netfilter: add audit table unregister actions
Audit the action of unregistering ebtables and x_tables. See: https://github.com/linux-audit/audit-kernel/issues/44 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
c4dad0aab3
commit
a45d88530b
|
@ -97,6 +97,7 @@ struct audit_ntp_data {};
|
||||||
enum audit_nfcfgop {
|
enum audit_nfcfgop {
|
||||||
AUDIT_XT_OP_REGISTER,
|
AUDIT_XT_OP_REGISTER,
|
||||||
AUDIT_XT_OP_REPLACE,
|
AUDIT_XT_OP_REPLACE,
|
||||||
|
AUDIT_XT_OP_UNREGISTER,
|
||||||
};
|
};
|
||||||
|
|
||||||
extern int is_audit_feature_set(int which);
|
extern int is_audit_feature_set(int which);
|
||||||
|
|
|
@ -136,8 +136,9 @@ struct audit_nfcfgop_tab {
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct audit_nfcfgop_tab audit_nfcfgs[] = {
|
const struct audit_nfcfgop_tab audit_nfcfgs[] = {
|
||||||
{ AUDIT_XT_OP_REGISTER, "register" },
|
{ AUDIT_XT_OP_REGISTER, "register" },
|
||||||
{ AUDIT_XT_OP_REPLACE, "replace" },
|
{ AUDIT_XT_OP_REPLACE, "replace" },
|
||||||
|
{ AUDIT_XT_OP_UNREGISTER, "unregister" },
|
||||||
};
|
};
|
||||||
|
|
||||||
static int audit_match_perm(struct audit_context *ctx, int mask)
|
static int audit_match_perm(struct audit_context *ctx, int mask)
|
||||||
|
|
|
@ -1124,6 +1124,8 @@ static void __ebt_unregister_table(struct net *net, struct ebt_table *table)
|
||||||
mutex_lock(&ebt_mutex);
|
mutex_lock(&ebt_mutex);
|
||||||
list_del(&table->list);
|
list_del(&table->list);
|
||||||
mutex_unlock(&ebt_mutex);
|
mutex_unlock(&ebt_mutex);
|
||||||
|
audit_log_nfcfg(table->name, AF_BRIDGE, table->private->nentries,
|
||||||
|
AUDIT_XT_OP_UNREGISTER);
|
||||||
EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
|
EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
|
||||||
ebt_cleanup_entry, net, NULL);
|
ebt_cleanup_entry, net, NULL);
|
||||||
if (table->private->nentries)
|
if (table->private->nentries)
|
||||||
|
|
|
@ -1472,6 +1472,8 @@ void *xt_unregister_table(struct xt_table *table)
|
||||||
private = table->private;
|
private = table->private;
|
||||||
list_del(&table->list);
|
list_del(&table->list);
|
||||||
mutex_unlock(&xt[table->af].mutex);
|
mutex_unlock(&xt[table->af].mutex);
|
||||||
|
audit_log_nfcfg(table->name, table->af, private->number,
|
||||||
|
AUDIT_XT_OP_UNREGISTER);
|
||||||
kfree(table);
|
kfree(table);
|
||||||
|
|
||||||
return private;
|
return private;
|
||||||
|
|
Loading…
Reference in New Issue