# # spec file for package audit-secondary # # Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %bcond_without python2 %bcond_without python3 # This package contains all audit functionality except for audit-libs. # The seperation is required to minimize unnecessary build cycles. %define _name audit Name: audit-secondary Version: 3.0.9 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later Group: System/Monitoring URL: https://people.redhat.com/sgrubb/audit/ Source0: https://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Source1: system-group-audit.conf Patch1: audit-plugins-path.patch Patch2: audit-no-gss.patch Patch3: audit-allow-manual-stop.patch Patch4: audit-ausearch-do-not-require-tclass.patch Patch5: change-default-log_group.patch Patch6: libev-werror.patch Patch7: harden_auditd.service.patch Patch8: change-default-log_format.patch Patch9: fix-hardened-service.patch Patch10: enable-stop-rules.patch Patch11: create-augenrules-service.patch Patch12: audit-userspace-517-compat.patch Patch13: auditd.service-fix-plugin-termination.patch BuildRequires: audit-devel = %{version} BuildRequires: autoconf >= 2.12 BuildRequires: kernel-headers >= 2.6.30 BuildRequires: libtool BuildRequires: openldap2-devel BuildRequires: pkgconfig %if %{with python2} BuildRequires: python2-devel %endif %if %{with python3} BuildRequires: python3-devel %endif BuildRequires: swig BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools BuildRequires: tcpd-devel BuildRequires: pkgconfig(libcap-ng) Provides: bundled(libev) = 4.33 %description The audit package contains the user space utilities for storing and processing the records generated by the audit subsystem in the Linux kernel. %package -n audit Summary: User Space Tools for Kernel Auditing License: LGPL-2.1-or-later Group: System/Monitoring Requires: %{_name}-libs = %{version} Requires: coreutils Requires: group(audit) %{?systemd_ordering} %description -n audit The audit package contains the user space utilities for storing and processing the audit records generated by the audit subsystem in the Linux kernel. %package -n system-group-audit Summary: System group 'audit' License: LGPL-2.1-or-later Group: System/Fhs %sysusers_requires %description -n system-group-audit This package contains the system group 'audit' for read access to logs. %package -n python2-audit Summary: Python Bindings for libaudit License: LGPL-2.1-or-later Group: Development/Languages/Python Provides: audit-libs-python = %{version} Obsoletes: audit-libs-python < %{version} %description -n python2-audit The audit-libs-python package contains the bindings for using libaudit by python. %package -n python3-audit Summary: Python3 Bindings for libaudit License: LGPL-2.1-or-later Group: Development/Languages/Python Provides: audit-libs-python3 = %{version} Obsoletes: audit-libs-python3 < %{version} %description -n python3-audit The audit-libs-python3 package contains the bindings for using libaudit by python3. %package -n audit-audispd-plugins Summary: Default plugins for the audit dispatcher License: GPL-2.0-or-later Group: System/Monitoring %description -n audit-audispd-plugins The audit-audispd-plugins package contains plugin components for the audit dispatcher (audispd). %prep # remove selinux policy rm -rf audisp/plugins/zos-remote/policy # we don't build prelude rm -rf audisp/plugins/prelude %autosetup -p1 -n %{_name}-%{version} %if %{without python2} && %{with python3} # Fix python env call in tests if we only have Python3. # If both versions are present, python2 bindings are preferred by the tests and # unconditionally using /usr/bin/python3 breaks the tests # Probably the correct solution is to run the tests twice if both are present. perl -i -lpe 's{#!/usr/bin/env python\S+}{#!/usr/bin/python3}' auparse/test/auparse_test.py %endif %build autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" export LDFLAGS="-Wl,-z,relro,-z,now" # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch %configure \ %ifarch aarch64 --with-aarch64 \ %endif %ifarch arm --with-arm \ %endif --enable-systemd \ --libexecdir=%{_libexecdir}/%{_name} \ --with-apparmor \ --with-libwrap \ --with-libcap-ng=yes \ --disable-static \ %{?_with_python3} \ %{?_without_python} %make_build %sysusers_generate_pre %{SOURCE1} audit system-group-audit.conf %install %make_install mkdir -p %{buildroot}%{_localstatedir}/log/audit/ touch %{buildroot}%{_localstatedir}/log/audit/audit.log mkdir -p %{buildroot}%{_localstatedir}/spool/audit/ mkdir -p %{buildroot}%{_sysusersdir} install -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/ # For ghost below, so that old location files will still be there when # post copy runs mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/ mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/rules.d/ touch %{buildroot}%{_sysconfdir}/{auditd.conf,audit.rules} %{buildroot}%{_sysconfdir}/audit/auditd.conf # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec %{buildroot}%{_sysconfdir}/libaudit.conf # Starting with audit 2.5 no config is installed so start with no rules install -m 0644 rules/10-no-audit.rules %{buildroot}%{_sysconfdir}/%{_name}/rules.d/audit.rules # delete redhat scripts, use ours rm -rf %{buildroot}%{_sysconfdir}/sysconfig/auditd rm -rf %{buildroot}%{_initddir}/auditd rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d # delete redhat systemd legacy scripts, our systemd doesn't support the feature # https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html rm -rf %{buildroot}%{_libexecdir}/audit # Clean up some unneeded library files rm -f %{buildroot}/%{_libdir}/python*/site-packages/{_audit,_auparse,auparse}.{a,la} rm -rf %{buildroot}/%{_libdir}/python*/site-packages/__pycache__ # cleanup makefiles for the rules (installed by %%docs command) rm -f %{buildroot}/%{_libdir}/pkgconfig/{audit,auparse}.pc # cleanup files handled by audit.spec rm -rf %{buildroot}/%{_datadir}/aclocal/ rm -rf %{buildroot}/%{_includedir} rm -f %{buildroot}/%{_libdir}/lib{audit,auparse}.* rm -f %{buildroot}%{_sysconfdir}/libaudit.conf rm -f %{buildroot}/%{_mandir}/man5/libaudit.conf.5 rm -rf %{buildroot}/%{_mandir}/man3 # Cleanup plugins #USR-MERGE %if 0%{?suse_version} < 1550 mkdir %{buildroot}/sbin/ for prog in auditctl auditd ausearch autrace aureport augenrules; do ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog done %endif #END-USR-MERGE # rcauditd symlink ln -s service %{buildroot}%{_sbindir}/rcauditd chmod 0644 %{buildroot}%{_unitdir}/auditd.service chmod 0644 %{buildroot}%{_unitdir}/augenrules.service %check %make_build check %post -n audit # Save existing audit files if any (from old locations) if [ -f %{_sysconfdir}/auditd.conf ]; then mv %{_sysconfdir}/audit/auditd.conf %{_sysconfdir}/audit/auditd.conf.new mv %{_sysconfdir}/auditd.conf %{_sysconfdir}/audit/auditd.conf fi if [ -f %{_sysconfdir}/audit.rules ]; then mv %{_sysconfdir}/audit.rules %{_sysconfdir}/audit/audit.rules elif [ ! -f %{_sysconfdir}/audit/audit.rules ]; then cp %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules fi %service_add_post auditd.service %service_add_post augenrules.service %pre -n audit %service_add_pre auditd.service %service_add_pre augenrules.service %pre -n system-group-audit -f audit.pre %preun -n audit %service_del_preun auditd.service %service_del_preun augenrules.service %postun -n audit %service_del_postun auditd.service %service_del_postun augenrules.service %files -n audit %license COPYING %doc README ChangeLog init.d/auditd.cron %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz %attr(644,root,root) %{_mandir}/man8/auditd.8.gz %attr(644,root,root) %{_mandir}/man8/aureport.8.gz %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz %attr(644,root,root) %{_mandir}/man8/autrace.8.gz %attr(644,root,root) %{_mandir}/man8/aulast.8.gz %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz %attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz %if 0%{?suse_version} < 1550 /sbin/auditctl /sbin/auditd /sbin/ausearch /sbin/autrace /sbin/augenrules /sbin/aureport %endif %attr(750,root,root) %{_sbindir}/auditctl %attr(750,root,root) %{_sbindir}/auditd %attr(755,root,root) %{_sbindir}/ausearch %attr(750,root,root) %{_sbindir}/autrace %attr(750,root,root) %{_sbindir}/augenrules %attr(750,root,root) %{_sbindir}/audisp-syslog %attr(755,root,root) %{_bindir}/aulast %attr(755,root,root) %{_bindir}/aulastlog %attr(755,root,root) %{_bindir}/ausyscall %attr(755,root,root) %{_sbindir}/aureport %attr(755,root,root) %{_bindir}/auvirt %dir %attr(750,root,root) %{_sysconfdir}/audit %attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/af_unix.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/syslog.conf %ghost %{_sysconfdir}/auditd.conf %ghost %{_sysconfdir}/audit.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf %dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules %dir %attr(750,root,audit) %{_localstatedir}/log/audit %ghost %config(noreplace) %attr(640,root,audit) %{_localstatedir}/log/audit/audit.log %dir %attr(700,root,root) %{_localstatedir}/spool/audit %{_unitdir}/auditd.service %{_unitdir}/augenrules.service %{_sbindir}/rcauditd %{_datadir}/audit/ %files -n system-group-audit %{_sysusersdir}/system-group-audit.conf %if %{with python2} %files -n python2-audit %attr(755,root,root) %{python2_sitearch}/_audit.so %attr(755,root,root) %{python2_sitearch}/auparse.so %{python2_sitearch}/audit.py* %endif %if %{with python3} %files -n python3-audit %attr(755,root,root) %{python3_sitearch}/* %endif %files -n audit-audispd-plugins %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz %attr(750,root,root) %dir %{_sysconfdir}/audit %attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/audispd-zos-remote.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/zos-remote.conf %attr(750,root,root) %{_sbindir}/audisp-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audisp-remote.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/au-remote.conf %changelog