Commit a45d8853 authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Paul Moore
Browse files

netfilter: add audit table unregister actions 

Audit the action of unregistering ebtables and x_tables.

See: https://github.com/linux-audit/audit-kernel/issues/44



Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent c4dad0aa

include/linux/audit.h

+1 −0
Original line number Diff line number Diff line
@@ -97,6 +97,7 @@ struct audit_ntp_data {}; 
enum audit_nfcfgop {

	AUDIT_XT_OP_REGISTER,

	AUDIT_XT_OP_REPLACE,

	AUDIT_XT_OP_UNREGISTER,

};



extern int is_audit_feature_set(int which);

kernel/auditsc.c

+3 −2
Original line number Diff line number Diff line
@@ -138,6 +138,7 @@ struct audit_nfcfgop_tab { 
const struct audit_nfcfgop_tab audit_nfcfgs[] = {

	{ AUDIT_XT_OP_REGISTER,		"register"	},

	{ AUDIT_XT_OP_REPLACE,		"replace"	},

	{ AUDIT_XT_OP_UNREGISTER,	"unregister"	},

};



static int audit_match_perm(struct audit_context *ctx, int mask)

net/bridge/netfilter/ebtables.c

+2 −0
Original line number Diff line number Diff line
@@ -1124,6 +1124,8 @@ static void __ebt_unregister_table(struct net *net, struct ebt_table *table) 
	mutex_lock(&ebt_mutex);

	list_del(&table->list);

	mutex_unlock(&ebt_mutex);

	audit_log_nfcfg(table->name, AF_BRIDGE, table->private->nentries,

			AUDIT_XT_OP_UNREGISTER);

	EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,

			  ebt_cleanup_entry, net, NULL);

	if (table->private->nentries)

net/netfilter/x_tables.c

+2 −0
Original line number Diff line number Diff line
@@ -1472,6 +1472,8 @@ void *xt_unregister_table(struct xt_table *table) 
	private = table->private;

	list_del(&table->list);

	mutex_unlock(&xt[table->af].mutex);

	audit_log_nfcfg(table->name, table->af, private->number,

			AUDIT_XT_OP_UNREGISTER);

	kfree(table);



	return private;

CRA Git | Maintained and supported by SUSTech CRA and CCSE