pool/audit
SHA256
4
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 137974 from security

Browse Source 
- Update to version 2.2.1, see audit's changes

- update to 2.2.1, upstream changelog:
  2.2.1
  - Add more interpretations in auparse for syscall parameters 
  - Add some interpretations to ausearch for syscall parameters
  - In ausearch/report and auparse, allocate extra space for node names
  - Update syscall tables for the 3.3.0 kernel
  - Update libev to 4.0.4
  - Reduce the size of some applications
  - In auditctl, check usage against euid rather than uid
  
  2.2
  - Correct all rules for clock_settime
  - Fix possible segfault in auparse library
  - Handle malformed socket addresses better
  - Improve performance in audit_log_user_message() 
  - Improve performance in writing to the log file in auditd
  - Syscall update for accept4 and recvmmsg
  - Update autrace resource usage mode syscall list
  - Improved sample rules for recent syscalls
  - Add some debug info to audisp-remote startup and shutdown
  - Make compiling with Python optional
  - In auditd, if disk_error_action is ignore, don't syslog anything
  - Fix some memory leaks
  - If audispd is stopping, don't restart children
  - Add support in auditctl for shell escaped filenames (Alexander)
  - Add search support for virt events (Marcelo Cerri)
  - Update interpretation tables
  - Sync auparse's auditd config parser with auditd's parser (forwarded request 137972 from coolo)

OBS-URL: https://build.opensuse.org/request/show/137974
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=58
This commit is contained in:
Stephan Kulow 2012-10-13 17:50:51 +00:00 committed by Git OBS Bridge
commit 9c5448facb
9 changed files with 82 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
audit-2.1.3.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6327318a73e4e38efeacfb0521388d1e6891e416992ff3798d37262395c6c4d3
size 636030

3
audit-2.2.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9865ca89f5b975ccf25441ddf45a874448f2bba944005aa8cd5e3c3148713a63
size 877202

57
audit-no_python.patch
View File

@ -1,57 +0,0 @@
From: Tony Jones <tonyj@suse.de>
Subject: Disable automatic building of python code
Upsteam: never
Python code is disabled for audit.spec. Built manually by audit-libs-python.spec.
This is apparantly necessary due to the SuSE build system. Bit of a PITA but
there you have it.
---
Makefile.am | 4 ++--
auparse/Makefile.am | 1 -
configure.ac | 4 ++--
3 files changed, 4 insertions(+), 5 deletions(-)
--- a/configure.ac
+++ b/configure.ac
@@ -40,7 +40,6 @@ AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE
AM_PROG_LIBTOOL
AC_SUBST(LIBTOOL_DEPS)
-AM_PATH_PYTHON
OLDLIBS="$LIBS"
m4_include([src/libev/libev.m4])
libev_LIBS="$LIBS"
@@ -231,7 +230,8 @@ AC_SUBST(libev_LIBS)
AC_SUBST(LIBPRELUDE_CFLAGS)
AC_SUBST(LIBPRELUDE_LDFLAGS)
-AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
+# SuSE: remove swig/Makefile + bindings/Makefile + bindings/python/Makefile
+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
echo .
echo "
--- a/Makefile.am
+++ b/Makefile.am
@@ -21,8 +21,8 @@
# Rickard E. (Rik) Faith <faith@redhat.com>
#
-SUBDIRS = lib auparse src/mt src/libev src audisp tools swig bindings init.d \
- docs
+# SuSE: remove swig + bindings
+SUBDIRS = lib auparse src/mt src/libev src audisp tools init.d docs
EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \
contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \
contrib/stig.rules contrib/skeleton.c contrib/avc_snap \
--- a/auparse/Makefile.am
+++ b/auparse/Makefile.am
@@ -20,7 +20,6 @@
# Steve Grubb <sgrubb@redhat.com>
#
-SUBDIRS = test
CLEANFILES = $(BUILT_SOURCES)
CONFIG_CLEAN_FILES = *.loT *.rej *.orig
AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG}

5
audit-secondary.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Oct 12 13:00:30 UTC 2012 - coolo@suse.com
- Update to version 2.2.1, see audit's changes
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 28 21:58:24 UTC 2012 - tonyj@suse.com Tue Feb 28 21:58:24 UTC 2012 - tonyj@suse.com

5
audit-secondary.spec
View File

@ -14,7 +14,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #
# nodebuginfo
%define _name audit %define _name audit
@ -28,10 +27,10 @@ BuildRequires: swig
Summary: Python Bindings for libaudit Summary: Python Bindings for libaudit
License: GPL-2.0+ License: GPL-2.0+
Group: System/Monitoring Group: System/Monitoring
Version: 2.1.3 Version: 2.2.1
Release: 0 Release: 0
Url: http://people.redhat.com/sgrubb/audit/ Url: http://people.redhat.com/sgrubb/audit/
Source0: audit-%{version}.tar.bz2 Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
Patch1: audit-plugins-path.patch Patch1: audit-plugins-path.patch
Requires: audit = %{version} Requires: audit = %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build

46
audit.changes
View File

@ -1,3 +1,49 @@
-------------------------------------------------------------------
Fri Oct 12 12:51:13 UTC 2012 - coolo@suse.com
- update to 2.2.1, upstream changelog:
2.2.1
- Add more interpretations in auparse for syscall parameters
- Add some interpretations to ausearch for syscall parameters
- In ausearch/report and auparse, allocate extra space for node names
- Update syscall tables for the 3.3.0 kernel
- Update libev to 4.0.4
- Reduce the size of some applications
- In auditctl, check usage against euid rather than uid
2.2
- Correct all rules for clock_settime
- Fix possible segfault in auparse library
- Handle malformed socket addresses better
- Improve performance in audit_log_user_message()
- Improve performance in writing to the log file in auditd
- Syscall update for accept4 and recvmmsg
- Update autrace resource usage mode syscall list
- Improved sample rules for recent syscalls
- Add some debug info to audisp-remote startup and shutdown
- Make compiling with Python optional
- In auditd, if disk_error_action is ignore, don't syslog anything
- Fix some memory leaks
- If audispd is stopping, don't restart children
- Add support in auditctl for shell escaped filenames (Alexander)
- Add search support for virt events (Marcelo Cerri)
- Update interpretation tables
- Sync auparse's auditd config parser with auditd's parser
- In ausearch, also use cwd fields in file name searchs
- In ausearch, parse cwd in USER_CMD events
- In ausearch, correct parsing of uid in user space events
- In ausearch, update parsing of integrity events
- Apply some text cleanups from Debian (Russell Coker)
- In auditd, relax some permission checks for external apps
- Add ROLE_MODIFY event type
- In auditctl, new -c option to continue through bad rules but with failed exit
- Add auvirt program to do special reporting on virt events (Marcelo Cerri)
- Add interfield comparison support to auditctl (Peter Moody)
- Update auparse type intepretation for apparmor (Marcelo Cerri)
- Increase tcp_max_per_addr maximum to 1024.
- remove audit-no_python.patch, there is a configure switch for that now
- remove prereq on sysvinit
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 28 21:55:39 UTC 2012 - tonyj@suse.com Tue Feb 28 21:55:39 UTC 2012 - tonyj@suse.com

41
audit.spec
View File

@ -24,20 +24,19 @@ BuildRequires: tcpd-devel
Summary: User Space Tools for 2.6 Kernel Auditing Summary: User Space Tools for 2.6 Kernel Auditing
License: GPL-2.0+ License: GPL-2.0+
Group: System/Monitoring Group: System/Monitoring
Version: 2.1.3 Version: 2.2.1
Release: 0 Release: 0
Url: http://people.redhat.com/sgrubb/audit/ Url: http://people.redhat.com/sgrubb/audit/
Source0: %{name}-%{version}.tar.bz2 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: auditd.init Source1: auditd.init
Source2: auditd.sysconfig Source2: auditd.sysconfig
Source3: baselibs.conf Source3: baselibs.conf
Source4: README-BEFORE-ADDING-PATCHES Source4: README-BEFORE-ADDING-PATCHES
Patch1: audit-no_python.patch
Patch2: audit-no_plugins.patch Patch2: audit-no_plugins.patch
Patch3: audit-no-gss.patch Patch3: audit-no-gss.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version} Requires: %{name}-libs = %{version}
PreReq: %insserv_prereq %fillup_prereq sysvinit(syslog) PreReq: %insserv_prereq %fillup_prereq
%description %description
The audit package contains the user space utilities for storing and The audit package contains the user space utilities for storing and
@ -78,7 +77,6 @@ libraries.
%prep %prep
%setup -q %setup -q
%patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
@ -88,10 +86,9 @@ export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS" export CXXFLAGS="$CFLAGS"
export LDFLAGS="-Wl,-z,relro,-z,now" export LDFLAGS="-Wl,-z,relro,-z,now"
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
%configure --sbindir=/sbin \ %configure --libexecdir=%{_prefix}/lib/%{name} \
--libdir=/%{_lib} --libexecdir=%{_prefix}/lib/%{name} \
--with-apparmor --with-libwrap --with-libcap-ng=yes \ --with-apparmor --with-libwrap --with-libcap-ng=yes \
--disable-static --with-pic --disable-static --with-pic --without-python
%{__make} %{?_smp_mflags} %{__make} %{?_smp_mflags}
%install %install
@ -106,8 +103,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}
install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir} install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir}
for libname in libaudit libauparse;do for libname in libaudit libauparse;do
%{__ln_s} -v /%{_lib}/$(readlink %{buildroot}/%{_lib}/$libname.so) %{buildroot}%{_libdir}/$libname.so %{__rm} -v %{buildroot}/%{_libdir}/$libname.la
%{__rm} -v %{buildroot}/%{_lib}/$libname.{so,la} done
# USR-MERGE
for prog in auditctl auditd ausearch autrace audispd aureport; do
ln -s %{_prefix}/sbin/$prog %{buildroot}/sbin/$prog
done done
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
@ -117,7 +118,7 @@ rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd
rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd
rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d
install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/auditd install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/auditd
ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/sbin/rcauditd ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/usr/sbin/rcauditd
mkdir -p $RPM_BUILD_ROOT/var/log/audit/ mkdir -p $RPM_BUILD_ROOT/var/log/audit/
touch $RPM_BUILD_ROOT/var/log/audit/audit.log touch $RPM_BUILD_ROOT/var/log/audit/audit.log
mkdir -p $RPM_BUILD_ROOT/var/spool/audit/ mkdir -p $RPM_BUILD_ROOT/var/spool/audit/
@ -159,19 +160,19 @@ fi
%files -n libaudit1 %files -n libaudit1
%defattr(-,root,root) %defattr(-,root,root)
/%{_lib}/libaudit.* %{_libdir}/libaudit.so.*
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf %config(noreplace) %attr(640,root,root) /etc/libaudit.conf
%{_mandir}/man5/libaudit.conf.5* %{_mandir}/man5/libaudit.conf.5*
%files -n libauparse0 %files -n libauparse0
%defattr(-,root,root) %defattr(-,root,root)
/%{_lib}/libauparse.* %{_libdir}/libauparse.so.*
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
%doc contrib/skeleton.c contrib/plugin %doc contrib/skeleton.c contrib/plugin
%{_libdir}/libaudit.* %{_libdir}/libaudit.so
%{_libdir}/libauparse.* %{_libdir}/libauparse.so
%{_includedir}/libaudit.h %{_includedir}/libaudit.h
%{_includedir}/auparse.h %{_includedir}/auparse.h
%{_includedir}/auparse-defs.h %{_includedir}/auparse-defs.h
@ -193,16 +194,24 @@ fi
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(750,root,root) /sbin/auditctl %attr(750,root,root) /sbin/auditctl
%attr(750,root,root) /usr/sbin/auditctl
%attr(750,root,root) /sbin/auditd %attr(750,root,root) /sbin/auditd
%attr(750,root,root) /usr/sbin/auditd
%attr(755,root,root) /sbin/ausearch %attr(755,root,root) /sbin/ausearch
%attr(750,root,root) /sbin/rcauditd %attr(755,root,root) /usr/sbin/ausearch
%attr(750,root,root) /usr/sbin/rcauditd
%attr(750,root,root) /sbin/autrace %attr(750,root,root) /sbin/autrace
%attr(750,root,root) /usr/sbin/autrace
%attr(750,root,root) /sbin/audispd %attr(750,root,root) /sbin/audispd
%attr(750,root,root) /usr/sbin/audispd
%attr(755,root,root) /usr/bin/aulast %attr(755,root,root) /usr/bin/aulast
%attr(755,root,root) /usr/bin/aulastlog %attr(755,root,root) /usr/bin/aulastlog
%attr(755,root,root) /usr/bin/ausyscall %attr(755,root,root) /usr/bin/ausyscall
%attr(755,root,root) /sbin/aureport %attr(755,root,root) /sbin/aureport
%attr(755,root,root) /usr/sbin/aureport
%attr(755,root,root) /usr/bin/auvirt
/etc/init.d/auditd /etc/init.d/auditd
%dir %attr(750,root,root) /etc/audit %dir %attr(750,root,root) /etc/audit
%attr(750,root,root) %dir /etc/audisp %attr(750,root,root) %dir /etc/audisp

2
auditd.init
View File

@ -39,7 +39,7 @@
# Check for missing binaries (stale symlinks should not happen) # Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance # Note: Special treatment of stop for LSB conformance
AUDITD_BIN=/sbin/auditd AUDITD_BIN=/usr/sbin/auditd
test -x $AUDITD_BIN || { echo "$AUDITD_BIN not installed"; test -x $AUDITD_BIN || { echo "$AUDITD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0; if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; } else exit 5; fi; }

20
auditd.sysconfig
View File

@ -1,23 +1,3 @@
## Path: System/Auditing
## Description: Auditing Options
## Type: string
## Default: auditd
## ServiceReload: auditd
## ServiceRestart: auditd
#
IDENT="auditd"
# Type: string
# Default: ""
# Add extra options here
EXTRAOPTIONS=""
#
## Type: string
## Default: "en_US"
#
# This is the locale information that audit uses. Its defaulted to en_US.
# To remove all locale information from audit's environment, set
# AUDITD_LANG to the empty string or the string "none".
AUDITD_LANG="en_US"
# #
## Type: string ## Type: string
## Default: "yes" ## Default: "yes"