2013-12-03 23:28:29 +01:00
|
|
|
From: Tony Jones <tonyj@suse.de>
|
|
|
|
|
Subject: allow service stop
|
|
|
|
|
References: https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
|
|
|
|
|
References: https://www.redhat.com/archives/linux-audit/2013-July/msg00048.html
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
legacy-actions is Fedora specific, so blocking manual stop won't work for
|
2016-04-01 18:36:15 +02:00
|
|
|
SUSE since we lack the ability to use a custom stop/restart
|
2013-12-03 23:28:29 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
init.d/auditd.service | 1 -
|
|
|
|
|
1 file changed, 1 deletion(-)
|
|
|
|
|
|
Accepting request 1043243 from home:ematsumiya:branches:security
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
OBS-URL: https://build.opensuse.org/request/show/1043243
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=141
2022-12-19 20:54:31 +01:00
|
|
|
Index: audit-3.0.9/init.d/auditd.service
|
|
|
|
|
===================================================================
|
|
|
|
|
--- audit-3.0.9.orig/init.d/auditd.service
|
|
|
|
|
+++ audit-3.0.9/init.d/auditd.service
|
|
|
|
|
@@ -11,7 +11,6 @@ After=local-fs.target systemd-tmpfiles-s
|
2013-12-03 23:28:29 +01:00
|
|
|
Before=sysinit.target shutdown.target
|
- Update to version 2.6.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
* Add auparse_normalizer support for SOFTWARE_UPDATE event
* Mark netlabel events as simple events so that get processed quicker
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
* Update lookup tables for the 4.18 kernel
* In aureport, fix segfault in file report
* Add auparse_normalizer support for labeled networking events
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
* Event aging is off by a second
* In ausearch/auparse, correct event ordering to process oldest first
* auparse_reset was not clearing everything it should
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
* In ausearch/report, lightly parse selinux portion of USER_AVC events
* In ausearch/report, limit record size when malformed
* In auditd, fix extract_type function for network originating events
* In auditd, calculate right size and location for network originating events
* Treat all network originating events as VER2 so dispatcher doesn't format it
* In audisp-remote do an initial connection attempt (#1625156)
* In auditd, allow expression of space left as a percentage (#1650670)
* On PPC64LE systems, only allow 64 bit rules (#1462178)
* Make some parts of auditd state report optional based on config
* Fix ausearch when checkpointing a single file (Burn Alting)
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
* In ausearch, do not checkpt if stdin is input source
* In libev, remove __cold__ attribute for functions to allow proper hardening
* Add tests to configure.ac for openldap support
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=108
2020-01-16 21:02:22 +01:00
|
|
|
##Before=shutdown.target
|
|
|
|
|
Conflicts=shutdown.target
|
2013-12-03 23:28:29 +01:00
|
|
|
-RefuseManualStop=yes
|
2014-09-03 01:07:21 +02:00
|
|
|
ConditionKernelCommandLine=!audit=0
|
Accepting request 1043243 from home:ematsumiya:branches:security
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
OBS-URL: https://build.opensuse.org/request/show/1043243
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=141
2022-12-19 20:54:31 +01:00
|
|
|
ConditionKernelCommandLine=!audit=off
|
2013-12-03 23:28:29 +01:00
|
|
|
|