Sync from SUSE:SLFO:Main audit revision ffd72b38aef75051423272adc56880c1

This commit is contained in:
Adrian Schröter 2024-08-30 15:41:46 +02:00
parent c08b6413a2
commit 214403da86
11 changed files with 147 additions and 29 deletions

4
_multibuild Normal file
View File

@ -0,0 +1,4 @@
<multibuild>
<package>audit-secondary</package>
</multibuild>

BIN
audit-3.0.9.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
audit-3.1.1.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -9,11 +9,11 @@ Signed-off-by: Tony Jones <tonyj@suse.de>
src/ausearch-parse.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
Index: audit-3.0.9/src/ausearch-parse.c
Index: audit-3.1.1/src/ausearch-parse.c
===================================================================
--- audit-3.0.9.orig/src/ausearch-parse.c
+++ audit-3.0.9/src/ausearch-parse.c
@@ -2062,17 +2062,15 @@ other_avc:
--- audit-3.1.1.orig/src/ausearch-parse.c
+++ audit-3.1.1/src/ausearch-parse.c
@@ -2075,17 +2075,15 @@ other_avc:
// Now get the class...its at the end, so we do things different
str = strstr(term, "tclass=");

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Mon Aug 5 08:50:50 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Remove rcaudit symlink [jsc#PED-266]
-------------------------------------------------------------------
Mon Jul 3 08:34:22 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
- Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
-------------------------------------------------------------------
Thu May 4 12:58:06 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon Feb 20 14:13:06 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
- Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
-------------------------------------------------------------------
Tue Dec 27 10:21:56 UTC 2022 - Ludwig Nussel <lnussel@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package audit-secondary
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@
# The seperation is required to minimize unnecessary build cycles.
%define _name audit
Name: audit-secondary
Version: 3.0.9
Version: 3.1.1
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later
@ -206,8 +206,10 @@ for prog in auditctl auditd ausearch autrace aureport augenrules; do
done
%endif
#END-USR-MERGE
%if 0%{?suse_version} < 1550
# rcauditd symlink
ln -s service %{buildroot}%{_sbindir}/rcauditd
%endif
chmod 0644 %{buildroot}%{_unitdir}/auditd.service
chmod 0644 %{buildroot}%{_unitdir}/augenrules.service
@ -258,6 +260,7 @@ fi
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
%attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
%if 0%{?suse_version} < 1550
/sbin/auditctl
/sbin/auditd
@ -276,6 +279,7 @@ fi
%attr(755,root,root) %{_bindir}/aulastlog
%attr(755,root,root) %{_bindir}/ausyscall
%attr(755,root,root) %{_sbindir}/aureport
%attr(755,root,root) %{_sbindir}/audisp-af_unix
%attr(755,root,root) %{_bindir}/auvirt
%dir %attr(750,root,root) %{_sysconfdir}/audit
%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
@ -292,7 +296,9 @@ fi
%dir %attr(700,root,root) %{_localstatedir}/spool/audit
%{_unitdir}/auditd.service
%{_unitdir}/augenrules.service
%if 0%{?suse_version} < 1550
%{_sbindir}/rcauditd
%endif
%{_datadir}/audit/
%files -n system-group-audit

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Mon Jul 3 08:33:52 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
- Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
-------------------------------------------------------------------
Thu May 4 12:58:06 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Mon Mar 20 14:53:26 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
- Enable livepatching on main library on x86_64.
-------------------------------------------------------------------
Mon Feb 20 14:12:55 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
- Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
-------------------------------------------------------------------
Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya <ematsumiya@suse.de>

View File

@ -1,7 +1,7 @@
#
# spec file for package audit
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -16,8 +16,14 @@
#
%ifarch x86_64
%bcond_without livepatching
%else
%bcond_with livepatching
%endif
Name: audit
Version: 3.0.9
Version: 3.1.1
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later
@ -79,6 +85,9 @@ libraries.
%build
autoreconf -fi
export CFLAGS="%{optflags} -fno-strict-aliasing"
%if %{with livepatching}
export CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
%endif
export CXXFLAGS="$CFLAGS"
export LDFLAGS="-Wl,-z,relro,-z,now"
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
@ -102,6 +111,33 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
%make_build -C auparse
%make_build -C docs
%if %{with livepatching}
# Workaround bsc#1208721: remove _patchable_function_entry from static libs.
find . -name "*.a" -exec \
objcopy --remove-section "__patchable_function_entries" {} \;
%define tar_basename audit-livepatch-%{version}-%{release}
%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
%define clones_dest_dir %{tar_basename}/%{_arch}
# Ipa-clones are files generated by gcc which logs changes made across
# functions, and we need to know such changes to build livepatches
# correctly. These files are intended to be used by the livepatch
# developers and may be retrieved by using `osc getbinaries`.
#
# Create ipa-clones destination folder and move clones there.
mkdir -p ipa-clones/%{clones_dest_dir}
find . -name "*.ipa-clones" ! -empty \
-exec cp -t ipa-clones/%{clones_dest_dir} --parents {} +
# Create tarball with ipa-clones.
tar -cJf %{tar_package_name} -C ipa-clones \
--owner root --group root --sort name %{tar_basename}
# Copy tarball to the OTHER folder to store it as artifact.
cp %{tar_package_name} %{_topdir}/OTHER
%endif
%install
%make_install -C common
%make_install -C lib

View File

@ -1,7 +1,7 @@
Index: audit-3.0.9/init.d/augenrules.service
Index: audit-3.1.1/init.d/augenrules.service
===================================================================
--- /dev/null
+++ audit-3.0.9/init.d/augenrules.service
+++ audit-3.1.1/init.d/augenrules.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=auditd rules generation
@ -32,10 +32,10 @@ Index: audit-3.0.9/init.d/augenrules.service
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ReadWritePaths=/etc/audit
Index: audit-3.0.9/init.d/auditd.service
Index: audit-3.1.1/init.d/auditd.service
===================================================================
--- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.9/init.d/auditd.service
--- audit-3.1.1.orig/init.d/auditd.service
+++ audit-3.1.1/init.d/auditd.service
@@ -15,15 +15,16 @@ ConditionKernelCommandLine=!audit=0
ConditionKernelCommandLine=!audit=off
@ -57,7 +57,7 @@ Index: audit-3.0.9/init.d/auditd.service
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
# By default we clear the rules on exit. To disable this, comment
# the next line after copying the file to /etc/systemd/system/auditd.service
@@ -46,7 +47,6 @@ ProtectClock=true
@@ -47,7 +48,6 @@ ProtectClock=true
ProtectKernelTunables=true
ProtectKernelLogs=true
# end of automatic additions
@ -65,10 +65,10 @@ Index: audit-3.0.9/init.d/auditd.service
[Install]
WantedBy=multi-user.target
Index: audit-3.0.9/init.d/Makefile.am
Index: audit-3.1.1/init.d/Makefile.am
===================================================================
--- audit-3.0.9.orig/init.d/Makefile.am
+++ audit-3.0.9/init.d/Makefile.am
--- audit-3.1.1.orig/init.d/Makefile.am
+++ audit-3.1.1/init.d/Makefile.am
@@ -26,7 +26,8 @@ EXTRA_DIST = auditd.init auditd.service
auditd.cron libaudit.conf auditd.condrestart \
auditd.reload auditd.restart auditd.resume \

View File

@ -12,11 +12,11 @@ Also remove PrivateDevices=true so /dev/* are exposed to auditd.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Index: audit-3.0.9/init.d/auditd.service
Index: audit-3.1.1/init.d/auditd.service
===================================================================
--- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.9/init.d/auditd.service
@@ -41,12 +41,12 @@ RestrictRealtime=true
--- audit-3.1.1.orig/init.d/auditd.service
+++ audit-3.1.1/init.d/auditd.service
@@ -42,12 +42,12 @@ RestrictRealtime=true
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full

View File

@ -1,9 +1,9 @@
Index: audit-3.0.9/init.d/auditd.service
Index: audit-3.1.1/init.d/auditd.service
===================================================================
--- audit-3.0.9.orig/init.d/auditd.service
+++ audit-3.0.9/init.d/auditd.service
@@ -38,6 +38,15 @@ LockPersonality=true
ProtectControlGroups=true
--- audit-3.1.1.orig/init.d/auditd.service
+++ audit-3.1.1/init.d/auditd.service
@@ -39,6 +39,15 @@ LockPersonality=true
#ProtectControlGroups=true
ProtectKernelModules=true
RestrictRealtime=true
+# added automatically, for details please see