From 6996c6f50321637d43602cb4b4d0e4b30ec6f65c Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Jan 22 2018 11:58:09 +0000 Subject: Do not audit passsword authentication, if handled by PAM and avoid auditing none auth method (not acually a method) --- diff --git a/openssh-7.6p1-audit.patch b/openssh-7.6p1-audit.patch index fc370a6..d529601 100644 --- a/openssh-7.6p1-audit.patch +++ b/openssh-7.6p1-audit.patch @@ -518,7 +518,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c } void -@@ -102,25 +231,154 @@ audit_event(ssh_audit_event_t event) +@@ -102,25 +231,155 @@ audit_event(ssh_audit_event_t event) struct ssh *ssh = active_state; /* XXX */ switch(event) { @@ -532,9 +532,11 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c + linux_audit_user_logxxx(-1, audit_username(), + ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN); break; -+ case SSH_LOGIN_EXCEED_MAXTRIES: - case SSH_AUTH_FAIL_NONE: +- case SSH_AUTH_FAIL_NONE: case SSH_AUTH_FAIL_PASSWD: ++ if (options.use_pam) ++ break; ++ case SSH_LOGIN_EXCEED_MAXTRIES: case SSH_AUTH_FAIL_KBDINT: case SSH_AUTH_FAIL_PUBKEY: case SSH_AUTH_FAIL_HOSTBASED: