" in /etc/audit/auditd.conf.
It is said that this parameter tells the system what action to take when
the system has detected that it is starting to get low on disk space (The
limitation of disk space size is set by space_left.) in the manual. But I
found the action "exec /script" will never be taken.

  I found an error message "Audit daemon failed to exec null" in
/var/log/messages. The filename "/script" does not be gotten by auditd,
so though the disk space size is less than the value of "space_left",
/script does not be executed.

  It has the same bug with admin_space_left_action, disk_full_action,
disk_error_action.

  Here is my patch for audit-1.7.4. What's your opinion about such 
modification?

Signed-off-by: Chu Li<chul at cn.fujitsu.com>
---
diff --git a/src/auditd-config.c b/src/auditd-config.c
index 8a81b46..a7a939e 100644
--- a/src/auditd-config.c
+++ b/src/auditd-config.c
@@ -892,17 +892,13 @@ static int space_action_parser(struct nv_pair *nv, int 
line,
 						 email_command);
 				}
 			}
-			config->space_left_action = failure_actions[i].option;
-			return 0;
-		} else if (i == FA_EXEC) {
-			if (strncasecmp(failure_actions[i].name,
-						 nv->value, 4) == 0){
+			if (failure_actions[i].option == FA_EXEC) {
 				if (check_exe_name(nv->option))
 					return 1;
 				config->space_left_exe = strdup(nv->option);
-				config->space_left_action = FA_EXEC;
-				return 0;
 			}
+			config->space_left_action = failure_actions[i].option;
+			return 0;
 		}
 	}
 	audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
@@ -1021,19 +1017,15 @@ static int admin_space_left_action_parser(struct 
nv_pair *nv, int line,
 						 email_command);
 				}
 			}
-			config->admin_space_left_action =
-						failure_actions[i].option;
-			return 0;
-		} else if (i == FA_EXEC) {
-			if (strncasecmp(failure_actions[i].name,
-							nv->value, 4) == 0){
+			if (failure_actions[i].option == FA_EXEC) {
 				if (check_exe_name(nv->option))
 					return 1;
 				config->admin_space_left_exe =
 							strdup(nv->option);
-				config->admin_space_left_action = FA_EXEC;
-				return 0;
 			}
+			config->admin_space_left_action =
+						failure_actions[i].option;
+			return 0;
 		}
 	}
 	audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
@@ -1049,25 +1041,20 @@ static int disk_full_action_parser(struct nv_pair *nv, 
int line,
 								nv->value);
 	for (i=0; failure_actions[i].name != NULL; i++) {
 		if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
-			if (failure_actions[i].option != FA_EMAIL) {
-				config->disk_full_action =
-						failure_actions[i].option;
-				return 0;
-			} else {
+			if (failure_actions[i].option == FA_EMAIL ) {
 				audit_msg(LOG_ERR,
 			"Illegal option %s for disk_full_action - line %d",
 					nv->value, line);
 				return 1;
 			}
-		} else if (i == FA_EXEC) {
-			if (strncasecmp(failure_actions[i].name,
-							nv->value, 4) == 0){
+			if (failure_actions[i].option == FA_EXEC) {
 				if (check_exe_name(nv->option))
 					return 1;
 				config->disk_full_exe = strdup(nv->option);
-				config->disk_full_action = FA_EXEC;
-				return 0;
 			}
+			config->disk_full_action =
+						failure_actions[i].option;
+			return 0;
 		}
 	}
 	audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);
@@ -1083,25 +1070,20 @@ static int disk_error_action_parser(struct nv_pair 
*nv, int line,
 								nv->value);
 	for (i=0; failure_actions[i].name != NULL; i++) {
 		if (strcasecmp(nv->value, failure_actions[i].name) == 0) {
-			if (failure_actions[i].option != FA_EMAIL) {
-				config->disk_error_action =
-						failure_actions[i].option;
-				return 0;
-			} else {
-				audit_msg(LOG_ERR,
-			"Illegal option %s for disk_error_action - line %d",
+			if (failure_actions[i].option == FA_EMAIL ) {
+				audit_msg(LOG_ERR,
+		"Illegal option %s for disk_error_action - line %d",
 					nv->value, line);
 				return 1;
 			}
-		} else if (i == FA_EXEC) {
-			if (strncasecmp(failure_actions[i].name,
-							nv->value, 4) == 0){
+			if (failure_actions[i].option == FA_EXEC) {
 				if (check_exe_name(nv->option))
 					return 1;
 				config->disk_error_exe = strdup(nv->option);
-				config->disk_error_action = FA_EXEC;
-				return 0;
 			}
+			config->disk_error_action =
+					failure_actions[i].option;
+			return 0;
 		}
 	}
 	audit_msg(LOG_ERR, "Option %s not found - line %d", nv->value, line);

Regards
Chu Li

More information about the Linux-audit mailing list