Sync from SUSE:SLFO:Main audit revision b45ec063c4e7856d1bf1ea7fa6a46c44
This commit is contained in:
commit
c08b6413a2
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
16
README-BEFORE-ADDING-PATCHES
Normal file
16
README-BEFORE-ADDING-PATCHES
Normal file
@ -0,0 +1,16 @@
|
||||
All patches need to have a kernel-style patch description header.
|
||||
|
||||
PATCHES LACKING THIS OR NOT CORRECTLY FOLLOWING DESCRIPTION BELOW WILL BE
|
||||
REJECTED OR REVERTED
|
||||
|
||||
From: Joe Smoe <joe@smoe.com>
|
||||
Subject: Summary of fix
|
||||
Date: Date of fix
|
||||
References: Bugzilla reference [bsc#xxxx]
|
||||
References: URL of relevant discussion thread, opensuse or upstream ML etc
|
||||
Git-commit: Full SHA of upstream commit [if applicable]
|
||||
Git-repo: [if different from https://github.com/linux-audit/audit-userspace.git]
|
||||
Patch-mainline: revision of audit package or explanation if not [i.e v2.8.1 or "queued with maintainer" or "never; because ...." ]
|
||||
Signed-Off-by: Joe Smoe <joe@smoe.com>
|
||||
|
||||
Short paragraph describing problem/fix.
|
BIN
audit-3.0.9.tar.gz
(Stored with Git LFS)
Normal file
BIN
audit-3.0.9.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
25
audit-allow-manual-stop.patch
Normal file
25
audit-allow-manual-stop.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From: Tony Jones <tonyj@suse.de>
|
||||
Subject: allow service stop
|
||||
References: https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
|
||||
References: https://www.redhat.com/archives/linux-audit/2013-July/msg00048.html
|
||||
---
|
||||
|
||||
legacy-actions is Fedora specific, so blocking manual stop won't work for
|
||||
SUSE since we lack the ability to use a custom stop/restart
|
||||
|
||||
|
||||
init.d/auditd.service | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
Index: audit-3.0.9/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.service
|
||||
+++ audit-3.0.9/init.d/auditd.service
|
||||
@@ -11,7 +11,6 @@ After=local-fs.target systemd-tmpfiles-s
|
||||
Before=sysinit.target shutdown.target
|
||||
##Before=shutdown.target
|
||||
Conflicts=shutdown.target
|
||||
-RefuseManualStop=yes
|
||||
ConditionKernelCommandLine=!audit=0
|
||||
ConditionKernelCommandLine=!audit=off
|
||||
|
41
audit-ausearch-do-not-require-tclass.patch
Normal file
41
audit-ausearch-do-not-require-tclass.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From: William Preston <wpreston@suse.com>
|
||||
Subject: ausearch is looking for the "tclass" field in the entries, which doesn't make sense for apparmor.
|
||||
References: bnc#878687
|
||||
References: https://www.redhat.com/archives/linux-audit/2014-May/msg00094.html https://www.redhat.com/archives/linux-audit/2014-June/msg00001.html
|
||||
Upstream: never
|
||||
Signed-off-by: Tony Jones <tonyj@suse.de>
|
||||
|
||||
---
|
||||
src/ausearch-parse.c | 18 ++++++++----------
|
||||
1 file changed, 8 insertions(+), 10 deletions(-)
|
||||
|
||||
Index: audit-3.0.9/src/ausearch-parse.c
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/src/ausearch-parse.c
|
||||
+++ audit-3.0.9/src/ausearch-parse.c
|
||||
@@ -2062,17 +2062,15 @@ other_avc:
|
||||
|
||||
// Now get the class...its at the end, so we do things different
|
||||
str = strstr(term, "tclass=");
|
||||
- if (str == NULL) {
|
||||
- rc = 9;
|
||||
- goto err;
|
||||
+ if (str) {
|
||||
+ str += 7;
|
||||
+ term = strchr(str, ' ');
|
||||
+ if (term)
|
||||
+ *term = 0;
|
||||
+ an.avc_class = strdup(str);
|
||||
+ if (term)
|
||||
+ *term = ' ';
|
||||
}
|
||||
- str += 7;
|
||||
- term = strchr(str, ' ');
|
||||
- if (term)
|
||||
- *term = 0;
|
||||
- an.avc_class = strdup(str);
|
||||
- if (term)
|
||||
- *term = ' ';
|
||||
|
||||
if (audit_avc_init(s) == 0) {
|
||||
alist_append(s->avc, &an);
|
24
audit-no-gss.patch
Normal file
24
audit-no-gss.patch
Normal file
@ -0,0 +1,24 @@
|
||||
From: Tony Jones <tonyj@suse.de>
|
||||
Subject: Disable GSS options from config file
|
||||
Upsteam: never
|
||||
|
||||
Disable GSS/Kerberos options from config file. They are disabled from configure
|
||||
but need manual removal here.
|
||||
|
||||
---
|
||||
init.d/auditd.conf | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
Index: audit-3.0.9/init.d/auditd.conf
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.conf
|
||||
+++ audit-3.0.9/init.d/auditd.conf
|
||||
@@ -30,8 +30,6 @@ tcp_max_per_addr = 1
|
||||
##tcp_client_ports = 1024-65535
|
||||
tcp_client_max_idle = 0
|
||||
transport = TCP
|
||||
-krb5_principal = auditd
|
||||
-##krb5_key_file = /etc/audit/audit.key
|
||||
distribute_network = no
|
||||
q_depth = 2000
|
||||
overflow_action = SYSLOG
|
29
audit-plugins-path.patch
Normal file
29
audit-plugins-path.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From: Tony Jones <tonyj@suse.de>
|
||||
Subject: Adjust location of plugins built by audit-secondary
|
||||
Upsteam: never
|
||||
|
||||
Adjust location of plugins built by audit-secondary. These should never have
|
||||
been in /sbin plus some (for SUSE) require lib dependancies on /usr/lib
|
||||
|
||||
--- a/audisp/plugins/remote/au-remote.conf
|
||||
+++ b/audisp/plugins/remote/au-remote.conf
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
active = no
|
||||
direction = out
|
||||
-path = /sbin/audisp-remote
|
||||
+path = /usr/sbin/audisp-remote
|
||||
type = always
|
||||
#args =
|
||||
format = string
|
||||
--- a/audisp/plugins/zos-remote/audispd-zos-remote.conf
|
||||
+++ b/audisp/plugins/zos-remote/audispd-zos-remote.conf
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
active = no
|
||||
direction = out
|
||||
-path = /sbin/audispd-zos-remote
|
||||
+path = /usr/sbin/audispd-zos-remote
|
||||
type = always
|
||||
args = /etc/audit/zos-remote.conf
|
||||
format = string
|
737
audit-secondary.changes
Normal file
737
audit-secondary.changes
Normal file
@ -0,0 +1,737 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 27 10:21:56 UTC 2022 - Ludwig Nussel <lnussel@suse.com>
|
||||
|
||||
- Replace transitional %usrmerged macro with regular version check (boo#1206798)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya <ematsumiya@suse.de>
|
||||
|
||||
- Enable build for ARM (32-bit)
|
||||
- Update to version 3.0.9:
|
||||
* In auditd, release the async flush lock on stop
|
||||
* Don't allow auditd to log directly into /var/log when log_group is non-zero
|
||||
* Cleanup krb5 memory leaks on error paths
|
||||
* Update auditd.cron to use auditctl --signal
|
||||
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
|
||||
* In auparse, special case kernel module name interpretation
|
||||
* If overflow_action is ignore, don't treat as an error
|
||||
(3.0.8)
|
||||
* Add gcc function attributes for access and allocation
|
||||
* Add some more man pages (MIZUTA Takeshi)
|
||||
* In auditd, change the reinitializing of the plugin queue
|
||||
* Fix path normalization in auparse (Sergio Correia)
|
||||
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
|
||||
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
|
||||
* Drop ProtectHome from auditd.service as it interferes with rules
|
||||
(3.0.7)
|
||||
* Add support for the OPENAT2 record type (Richard Guy Briggs)
|
||||
* In auditd, close the logging file descriptor when logging is suspended
|
||||
* Update the capabilities lookup table to match 5.16 kernel
|
||||
* Improve interpretation of renamat & faccessat family of syscalls
|
||||
* Update syscall table for the 5.16 kernel
|
||||
* Reduce dependency from initscripts to initscripts-service
|
||||
- Refresh patches (context adjusment):
|
||||
* audit-allow-manual-stop.patch
|
||||
* audit-ausearch-do-not-require-tclass.patch
|
||||
* audit-no-gss.patch
|
||||
* enable-stop-rules.patch
|
||||
* fix-hardened-service.patch
|
||||
* harden_auditd.service.patch
|
||||
- Remove patches (fixed by version update):
|
||||
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
|
||||
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 11 20:44:34 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Drop buildrequire on C++ compiler.
|
||||
- Modernize specfile constructs.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Mar 26 11:14:19 UTC 2022 - Stephan Kulow <coolo@suse.com>
|
||||
|
||||
- Fix buildrequire for openldap2-devel - audit doesn't require the
|
||||
(outdated) C++ binding, but the C headers that happen to be pulled
|
||||
in by buildrequiring the C++ devel package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 25 04:56:19 UTC 2022 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
|
||||
* add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
|
||||
- Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517)
|
||||
* add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 23 16:37:06 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- add audit-userspace-517-compat.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 29 13:13:56 UTC 2021 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
- Use %autosetup
|
||||
- Don't include sample rules as %doc, they're already installed
|
||||
as normal files
|
||||
- Fix create-augenrules-service.patch:
|
||||
* auditd.service needs to require augenrules.service,
|
||||
not the other way around
|
||||
- Fix documentation for enable-stop-rules.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Nov 7 13:34:20 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||||
|
||||
- Update to version 3.0.6:
|
||||
* fixes a segfault on some SELINUX_ERR records
|
||||
* makes IPX packet interpretation dependent on the ipx header
|
||||
file existing
|
||||
* adds b32/b64 support to ausyscall
|
||||
* adds support for armv8l
|
||||
* fixes auditctl list of syscalls on PPC
|
||||
* auditd.service now restarts auditd under some conditions
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 15 11:13:26 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||||
|
||||
- Add CONFIG parameter to %sysusers_generate_pre
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 13 19:12:06 UTC 2021 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Create separate service for augenrules (bsc#1191614, bsc#1181400)
|
||||
* add create-augenrules-service.patch
|
||||
Remove ReadWritePaths=/etc/audit from auditd.service, also removes
|
||||
augenrules call from ExecStartPost.
|
||||
Create augenrules.service with the ReadWritePaths directive above.
|
||||
This makes /etc/audit only accessible by augenrules.service and
|
||||
let auditd.service (and daemon) to be sandboxed again.
|
||||
|
||||
- Update audit-secondary.spec to accomodate the new service file.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 20 02:06:44 UTC 2021 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Fix hardened auditd.service (bsc#1181400)
|
||||
* add fix-hardened-service.patch
|
||||
Make /etc/audit read-write from the service.
|
||||
Remove PrivateDevices=true to expose /dev/* to auditd.service.
|
||||
|
||||
- Enable stop rules for audit.service (cf. bsc#1190227)
|
||||
* add enable-stop-rules.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 16 03:46:19 UTC 2021 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Change default log_format from ENRICHED to RAW (bsc#1190500):
|
||||
* add change-default-log_format.patch (SUSE-specific patch)
|
||||
|
||||
- Update to version 3.0.5:
|
||||
* In auditd, flush uid/gid caches when user/group added/deleted/modified
|
||||
* Fixed various issues when dealing with corrupted logs
|
||||
* In auditd, check if log_file is valid before closing handle
|
||||
|
||||
- Include fixed from 3.0.4:
|
||||
* Apply performance speedups to auparse library
|
||||
* Optimize rule loading in auditctl
|
||||
* Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
|
||||
* Update syscall table to the 5.14 kernel
|
||||
* Fixed various issues when dealing with corrupted logs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 16 13:29:21 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- harden_auditd.service.patch: automatic hardening applied to systemd
|
||||
services
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 30 18:14:14 CEST 2021 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Update to version 3.0.3:
|
||||
* Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
|
||||
* Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
|
||||
* Change auparse_feed_has_data in auparse to include incomplete events
|
||||
* Auditd, stop linking against -lrt
|
||||
* Add ProtectHome and RestrictRealtime to auditd.service
|
||||
* In auditd, read up to 3 netlink packets in a row
|
||||
* In auditd, do not validate path to plugin unless active
|
||||
* In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
|
||||
- use https source urls
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Adjust audit.spec and audit-secondary.spec to support new version
|
||||
- Include fix for libev
|
||||
* add libev-werror.patch
|
||||
|
||||
- Update to version 3.0.2
|
||||
- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
|
||||
- Optionally interpret auid in auditctl -l
|
||||
- Update some syscall argument interpretations
|
||||
- In auditd, do not allow spaces in the hostname name format
|
||||
- Big documentation cleanup (MIZUTA Takeshi)
|
||||
- Update syscall table to the 5.12 kernel
|
||||
- Update the auparse normalizer for new event types
|
||||
- Fix compiler warnings in ids subsystem
|
||||
- Block a couple signals from flush & reconfigure threads
|
||||
- In auditd, don't wait on flush thread when exiting
|
||||
- Output error message if the path of input files are too long ausearch/report
|
||||
|
||||
Included fixes from 3.0.1
|
||||
- Update syscall table to the 5.11 kernel
|
||||
- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
|
||||
- Only enable periodic timers when listening on the network
|
||||
- Upgrade libev to 4.33
|
||||
- Add auparse_new_buffer function to auparse library
|
||||
- Use the select libev backend unless aggregating events
|
||||
- Add sudoers to some base audit rules
|
||||
- Update the auparse normalizer for some new syscalls and event types
|
||||
|
||||
Included fixes from 3.0
|
||||
- Generate checkpoint file even when no results are returned (Burn Alting)
|
||||
- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
|
||||
- Convert auparse_test to run with python3 (Tomáš Chvátal)
|
||||
- Drop support for prelude
|
||||
- Adjust backlog_wait_time in rules to the kernel default (#1482848)
|
||||
- Remove ids key syntax checking of rules in auditctl
|
||||
- Use SIGCONT to dump auditd internal state (#1504251)
|
||||
- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
|
||||
- Fix parsing of uid & success for ausearch
|
||||
- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
|
||||
- Hide lru symbols in auparse
|
||||
- Add systemd process protections
|
||||
- Fix aureport summary time range reporting
|
||||
- Allow unlimited retries on startup for remote logging
|
||||
- Add queue_depth to remote logging stats and increase default queue_depth size
|
||||
- Fix segfault on shutdown
|
||||
- Merge auditd and audispd code
|
||||
- Close on execute init_pipe fd (#1587995)
|
||||
- Breakout audisp syslog plugin to be standalone program
|
||||
- Create a common internal library to reduce code
|
||||
- Move all audispd config files under /etc/audit/
|
||||
- Move audispd.conf settings into auditd.conf
|
||||
- Add queue depth statistics to internal state dump report
|
||||
- Add network statistics to internal state dump report
|
||||
- SIGUSR now also restarts queue processing if its suspended
|
||||
- Update lookup tables for the 4.18 kernel
|
||||
- Add auparse_normalizer support for SOFTWARE_UPDATE event
|
||||
- Add 30-ospp-v42.rules to meet new Common Criteria requirements
|
||||
- Deprecate enable_krb and replace with transport config opt for remote logging
|
||||
- Mark netlabel events as simple events so that get processed quicker
|
||||
- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
|
||||
- In aureport, fix segfault in file report
|
||||
- Add auparse_normalizer support for labeled networking events
|
||||
- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
|
||||
- In ausearch/auparse, event aging is off by a second
|
||||
- In ausearch/auparse, correct event ordering to process oldest first
|
||||
- Migrate auparse python test to python3
|
||||
- auparse_reset was not clearing everything it should
|
||||
- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
|
||||
- In ausearch/report, lightly parse selinux portion of USER_AVC events
|
||||
- Add bpf syscall command argument interpretation to auparse
|
||||
- In ausearch/report, limit record size when malformed
|
||||
- Port af_unix plugin to libev
|
||||
- In auditd, fix extract_type function for network originating events
|
||||
- In auditd, calculate right size and location for network originating events
|
||||
- Make legacy script wait for auditd to terminate (#1643567)
|
||||
- Treat all network originating events as VER2 so dispatcher doesn't format it
|
||||
- If an event has a node name make it VER2 so dispatcher doesnt format it
|
||||
- In audisp-remote do an initial connection attempt (#1625156)
|
||||
- In auditd, allow expression of space left as a percentage (#1650670)
|
||||
- On PPC64LE systems, only allow 64 bit rules (#1462178)
|
||||
- Make some parts of auditd state report optional based on config
|
||||
- Update to libev-4.25
|
||||
- Fix ausearch when checkpointing a single file (Burn Alting)
|
||||
- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
|
||||
- In ausearch, do not checkpt if stdin is input source
|
||||
- In libev, remove __cold__ attribute for functions to allow proper hardening
|
||||
- Add tests to configure.ac for openldap support
|
||||
- Make systemd support files use /run rather than /var/run (Christian Hesse)
|
||||
- Fix minor memory leak in auditd kerberos credentials code
|
||||
- Allow exclude and user filter by executable name (Ondrej Mosnacek)
|
||||
- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
|
||||
- In ausearch/report fix --end to use midnight time instead of now (#1671338)
|
||||
- Add substitue functions for strndupa & rawmemchr
|
||||
- Fix memleak in auparse caused by corrected event ordering
|
||||
- Fix legacy reload script to reload audit rules when daemon is reloaded
|
||||
- Support for unescaping in trusted messages (Dmitry Voronin)
|
||||
- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
|
||||
- In aureport, fix segfault for malformed USER_CMD events
|
||||
- Add exe field to audit_log_user_command in libaudit
|
||||
- In auditctl support filter on socket address families (Richard Guy Briggs)
|
||||
- Deprecate support for Alpha & IA64 processors
|
||||
- If space_left_action is rotate, allow it every time (#1718444)
|
||||
- In auparse, drop standalone EOE events
|
||||
- Add milliseconds column for ausearch extra time csv format
|
||||
- Fix aureport first event reporting when no start given
|
||||
- In audisp-remote, add new config item for startup connection errors
|
||||
- Remove dependency on chkconfig
|
||||
- Install rules to /usr/share/audit/sample-rules/
|
||||
- Split up ospp rules to make SCAP scanning easier (#1746018)
|
||||
- In audisp-syslog, support interpreting records (#1497279)
|
||||
- Audit USER events now sends msg as name value pair
|
||||
- Add support for AUDIT_BPF event
|
||||
- Auditd should not process AUDIT_REPLACE events
|
||||
- Update syscall tables to the 5.5 kernel
|
||||
- Improve personality interpretation by using PERS_MASK
|
||||
- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
|
||||
- Change auparse python bindings to shared object (Issue #121)
|
||||
- Add error messages for watch permissions
|
||||
- If audit rules file doesn't exist log error message instead of info message
|
||||
- Revise error message for unmatched options in auditctl
|
||||
- In audisp-remote, fixup remote endpoint disappearin in ascii format
|
||||
- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
|
||||
- In auditctl, add support for sending a signal to auditd
|
||||
|
||||
- Removes audit-fno-common.patch: fixed in upstream
|
||||
- Removes audit-python3.patch: fixed in upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 1 18:13:18 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Do not explicitly provide group(audit) in system-users-audit:
|
||||
this is automatically handled by rpm/providers.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 28 17:59:43 UTC 2021 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Create new "audit" group for read access to logs (bsc#1178154)
|
||||
* add change-default-log_group.patch
|
||||
* update audit-secondary.spec
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 2 11:49:28 UTC 2020 - Alexander Bergmann <abergmann@suse.com>
|
||||
|
||||
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 16 09:40:34 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
|
||||
|
||||
- prepare usrmerge (boo#1029961)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 13 17:39:03 UTC 2020 - Tony Jones <tonyj@suse.com>
|
||||
|
||||
- Update to version 2.8.5:
|
||||
* Fix segfault on shutdown
|
||||
* Fix hang on startup (#1587995)
|
||||
* Add sleep to script to dump state so file is ready when needed
|
||||
* Add auparse_normalizer support for SOFTWARE_UPDATE event
|
||||
* Mark netlabel events as simple events so that get processed quicker
|
||||
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
|
||||
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
|
||||
* Update lookup tables for the 4.18 kernel
|
||||
* In aureport, fix segfault in file report
|
||||
* Add auparse_normalizer support for labeled networking events
|
||||
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
|
||||
* Event aging is off by a second
|
||||
* In ausearch/auparse, correct event ordering to process oldest first
|
||||
* auparse_reset was not clearing everything it should
|
||||
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
|
||||
* In ausearch/report, lightly parse selinux portion of USER_AVC events
|
||||
* In ausearch/report, limit record size when malformed
|
||||
* In auditd, fix extract_type function for network originating events
|
||||
* In auditd, calculate right size and location for network originating events
|
||||
* Treat all network originating events as VER2 so dispatcher doesn't format it
|
||||
* In audisp-remote do an initial connection attempt (#1625156)
|
||||
* In auditd, allow expression of space left as a percentage (#1650670)
|
||||
* On PPC64LE systems, only allow 64 bit rules (#1462178)
|
||||
* Make some parts of auditd state report optional based on config
|
||||
* Fix ausearch when checkpointing a single file (Burn Alting)
|
||||
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
|
||||
* In ausearch, do not checkpt if stdin is input source
|
||||
* In libev, remove __cold__ attribute for functions to allow proper hardening
|
||||
* Add tests to configure.ac for openldap support
|
||||
* Make systemd support files use /run rather than /var/run (Christian Hesse)
|
||||
* Fix minor memory leak in auditd kerberos credentials code
|
||||
* Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
|
||||
* In ausearch/report fix --end to use midnight time instead of now (#1671338)
|
||||
|
||||
- Fix build errors when using gcc-10 no-common default (bsc#1160384)
|
||||
New patch: audit-fno-common.patch
|
||||
|
||||
- Refresh audit-allow-manual-stop.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 21 10:32:43 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Reduce scriptlets' hard dependency on systemd.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jun 23 08:16:07 UTC 2018 - antoine.belvire@opensuse.org
|
||||
|
||||
- Update to version 2.8.4:
|
||||
* Generate checkpoint file even when not results are returned
|
||||
(Burn Alting).
|
||||
* Fix log file creation when file logging is disabled entirely
|
||||
(Vlad Glagolev).
|
||||
* Use SIGCONT to dump auditd internal state (rh#1504251).
|
||||
* Fix parsing of virtual timestamp fields in ausearch_expression
|
||||
(rh#1515903).
|
||||
* Fix parsing of uid & success for ausearch.
|
||||
* Hide lru symbols in auparse.
|
||||
* Fix aureport summary time range reporting.
|
||||
* Allow unlimited retries on startup for remote logging.
|
||||
* Add queue_depth to remote logging stats and increase default
|
||||
queue_depth size.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 17 10:48:40 UTC 2018 - antoine.belvire@opensuse.org
|
||||
|
||||
- Update to version 2.8.3:
|
||||
* Correct msg function name in lru debug code.
|
||||
* Fix a segfault in auditd when dns resolution isn't available.
|
||||
* Make a reload legacy service for auditd.
|
||||
* In auparse python bindings, expose some new types that were
|
||||
missing.
|
||||
* In normalizer, pickup subject kind for user_login events.
|
||||
* Fix interpretation of unknown ioctcmds (rh#1540507).
|
||||
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
|
||||
RESP_ORIGIN_BLOCK_TIMED events.
|
||||
* In auparse_normalize for USER_LOGIN events, map acct for
|
||||
subj_kind.
|
||||
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events
|
||||
(rh#1534748).
|
||||
* Do not rotate auditd logs when num_logs < 2 (brozs).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 3 13:33:34 CEST 2018 - kukuk@suse.de
|
||||
|
||||
- Use %license instead of %doc [bsc#1082318]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 16 19:44:45 UTC 2018 - tonyj@suse.com
|
||||
|
||||
- Change openldap dependency to client only (bsc#1085003)
|
||||
- Resolve issue with previous change if both Python2 and Python3 are
|
||||
present, tests were failing as python2 bindings are preferred in this
|
||||
case.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 22 11:00:16 UTC 2018 - meissner@suse.com
|
||||
|
||||
- reverted -j1 force ppc specific only
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 7 09:26:35 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Add patch to fix test run without python2 interpreter:
|
||||
* audit-python3.patch
|
||||
- Update to 2.8.2 release:
|
||||
* Update tables for 4.14 kernel
|
||||
* Fixup ipv6 server side binding
|
||||
* AVC report from aureport was missing result column header (#1511606)
|
||||
* Add SOFTWARE_UPDATE event
|
||||
* In ausearch/report pickup any path and new-disk fields as a file
|
||||
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
|
||||
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
|
||||
* Fix building on old systems without linux/fanotify.h
|
||||
* Fix shell portability issues reported by shellcheck
|
||||
* Auditd validate_email should not use gethostbyname
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 6 13:24:43 UTC 2018 - normand@linux.vnet.ibm.com
|
||||
|
||||
- force -j1 for PowerPC make check to avoid build failure
|
||||
(lookup_test.o: file not recognized: File truncated)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 17 15:25:55 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Add conditions around python plugins to allow us to conditionalize
|
||||
them in enviroment without python2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 9 16:21:23 UTC 2017 - mpluskal@suse.com
|
||||
|
||||
- Rename python binding packages to match current python packaging
|
||||
standards
|
||||
- Update python build dependencies to resolve future split of
|
||||
python2/3
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Nov 4 21:11:35 UTC 2017 - aavindraa@gmail.com
|
||||
|
||||
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
- Remove audit-implicit-writev.patch (fixed upstream across 2
|
||||
commits)
|
||||
* 3b30db20ad983274989ce9a522120c3c225436b3
|
||||
* 07132c22314e9abbe64d1031fd8734243285bb3f
|
||||
- Cleanup with spec-cleaner
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 18 08:50:02 UTC 2017 - dimstar@opensuse.org
|
||||
|
||||
- Add audit-implicit-writev.patch: include sys/uio.h to ensure
|
||||
readv and writev are declared.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 24 13:59:06 UTC 2017 - jengelh@inai.de
|
||||
|
||||
- Rectify RPM groups, diversify descriptions.
|
||||
- Remove mentions of static libraries because they are not built.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 18 18:33:40 UTC 2017 - tonyj@suse.com
|
||||
|
||||
- Update to version 2.7.7. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking
|
||||
service (bsc#1042781).
|
||||
Add config: audit-stop.rules
|
||||
Refresh patch: audit-allow-manual-stop.patch
|
||||
Refresh patch: audit-no-gss.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 1 14:59:05 UTC 2016 - tchvatal@suse.com
|
||||
|
||||
- Version update to 2.5. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
- Cleanup with spec-cleaner
|
||||
- Sort out bit /sbin /usr/sbin/ installation
|
||||
- Install the rules as documentation
|
||||
- Remove needless %py_requires from python subpkgs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 21 19:00:36 UTC 2015 - tonyj@suse.com
|
||||
|
||||
- Update to version 2.4.4. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
- Add python3 bindings for libaudit and libauparse
|
||||
- Remove patch 'audit-no_m4_dir.patch'
|
||||
(added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com)
|
||||
No idea what earlier 'automake' build error this was trying to fix but
|
||||
it broke the handling of "--without-libcap-ng". Anyways, no build error
|
||||
occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 2 17:35:12 UTC 2014 - tonyj@suse.com
|
||||
|
||||
- Update to version 2.4. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
Drop patch: auditd-donot-start-if-kernel-cmdline-disabled.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 15 14:24:33 UTC 2014 - crrodriguez@opensuse.org
|
||||
|
||||
- If the system has been booted with audit=0 in the kernel cmdline
|
||||
auditd.service must refrain from starting as the relevant kernel
|
||||
subsystem will be permanently disabled.
|
||||
add patch: auditd-donot-start-if-kernel-cmdline-disabled.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 10 06:21:55 UTC 2014 - tonyj@suse.com
|
||||
|
||||
- Do not require tclass field to be present when searching for AVC
|
||||
records (bnc#878687)
|
||||
add patch: audit-ausearch-do-not-require-tclass.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 15 00:52:16 UTC 2014 - tonyj@suse.com
|
||||
|
||||
- Update to version 2.3.6. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 26 18:41:33 UTC 2014 - crrodriguez@opensuse.org
|
||||
|
||||
- fix systemd warning:
|
||||
"Configuration file /usr/lib/systemd/system/auditd.service
|
||||
is marked world-inaccessible.
|
||||
This has no effect as configuration data is accessible
|
||||
via APIs without restrictions"
|
||||
* indeed restricting access to unit files using filesystem
|
||||
permissions is non-sense.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 27 16:28:31 UTC 2014 - tonyj@suse.com
|
||||
|
||||
- Add systemd requires (bnc#865849)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 4 00:06:30 UTC 2014 - tonyj@suse.com
|
||||
|
||||
- Update to version 2.3.3. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 26 18:28:58 UTC 2013 - tonyj@suse.com
|
||||
|
||||
- Update to version 2.3.2. See audit.spec (libaudit1) for upstream
|
||||
changelog
|
||||
- Drop patch 'audit-fix-implicit-defn.patch' (upstream)
|
||||
- Add patch 'audit-allow-manual-stop.patch' to reinstate service
|
||||
stop/restart.
|
||||
- /etc/sysconfig/audit still existed but was no longer referenced
|
||||
by systemd, so remove
|
||||
- Delete audit-no_plugins.patch, it was stale (no longer referenced
|
||||
by specfiles) but had not been removed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 2 12:48:50 UTC 2013 - opensuse@cboltz.de
|
||||
|
||||
- (re-)add rcauditd as symlink to /usr/sbin/service
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 27 15:17:16 UTC 2013 - tonyj@suse.com
|
||||
|
||||
- Eliminate build cycles. audit.spec now builds only libs/devel.
|
||||
Remainder (including daemon) built from audit-secondary.spec
|
||||
- Add patch 'audit-fix-implicit-defn.patch' to fix implicit definition
|
||||
warning.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 25 17:27:47 UTC 2013 - crrodriguez@opensuse.org
|
||||
|
||||
- Buildrequires cap-ng library
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 22 12:34:00 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Executing autoreconf requires autoconf
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 12 13:00:30 UTC 2012 - coolo@suse.com
|
||||
|
||||
- Update to version 2.2.1, see audit's changes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 28 21:58:24 UTC 2012 - tonyj@suse.com
|
||||
|
||||
- Update to version 2.1.3. See audit.spec upstream changelog
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 17 13:38:42 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- Remove redundant tags/sections from specfile
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 20 16:54:38 UTC 2011 - tonyj@novell.com
|
||||
|
||||
- Adjust license of audit-libs-python to be LGPLv2.1 or later.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 27 00:05:50 UTC 2011 - tonyj@novell.com
|
||||
|
||||
- Upgrade to version 2.1.1 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 29 00:22:38 UTC 2010 - tonyj@novell.com
|
||||
|
||||
- Upgrade to version 2.0.5 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
|
||||
|
||||
- use %_smp_mflags
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 4 10:51:33 CEST 2010 - tonyj@suse.de
|
||||
|
||||
- Upgrade to version 2.0.4 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jun 20 12:33:00 CEST 2009 - cmorve69@yahoo.es
|
||||
|
||||
- fixed build with --as-needed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 11 17:19:50 CEST 2009 - tonyj@suse.de
|
||||
|
||||
- Update from 1.7.7 to 1.7.13 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 26 23:27:36 CEST 2008 - tonyj@suse.de
|
||||
|
||||
- Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 1 17:12:46 CEST 2008 - ro@suse.de
|
||||
|
||||
- disable debuginfo for secondary specfile
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 25 01:50:54 CEST 2008 - tonyj@suse.de
|
||||
|
||||
- Update from 1.7.2 to 1.7.4 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
- Update from 1.6.8 to 1.7.2 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 3 21:49:41 CEST 2008 - coolo@suse.de
|
||||
|
||||
- avoid packaging a directory with different permissions (creating
|
||||
rpm -V output)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 16 12:09:26 CEST 2008 - aj@suse.de
|
||||
|
||||
- Use %py_requires for proper requires.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 26 21:29:38 CET 2008 - tonyj@suse.de
|
||||
|
||||
- Update to version 1.6.8.
|
||||
- Rename to audit-secondary and build audisp-plugins from here
|
||||
to minimise bootstrap dependancies.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 18 14:43:11 CET 2008 - schwab@suse.de
|
||||
|
||||
- Use autoreconf.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 10 23:19:29 CEST 2007 - tonyj@suse.de
|
||||
|
||||
- Upgrade to 1.6.2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 25 01:13:09 CEST 2007 - tonyj@suse.de
|
||||
|
||||
- Upgrade to 1.5.5
|
||||
Drop audit-swig-attribute.patch (upstreamed)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 13 01:58:29 CEST 2007 - tonyj@suse.de
|
||||
|
||||
- Fix build errors on ppc
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 12 01:38:36 CEST 2007 - tonyj@suse.de
|
||||
|
||||
- Upgrade to 1.5.4
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 2 19:08:53 CEST 2007 - tonyj@suse.de
|
||||
|
||||
- Upgrade to 1.5.3.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 29 02:47:22 CET 2006 - tonyj@suse.de
|
||||
|
||||
- Upgrade to 1.2.9 (drop several patches which are now upstream)
|
||||
- /usr/sbin/audispd now packaged by audit-libs-python
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Nov 5 00:45:21 CET 2006 - ro@suse.de
|
||||
|
||||
- fix requires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 31 22:57:52 CEST 2006 - tonyj@suse.de
|
||||
|
||||
- Upgrade to 1.2.6-1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 16 16:19:20 CEST 2006 - cthiel@suse.de
|
||||
|
||||
- split off package
|
||||
|
329
audit-secondary.spec
Normal file
329
audit-secondary.spec
Normal file
@ -0,0 +1,329 @@
|
||||
#
|
||||
# spec file for package audit-secondary
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%bcond_without python2
|
||||
%bcond_without python3
|
||||
# This package contains all audit functionality except for audit-libs.
|
||||
# The seperation is required to minimize unnecessary build cycles.
|
||||
%define _name audit
|
||||
Name: audit-secondary
|
||||
Version: 3.0.9
|
||||
Release: 0
|
||||
Summary: Linux kernel audit subsystem utilities
|
||||
License: GPL-2.0-or-later
|
||||
Group: System/Monitoring
|
||||
URL: https://people.redhat.com/sgrubb/audit/
|
||||
Source0: https://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
|
||||
Source1: system-group-audit.conf
|
||||
Patch1: audit-plugins-path.patch
|
||||
Patch2: audit-no-gss.patch
|
||||
Patch3: audit-allow-manual-stop.patch
|
||||
Patch4: audit-ausearch-do-not-require-tclass.patch
|
||||
Patch5: change-default-log_group.patch
|
||||
Patch6: libev-werror.patch
|
||||
Patch7: harden_auditd.service.patch
|
||||
Patch8: change-default-log_format.patch
|
||||
Patch9: fix-hardened-service.patch
|
||||
Patch10: enable-stop-rules.patch
|
||||
Patch11: create-augenrules-service.patch
|
||||
Patch12: audit-userspace-517-compat.patch
|
||||
BuildRequires: audit-devel = %{version}
|
||||
BuildRequires: autoconf >= 2.12
|
||||
BuildRequires: kernel-headers >= 2.6.30
|
||||
BuildRequires: libtool
|
||||
BuildRequires: openldap2-devel
|
||||
BuildRequires: pkgconfig
|
||||
%if %{with python2}
|
||||
BuildRequires: python2-devel
|
||||
%endif
|
||||
%if %{with python3}
|
||||
BuildRequires: python3-devel
|
||||
%endif
|
||||
BuildRequires: swig
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: sysuser-tools
|
||||
BuildRequires: tcpd-devel
|
||||
BuildRequires: pkgconfig(libcap-ng)
|
||||
Provides: bundled(libev) = 4.33
|
||||
|
||||
%description
|
||||
The audit package contains the user space utilities for storing and
|
||||
processing the records generated by the audit subsystem in the
|
||||
Linux kernel.
|
||||
|
||||
%package -n audit
|
||||
Summary: User Space Tools for Kernel Auditing
|
||||
License: LGPL-2.1-or-later
|
||||
Group: System/Monitoring
|
||||
Requires: %{_name}-libs = %{version}
|
||||
Requires: coreutils
|
||||
Requires: group(audit)
|
||||
%{?systemd_ordering}
|
||||
|
||||
%description -n audit
|
||||
The audit package contains the user space utilities for storing and
|
||||
processing the audit records generated by the audit subsystem in the
|
||||
Linux kernel.
|
||||
|
||||
%package -n system-group-audit
|
||||
Summary: System group 'audit'
|
||||
License: LGPL-2.1-or-later
|
||||
Group: System/Fhs
|
||||
%sysusers_requires
|
||||
|
||||
%description -n system-group-audit
|
||||
This package contains the system group 'audit' for read access to logs.
|
||||
|
||||
%package -n python2-audit
|
||||
Summary: Python Bindings for libaudit
|
||||
License: LGPL-2.1-or-later
|
||||
Group: Development/Languages/Python
|
||||
Provides: audit-libs-python = %{version}
|
||||
Obsoletes: audit-libs-python < %{version}
|
||||
|
||||
%description -n python2-audit
|
||||
The audit-libs-python package contains the bindings for using libaudit
|
||||
by python.
|
||||
|
||||
%package -n python3-audit
|
||||
Summary: Python3 Bindings for libaudit
|
||||
License: LGPL-2.1-or-later
|
||||
Group: Development/Languages/Python
|
||||
Provides: audit-libs-python3 = %{version}
|
||||
Obsoletes: audit-libs-python3 < %{version}
|
||||
|
||||
%description -n python3-audit
|
||||
The audit-libs-python3 package contains the bindings for using libaudit
|
||||
by python3.
|
||||
|
||||
%package -n audit-audispd-plugins
|
||||
Summary: Default plugins for the audit dispatcher
|
||||
License: GPL-2.0-or-later
|
||||
Group: System/Monitoring
|
||||
|
||||
%description -n audit-audispd-plugins
|
||||
The audit-audispd-plugins package contains plugin components for the
|
||||
audit dispatcher (audispd).
|
||||
|
||||
%prep
|
||||
# remove selinux policy
|
||||
rm -rf audisp/plugins/zos-remote/policy
|
||||
# we don't build prelude
|
||||
rm -rf audisp/plugins/prelude
|
||||
%autosetup -p1 -n %{_name}-%{version}
|
||||
|
||||
%if %{without python2} && %{with python3}
|
||||
# Fix python env call in tests if we only have Python3.
|
||||
# If both versions are present, python2 bindings are preferred by the tests and
|
||||
# unconditionally using /usr/bin/python3 breaks the tests
|
||||
# Probably the correct solution is to run the tests twice if both are present.
|
||||
perl -i -lpe 's{#!/usr/bin/env python\S+}{#!/usr/bin/python3}' auparse/test/auparse_test.py
|
||||
%endif
|
||||
|
||||
%build
|
||||
autoreconf -fi
|
||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||
export CXXFLAGS="$CFLAGS"
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
|
||||
%configure \
|
||||
%ifarch aarch64
|
||||
--with-aarch64 \
|
||||
%endif
|
||||
%ifarch arm
|
||||
--with-arm \
|
||||
%endif
|
||||
--enable-systemd \
|
||||
--libexecdir=%{_libexecdir}/%{_name} \
|
||||
--with-apparmor \
|
||||
--with-libwrap \
|
||||
--with-libcap-ng=yes \
|
||||
--disable-static \
|
||||
%{?_with_python3} \
|
||||
%{?_without_python}
|
||||
|
||||
%make_build
|
||||
|
||||
%sysusers_generate_pre %{SOURCE1} audit system-group-audit.conf
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
mkdir -p %{buildroot}%{_localstatedir}/log/audit/
|
||||
touch %{buildroot}%{_localstatedir}/log/audit/audit.log
|
||||
mkdir -p %{buildroot}%{_localstatedir}/spool/audit/
|
||||
mkdir -p %{buildroot}%{_sysusersdir}
|
||||
install -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/
|
||||
# For ghost below, so that old location files will still be there when
|
||||
# post copy runs
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/rules.d/
|
||||
touch %{buildroot}%{_sysconfdir}/{auditd.conf,audit.rules} %{buildroot}%{_sysconfdir}/audit/auditd.conf
|
||||
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
||||
touch -r ./audit.spec %{buildroot}%{_sysconfdir}/libaudit.conf
|
||||
# Starting with audit 2.5 no config is installed so start with no rules
|
||||
install -m 0644 rules/10-no-audit.rules %{buildroot}%{_sysconfdir}/%{_name}/rules.d/audit.rules
|
||||
# delete redhat scripts, use ours
|
||||
rm -rf %{buildroot}%{_sysconfdir}/sysconfig/auditd
|
||||
rm -rf %{buildroot}%{_initddir}/auditd
|
||||
rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d
|
||||
# delete redhat systemd legacy scripts, our systemd doesn't support the feature
|
||||
# https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
|
||||
rm -rf %{buildroot}%{_libexecdir}/audit
|
||||
# Clean up some unneeded library files
|
||||
rm -f %{buildroot}/%{_libdir}/python*/site-packages/{_audit,_auparse,auparse}.{a,la}
|
||||
rm -rf %{buildroot}/%{_libdir}/python*/site-packages/__pycache__
|
||||
# cleanup makefiles for the rules (installed by %%docs command)
|
||||
rm -f %{buildroot}/%{_libdir}/pkgconfig/{audit,auparse}.pc
|
||||
# cleanup files handled by audit.spec
|
||||
rm -rf %{buildroot}/%{_datadir}/aclocal/
|
||||
rm -rf %{buildroot}/%{_includedir}
|
||||
rm -f %{buildroot}/%{_libdir}/lib{audit,auparse}.*
|
||||
rm -f %{buildroot}%{_sysconfdir}/libaudit.conf
|
||||
rm -f %{buildroot}/%{_mandir}/man5/libaudit.conf.5
|
||||
rm -rf %{buildroot}/%{_mandir}/man3
|
||||
# Cleanup plugins
|
||||
#USR-MERGE
|
||||
%if 0%{?suse_version} < 1550
|
||||
mkdir %{buildroot}/sbin/
|
||||
for prog in auditctl auditd ausearch autrace aureport augenrules; do
|
||||
ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog
|
||||
done
|
||||
%endif
|
||||
#END-USR-MERGE
|
||||
# rcauditd symlink
|
||||
ln -s service %{buildroot}%{_sbindir}/rcauditd
|
||||
chmod 0644 %{buildroot}%{_unitdir}/auditd.service
|
||||
chmod 0644 %{buildroot}%{_unitdir}/augenrules.service
|
||||
|
||||
%check
|
||||
%make_build check
|
||||
|
||||
%post -n audit
|
||||
# Save existing audit files if any (from old locations)
|
||||
if [ -f %{_sysconfdir}/auditd.conf ]; then
|
||||
mv %{_sysconfdir}/audit/auditd.conf %{_sysconfdir}/audit/auditd.conf.new
|
||||
mv %{_sysconfdir}/auditd.conf %{_sysconfdir}/audit/auditd.conf
|
||||
fi
|
||||
if [ -f %{_sysconfdir}/audit.rules ]; then
|
||||
mv %{_sysconfdir}/audit.rules %{_sysconfdir}/audit/audit.rules
|
||||
elif [ ! -f %{_sysconfdir}/audit/audit.rules ]; then
|
||||
cp %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules
|
||||
fi
|
||||
%service_add_post auditd.service
|
||||
%service_add_post augenrules.service
|
||||
|
||||
%pre -n audit
|
||||
%service_add_pre auditd.service
|
||||
%service_add_pre augenrules.service
|
||||
|
||||
%pre -n system-group-audit -f audit.pre
|
||||
|
||||
%preun -n audit
|
||||
%service_del_preun auditd.service
|
||||
%service_del_preun augenrules.service
|
||||
|
||||
%postun -n audit
|
||||
%service_del_postun auditd.service
|
||||
%service_del_postun augenrules.service
|
||||
|
||||
%files -n audit
|
||||
%license COPYING
|
||||
%doc README ChangeLog init.d/auditd.cron
|
||||
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
|
||||
%if 0%{?suse_version} < 1550
|
||||
/sbin/auditctl
|
||||
/sbin/auditd
|
||||
/sbin/ausearch
|
||||
/sbin/autrace
|
||||
/sbin/augenrules
|
||||
/sbin/aureport
|
||||
%endif
|
||||
%attr(750,root,root) %{_sbindir}/auditctl
|
||||
%attr(750,root,root) %{_sbindir}/auditd
|
||||
%attr(755,root,root) %{_sbindir}/ausearch
|
||||
%attr(750,root,root) %{_sbindir}/autrace
|
||||
%attr(750,root,root) %{_sbindir}/augenrules
|
||||
%attr(750,root,root) %{_sbindir}/audisp-syslog
|
||||
%attr(755,root,root) %{_bindir}/aulast
|
||||
%attr(755,root,root) %{_bindir}/aulastlog
|
||||
%attr(755,root,root) %{_bindir}/ausyscall
|
||||
%attr(755,root,root) %{_sbindir}/aureport
|
||||
%attr(755,root,root) %{_bindir}/auvirt
|
||||
%dir %attr(750,root,root) %{_sysconfdir}/audit
|
||||
%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/af_unix.conf
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/syslog.conf
|
||||
%ghost %{_sysconfdir}/auditd.conf
|
||||
%ghost %{_sysconfdir}/audit.rules
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf
|
||||
%dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
|
||||
%dir %attr(750,root,audit) %{_localstatedir}/log/audit
|
||||
%ghost %config(noreplace) %attr(640,root,audit) %{_localstatedir}/log/audit/audit.log
|
||||
%dir %attr(700,root,root) %{_localstatedir}/spool/audit
|
||||
%{_unitdir}/auditd.service
|
||||
%{_unitdir}/augenrules.service
|
||||
%{_sbindir}/rcauditd
|
||||
%{_datadir}/audit/
|
||||
|
||||
%files -n system-group-audit
|
||||
%{_sysusersdir}/system-group-audit.conf
|
||||
|
||||
%if %{with python2}
|
||||
%files -n python2-audit
|
||||
%attr(755,root,root) %{python2_sitearch}/_audit.so
|
||||
%attr(755,root,root) %{python2_sitearch}/auparse.so
|
||||
%{python2_sitearch}/audit.py*
|
||||
%endif
|
||||
|
||||
%if %{with python3}
|
||||
%files -n python3-audit
|
||||
%attr(755,root,root) %{python3_sitearch}/*
|
||||
%endif
|
||||
|
||||
%files -n audit-audispd-plugins
|
||||
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
|
||||
%attr(750,root,root) %dir %{_sysconfdir}/audit
|
||||
%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/audispd-zos-remote.conf
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/zos-remote.conf
|
||||
%attr(750,root,root) %{_sbindir}/audisp-remote
|
||||
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audisp-remote.conf
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/au-remote.conf
|
||||
|
||||
%changelog
|
38
audit-userspace-517-compat.patch
Normal file
38
audit-userspace-517-compat.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From: Sergei Trofimovich <slyich@gmail.com>
|
||||
Date: Wed, 23 Mar 2022 07:27:05 +0000
|
||||
Subject: [PATCH] auditswig.i: avoid setter generation for audit_rule_data::buf
|
||||
References: https://github.com/linux-audit/audit-userspace/issues/252
|
||||
Git-commit: https://github.com/linux-audit/audit-userspace/pull/253/commits/beed138222421a2eb4212d83cb889404bd7efc49
|
||||
Git-repo: [if different from https://github.com/linux-audit/audit-userspace.git]
|
||||
Patch-mainline: submitted for review upstream
|
||||
|
||||
As it's a flexible array generated code was never safe to use.
|
||||
With kernel's https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed98ea2128b6fd83bce13716edf8f5fe6c47f574
|
||||
change it's a build failure now:
|
||||
|
||||
audit> audit_wrap.c:5010:15: error: invalid use of flexible array member
|
||||
audit> 5010 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
|
||||
audit> | ^
|
||||
|
||||
Let's avoid setter generation entirely.
|
||||
|
||||
Closes: https://github.com/linux-audit/audit-userspace/issues/252
|
||||
---
|
||||
bindings/swig/src/auditswig.i | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
|
||||
index 21aafca31..9a2c5661d 100644
|
||||
--- a/bindings/swig/src/auditswig.i
|
||||
+++ b/bindings/swig/src/auditswig.i
|
||||
@@ -39,6 +39,10 @@ signed
|
||||
#define __attribute(X) /*nothing*/
|
||||
typedef unsigned __u32;
|
||||
typedef unsigned uid_t;
|
||||
+/* Sidestep SWIG's limitation of handling c99 Flexible arrays by not:
|
||||
+ * generating setters against them: https://github.com/swig/swig/issues/1699
|
||||
+ */
|
||||
+%ignore audit_rule_data::buf;
|
||||
%include "/usr/include/linux/audit.h"
|
||||
#define __extension__ /*nothing*/
|
||||
%include <stdint.i>
|
1525
audit.changes
Normal file
1525
audit.changes
Normal file
File diff suppressed because it is too large
Load Diff
152
audit.spec
Normal file
152
audit.spec
Normal file
@ -0,0 +1,152 @@
|
||||
#
|
||||
# spec file for package audit
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
Name: audit
|
||||
Version: 3.0.9
|
||||
Release: 0
|
||||
Summary: Linux kernel audit subsystem utilities
|
||||
License: GPL-2.0-or-later
|
||||
Group: System/Monitoring
|
||||
URL: https://people.redhat.com/sgrubb/audit/
|
||||
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
||||
Source1: baselibs.conf
|
||||
Source2: README-BEFORE-ADDING-PATCHES
|
||||
Patch0: change-default-log_group.patch
|
||||
BuildRequires: autoconf >= 2.12
|
||||
BuildRequires: kernel-headers >= 2.6.30
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: tcpd-devel
|
||||
Requires: libaudit1 = %{version}
|
||||
Requires: libauparse0 = %{version}
|
||||
Provides: bundled(libev) = 4.33
|
||||
|
||||
%description
|
||||
The audit package contains the user space utilities for storing and
|
||||
processing the records generated by the audit subsystem in the
|
||||
Linux kernel.
|
||||
|
||||
%package -n libaudit1
|
||||
Summary: Library for interfacing with the kernel audit subsystem
|
||||
License: LGPL-2.1-or-later
|
||||
Group: System/Libraries
|
||||
Obsoletes: %{name}-libs < 2.0.4
|
||||
Provides: %{name}-libs = %{version}
|
||||
|
||||
%description -n libaudit1
|
||||
The libaudit package contains the shared libraries needed for
|
||||
applications to use the audit framework.
|
||||
|
||||
%package -n libauparse0
|
||||
Summary: Library for parsing and interpreting audit events
|
||||
License: LGPL-2.1-or-later
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n libauparse0
|
||||
The libauparse package contains the shared libraries needed to
|
||||
parse audit records.
|
||||
|
||||
%package -n audit-devel
|
||||
Summary: Header files for libaudit
|
||||
License: LGPL-2.1-or-later
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libaudit1 = %{version}
|
||||
Requires: libauparse0 = %{version}
|
||||
|
||||
%description -n audit-devel
|
||||
The audit-devel package contains the header files
|
||||
needed for developing applications that need to use the audit framework
|
||||
libraries.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
autoreconf -fi
|
||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||
export CXXFLAGS="$CFLAGS"
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
|
||||
%configure \
|
||||
%ifarch aarch64
|
||||
--with-aarch64 \
|
||||
%endif
|
||||
%ifarch arm
|
||||
--with-arm \
|
||||
%endif
|
||||
--enable-systemd \
|
||||
--libexecdir=%{_libexecdir}/%{name} \
|
||||
--with-apparmor \
|
||||
--with-libcap-ng=no \
|
||||
--disable-static \
|
||||
--with-python=no \
|
||||
--disable-zos-remote
|
||||
|
||||
%make_build -C common
|
||||
%make_build -C lib
|
||||
%make_build -C auparse
|
||||
%make_build -C docs
|
||||
|
||||
%install
|
||||
%make_install -C common
|
||||
%make_install -C lib
|
||||
%make_install -C auparse
|
||||
%make_install -C docs
|
||||
rm -rf %{buildroot}/%{_mandir}/man[578]
|
||||
mkdir -p %{buildroot}%{_sysconfdir}
|
||||
mkdir -p %{buildroot}/%{_includedir}
|
||||
mkdir -p %{buildroot}/%{_mandir}/man5
|
||||
# We manually install this since Makefile doesn't
|
||||
install -m 0644 lib/libaudit.h %{buildroot}/%{_includedir}
|
||||
install -D -m 0644 ./m4/audit.m4 %{buildroot}%{_datadir}/aclocal/audit.m4
|
||||
# Install libaudit.conf files by hand
|
||||
install -m 0644 docs/libaudit.conf.5 %{buildroot}/%{_mandir}/man5
|
||||
install -m 0644 init.d/libaudit.conf %{buildroot}%{_sysconfdir}
|
||||
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
%check
|
||||
%make_build -C lib check
|
||||
%make_build -C auparse check
|
||||
|
||||
%post -n libaudit1 -p /sbin/ldconfig
|
||||
%post -n libauparse0 -p /sbin/ldconfig
|
||||
%postun -n libaudit1 -p /sbin/ldconfig
|
||||
%postun -n libauparse0 -p /sbin/ldconfig
|
||||
|
||||
%files -n libaudit1
|
||||
%{_libdir}/libaudit.so.*
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf
|
||||
%{_mandir}/man5/libaudit.conf.5%{ext_man}
|
||||
|
||||
%files -n libauparse0
|
||||
%{_libdir}/libauparse.so.*
|
||||
|
||||
%files -n audit-devel
|
||||
%doc contrib/plugin
|
||||
%{_libdir}/libaudit.so
|
||||
%{_libdir}/libauparse.so
|
||||
%{_includedir}/libaudit.h
|
||||
%{_includedir}/auparse.h
|
||||
%{_includedir}/auparse-defs.h
|
||||
%{_mandir}/man3/*
|
||||
%{_datadir}/aclocal/audit.m4
|
||||
%{_libdir}/pkgconfig/audit.pc
|
||||
%{_libdir}/pkgconfig/auparse.pc
|
||||
|
||||
%changelog
|
7
baselibs.conf
Normal file
7
baselibs.conf
Normal file
@ -0,0 +1,7 @@
|
||||
libaudit1
|
||||
obsoletes "audit-libs-<targettype> < 2.0.4"
|
||||
libauparse0
|
||||
audit-devel
|
||||
requires -audit-<targettype>
|
||||
requires "libaudit1-<targettype> = <version>"
|
||||
requires "libauparse0-<targettype> = <version>"
|
28
change-default-log_format.patch
Normal file
28
change-default-log_format.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
Subject: auditd.conf: change default log_format
|
||||
References: bsc#1190500
|
||||
|
||||
Upstream commit bf1270cfe ("change default logging format and update roadmap")
|
||||
changed the default log_format from RAW to ENRICHED.
|
||||
|
||||
This causes non-audit tools to not interpret the GS character (group separator,
|
||||
0x1d) that splits the raw data from the enriched data, causing it to be visually
|
||||
concatenated.
|
||||
|
||||
Since a candidate patch to change this was rejected by upstream, we change
|
||||
the default log_format back to RAW instead, to avoid confusion on customers'
|
||||
environments.
|
||||
|
||||
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
|
||||
--- a/init.d/auditd.conf
|
||||
+++ b/init.d/auditd.conf
|
||||
@@ -6,7 +6,7 @@ local_events = yes
|
||||
write_logs = yes
|
||||
log_file = /var/log/audit/audit.log
|
||||
log_group = audit
|
||||
-log_format = ENRICHED
|
||||
+log_format = RAW
|
||||
flush = INCREMENTAL_ASYNC
|
||||
freq = 50
|
||||
max_log_file = 8
|
21
change-default-log_group.patch
Normal file
21
change-default-log_group.patch
Normal file
@ -0,0 +1,21 @@
|
||||
From: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
Date: Thu Jan 28 18:11:39 UTC 2021
|
||||
References: bsc#1178154
|
||||
Patch-mainline: Not yet, under review
|
||||
Subject: change default log_group to "audit"
|
||||
|
||||
Change the default log_group to newly added "audit" group.
|
||||
|
||||
Signed-Off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
|
||||
--- a/init.d/auditd.conf
|
||||
+++ b/init.d/auditd.conf
|
||||
@@ -5,7 +5,7 @@
|
||||
local_events = yes
|
||||
write_logs = yes
|
||||
log_file = /var/log/audit/audit.log
|
||||
-log_group = root
|
||||
+log_group = audit
|
||||
log_format = ENRICHED
|
||||
flush = INCREMENTAL_ASYNC
|
||||
freq = 50
|
97
create-augenrules-service.patch
Normal file
97
create-augenrules-service.patch
Normal file
@ -0,0 +1,97 @@
|
||||
Index: audit-3.0.9/init.d/augenrules.service
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ audit-3.0.9/init.d/augenrules.service
|
||||
@@ -0,0 +1,29 @@
|
||||
+[Unit]
|
||||
+Description=auditd rules generation
|
||||
+After=auditd.service
|
||||
+Documentation=man:augenrules(8)
|
||||
+
|
||||
+[Service]
|
||||
+Type=oneshot
|
||||
+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
||||
+ExecStart=/sbin/augenrules --load
|
||||
+# We need RemainAfterExit=true so augenrules is called again
|
||||
+# in case auditd.service is restarted.
|
||||
+RemainAfterExit=true
|
||||
+
|
||||
+### Security Settings ###
|
||||
+MemoryDenyWriteExecute=true
|
||||
+LockPersonality=true
|
||||
+ProtectControlGroups=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectHome=true
|
||||
+RestrictRealtime=true
|
||||
+# for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectSystem=full
|
||||
+PrivateDevices=true
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelLogs=true
|
||||
+ReadWritePaths=/etc/audit
|
||||
Index: audit-3.0.9/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.service
|
||||
+++ audit-3.0.9/init.d/auditd.service
|
||||
@@ -15,15 +15,16 @@ ConditionKernelCommandLine=!audit=0
|
||||
ConditionKernelCommandLine=!audit=off
|
||||
|
||||
Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
|
||||
+Requires=augenrules.service
|
||||
+# This unit clears rules on stop, so make sure that augenrules runs again
|
||||
+PropagatesStopTo=augenrules.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/auditd.pid
|
||||
ExecStart=/sbin/auditd
|
||||
-## To not use augenrules, copy this file to /etc/systemd/system/auditd.service
|
||||
-## and comment/delete the next line and uncomment the auditctl line.
|
||||
-## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
||||
-ExecStartPost=-/sbin/augenrules --load
|
||||
+## To not use augenrules: copy this file to /etc/systemd/system/auditd.service,
|
||||
+## uncomment the next line, and comment the Requires=augenrules.service above.
|
||||
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
||||
# By default we clear the rules on exit. To disable this, comment
|
||||
# the next line after copying the file to /etc/systemd/system/auditd.service
|
||||
@@ -46,7 +47,6 @@ ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelLogs=true
|
||||
# end of automatic additions
|
||||
-ReadWritePaths=/etc/audit
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Index: audit-3.0.9/init.d/Makefile.am
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/Makefile.am
|
||||
+++ audit-3.0.9/init.d/Makefile.am
|
||||
@@ -26,7 +26,8 @@ EXTRA_DIST = auditd.init auditd.service
|
||||
auditd.cron libaudit.conf auditd.condrestart \
|
||||
auditd.reload auditd.restart auditd.resume \
|
||||
auditd.rotate auditd.state auditd.stop \
|
||||
- audit-stop.rules augenrules audit-functions
|
||||
+ audit-stop.rules augenrules audit-functions \
|
||||
+ augenrules.service
|
||||
libconfig = libaudit.conf
|
||||
if ENABLE_SYSTEMD
|
||||
initdir = /usr/lib/systemd/system
|
||||
@@ -54,6 +55,7 @@ if ENABLE_SYSTEMD
|
||||
mkdir -p ${DESTDIR}${legacydir}
|
||||
mkdir -p ${DESTDIR}${libexecdir}
|
||||
$(INSTALL_SCRIPT) -D -m 644 ${srcdir}/auditd.service ${DESTDIR}${initdir}
|
||||
+ $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/augenrules.service ${DESTDIR}${initdir}
|
||||
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate ${DESTDIR}${legacydir}/rotate
|
||||
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume ${DESTDIR}${legacydir}/resume
|
||||
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.reload ${DESTDIR}${legacydir}/reload
|
||||
@@ -72,6 +74,7 @@ uninstall-hook:
|
||||
rm ${DESTDIR}${sysconfdir}/${libconfig}
|
||||
if ENABLE_SYSTEMD
|
||||
rm ${DESTDIR}${initdir}/auditd.service
|
||||
+ rm ${DESTDIR}${initdir}/augenrules.service
|
||||
rm ${DESTDIR}${legacydir}/rotate
|
||||
rm ${DESTDIR}${legacydir}/resume
|
||||
rm ${DESTDIR}${legacydir}/reload
|
29
enable-stop-rules.patch
Normal file
29
enable-stop-rules.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
Subject: init.d/auditd.service: enable ExecStopPost directive in auditd.service
|
||||
References: bsc#1190227
|
||||
|
||||
This has caused confusion for customers when relating stopping auditd service
|
||||
is the same as stopping system auditing. This is completely understandable, but
|
||||
it's by design, so kauditd can keep filling its queues for any other userspace
|
||||
daemon to consume.
|
||||
|
||||
Disable audit when auditd.service stops, so kauditd stops logging/running.
|
||||
|
||||
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
|
||||
Index: audit-3.0.9/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.service
|
||||
+++ audit-3.0.9/init.d/auditd.service
|
||||
@@ -25,9 +25,9 @@ ExecStart=/sbin/auditd
|
||||
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
||||
ExecStartPost=-/sbin/augenrules --load
|
||||
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
||||
-# By default we don't clear the rules on exit. To enable this, uncomment
|
||||
+# By default we clear the rules on exit. To disable this, comment
|
||||
# the next line after copying the file to /etc/systemd/system/auditd.service
|
||||
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
||||
+ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
||||
Restart=on-failure
|
||||
# Do not restart for intentional exits. See EXIT CODES section in auditd(8).
|
||||
RestartPreventExitStatus=2 4 6
|
32
fix-hardened-service.patch
Normal file
32
fix-hardened-service.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
Subject: init.d/auditd.service: make /etc/audit writable
|
||||
References: bsc#1181400
|
||||
|
||||
systemd hardening effort (bsc#1181400) broke auditd.service when starting/
|
||||
restarting it. This was because auditd couldn't save/create audit.rules from
|
||||
/etc/audit/rules.d/* files.
|
||||
|
||||
Make /etc/audit writable for the service.
|
||||
|
||||
Also remove PrivateDevices=true so /dev/* are exposed to auditd.
|
||||
|
||||
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
|
||||
Index: audit-3.0.9/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.service
|
||||
+++ audit-3.0.9/init.d/auditd.service
|
||||
@@ -41,12 +41,12 @@ RestrictRealtime=true
|
||||
# added automatically, for details please see
|
||||
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
ProtectSystem=full
|
||||
-PrivateDevices=true
|
||||
ProtectHostname=true
|
||||
ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelLogs=true
|
||||
# end of automatic additions
|
||||
+ReadWritePaths=/etc/audit
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
20
harden_auditd.service.patch
Normal file
20
harden_auditd.service.patch
Normal file
@ -0,0 +1,20 @@
|
||||
Index: audit-3.0.9/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.service
|
||||
+++ audit-3.0.9/init.d/auditd.service
|
||||
@@ -38,6 +38,15 @@ LockPersonality=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
RestrictRealtime=true
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectSystem=full
|
||||
+PrivateDevices=true
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelLogs=true
|
||||
+# end of automatic additions
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
26
libev-werror.patch
Normal file
26
libev-werror.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From: Jan Engelhardt <jengelh@inai.de>
|
||||
Date: 2021-06-02 16:18:03.256597842 +0200
|
||||
|
||||
Cherry-pick http://cvs.schmorp.de/libev/ev_iouring.c?view=log&r1=1.25
|
||||
to fix some terrible code.
|
||||
|
||||
[ 50s] ev_iouring.c: In function 'iouring_sqe_submit':
|
||||
[ 50s] ev_iouring.c:300:1: error: no return statement in function returning non-void [-Werror=return-type]
|
||||
|
||||
---
|
||||
src/libev/ev_iouring.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: audit-3.0.1/src/libev/ev_iouring.c
|
||||
===================================================================
|
||||
--- audit-3.0.1.orig/src/libev/ev_iouring.c
|
||||
+++ audit-3.0.1/src/libev/ev_iouring.c
|
||||
@@ -287,7 +287,7 @@ iouring_sqe_get (EV_P)
|
||||
}
|
||||
|
||||
inline_size
|
||||
-struct io_uring_sqe *
|
||||
+void
|
||||
iouring_sqe_submit (EV_P_ struct io_uring_sqe *sqe)
|
||||
{
|
||||
unsigned idx = sqe - EV_SQES;
|
2
system-group-audit.conf
Normal file
2
system-group-audit.conf
Normal file
@ -0,0 +1,2 @@
|
||||
# Type Name ID GECOS [HOME]
|
||||
g audit -
|
Loading…
Reference in New Issue
Block a user