commit ea9f17caea249a1b6fba80d2ab71063d314589d0c5f7d4de7c9f1142e9c47c7a Author: OBS User unknown Date: Mon Jan 15 22:51:54 2007 +0000 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README-BEFORE-ADDING-PATCHES b/README-BEFORE-ADDING-PATCHES new file mode 100644 index 0000000..2b70818 --- /dev/null +++ b/README-BEFORE-ADDING-PATCHES @@ -0,0 +1,8 @@ +All patches need to have a patch description header similar to what is used in +kernel cvs. + +Clear description of problem. +Buzilla entry if applicable. +Indication as to whether patch was upstreamed. + +Patches added without this will be reverted. Thanks. diff --git a/audit-1.2.9.tar.bz2 b/audit-1.2.9.tar.bz2 new file mode 100644 index 0000000..4b12d34 --- /dev/null +++ b/audit-1.2.9.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0995cdda8aeb4cd1126427d78fcc44aa6bf84e578f15fad0074ffbb9ac609339 +size 193190 diff --git a/audit-auparse_missing_return.patch b/audit-auparse_missing_return.patch new file mode 100644 index 0000000..31dcc22 --- /dev/null +++ b/audit-auparse_missing_return.patch @@ -0,0 +1,49 @@ +From: tonyj@suse.de +References: none +Patch-upstream: no + +Disable unused functions which are tripping the abuild garbage return code +detection. + +--- audit-1.2.6/auparse/auparse.c.xx 2006-08-31 21:24:46.000000000 +0200 ++++ audit-1.2.6/auparse/auparse.c 2006-08-31 21:30:48.000000000 +0200 +@@ -177,6 +177,7 @@ + } + + ++#if 0 + time_t auparse_get_time(auparse_state_t *au) + { + } +@@ -190,6 +191,7 @@ + unsigned long auparse_get_serial(auparse_state_t *au) + { + } ++#endif /* not used, disable to avoid abuild garbage return error */ + + + const char *auparse_get_node(auparse_state_t *au) +@@ -198,9 +200,11 @@ + } + + ++#if 0 + int auparse_timestamp_compare(event_t *e1, event_t *e2) + { + } ++#endif /* not used, disable to avoid abuild garbage return error */ + + + /* Functions that traverse records in the same event */ +@@ -260,9 +264,11 @@ + } + + ++#if 0 + int auparse_get_field_int(auparse_state_t *au) + { + } ++#endif /* not used, disable to avoid abuild garbage return error */ + + + const char *auparse_interpret_field(auparse_state_t *au) diff --git a/audit-change-paths.patch b/audit-change-paths.patch new file mode 100644 index 0000000..4373e1f --- /dev/null +++ b/audit-change-paths.patch @@ -0,0 +1,20 @@ +From: tonyj@suse.de +References: unknown +Upstream: no + +Change paths. +1) Since libstdc++ is in /usr, audispd must move also +2) Change location of audit config file to /etc + +--- audit-1.2.6/init.d/auditd.conf.xx 2006-08-31 18:18:11.000000000 +0200 ++++ audit-1.2.6/init.d/auditd.conf 2006-08-31 18:19:00.000000000 +0200 +@@ -8,7 +8,7 @@ + flush = INCREMENTAL + freq = 20 + num_logs = 4 +-dispatcher = /sbin/audispd ++#dispatcher = /usr/sbin/audispd + disp_qos = lossy + max_log_file = 5 + max_log_file_action = ROTATE + diff --git a/audit-disable-syscall-contexts.patch b/audit-disable-syscall-contexts.patch new file mode 100644 index 0000000..8c66fbb --- /dev/null +++ b/audit-disable-syscall-contexts.patch @@ -0,0 +1,102 @@ +From: sbeattie@suse.de +References: 172154 +Upstream: no + +Disable syscall audit context creation by default. +This patch needs to be reevaluated in light of kernel performance improvements +to audit comitted around ~2.6.18 + +--- audit-1.2.6/src/auditd.c.xx 2006-07-27 19:06:08.000000000 +0200 ++++ audit-1.2.6/src/auditd.c 2006-08-31 20:02:57.000000000 +0200 +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + #include "libaudit.h" + #include "auditd-config.h" +@@ -69,7 +70,7 @@ + */ + static void usage(void) + { +- puts("Usage: auditd [ -f ]"); ++ puts("Usage: auditd [ -f ] [ -n ]"); + exit(2); + } + +@@ -281,18 +282,28 @@ + struct rlimit limit; + int hup_info_requested = 0, usr1_info_requested = 0; + int i; ++ int opt_foreground = 0; ++ int opt_enabled = 1; ++ int c; + + /* Get params && set mode */ +- if (argc > 2) +- usage(); +- if (argc == 2) { +- if (strcmp(argv[1], "-f") == 0) { +- config.daemonize = D_FOREGROUND; +- set_aumessage_mode(MSG_STDERR, DBG_YES); +- } else ++ while ((c = getopt(argc, argv, "fn")) != -1) { ++ switch (c) { ++ case 'f': ++ opt_foreground = 1; ++ break; ++ case 'n': ++ opt_enabled = 0; ++ break; ++ default: + usage(); ++ } + } +- else { ++ ++ if (opt_foreground) { ++ config.daemonize = D_FOREGROUND; ++ set_aumessage_mode(MSG_STDERR, DBG_YES); ++ } else { + config.daemonize = D_BACKGROUND; + set_aumessage_mode(MSG_SYSLOG, DBG_NO); + (void) umask( umask( 077 ) | 022 ); +@@ -429,7 +440,7 @@ + tell_parent(SUCCESS); + + /* Enable auditing just in case it was off */ +- if (audit_set_enabled(fd, 1) < 0) { ++ if (audit_set_enabled(fd, opt_enabled) < 0) { + char emsg[DEFAULT_BUF_SZ]; + snprintf(emsg, sizeof(emsg), + "auditd error halt, auid=%u pid=%d res=failed", +@@ -558,6 +569,7 @@ + /* Write message to log that we are going down */ + int rc; + ++ audit_set_enabled(fd, 0); + rc = audit_request_signal_info(fd); + if (rc > 0) { + struct audit_reply trep; +--- audit-1.2.6/docs/auditd.8.xx 2006-04-06 23:21:14.000000000 +0200 ++++ audit-1.2.6/docs/auditd.8 2006-08-31 20:02:47.000000000 +0200 +@@ -4,6 +4,7 @@ + .SH SYNOPSIS + .B auditd + [ \fI-f \fR] ++[ \fI-n \fR] + .SH DESCRIPTION + auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the + .B ausearch +@@ -18,6 +19,10 @@ + .TP + \fB\-f\fR + leave the audit daemon in the foreground for debugging. Messages also go to stderr rather than the audit log. ++.TP ++\fB-n\fR ++start the audit daemon, but do not enabled system call auditing in the kernel. ++This can be done separately by using \fBauditctl -e\fR. + .SH SIGNALS + \fB\SIGHUP\fR + causes auditd to reconfigure. This means that auditd re-reads the configuration file. If there are no syntax errors, it will proceed to implement the requested changes. If the reconfigure is successful, a DAEMON_CONFIG event is recorded in the logs. If not successful, error handling is controlled by space_left_action, admin_space_left_action, disk_full_action, and disk_error_action parameters in auditd.conf. diff --git a/audit-libs-python.changes b/audit-libs-python.changes new file mode 100644 index 0000000..6cc4dfe --- /dev/null +++ b/audit-libs-python.changes @@ -0,0 +1,21 @@ +------------------------------------------------------------------- +Wed Nov 29 02:47:22 CET 2006 - tonyj@suse.de + +- Upgrade to 1.2.9 (drop several patches which are now upstream) +- /usr/sbin/audispd now packaged by audit-libs-python + +------------------------------------------------------------------- +Sun Nov 5 00:45:21 CET 2006 - ro@suse.de + +- fix requires + +------------------------------------------------------------------- +Thu Aug 31 22:57:52 CEST 2006 - tonyj@suse.de + +- Upgrade to 1.2.6-1 + +------------------------------------------------------------------- +Wed Aug 16 16:19:20 CEST 2006 - cthiel@suse.de + +- split off package + diff --git a/audit-libs-python.spec b/audit-libs-python.spec new file mode 100644 index 0000000..ce84486 --- /dev/null +++ b/audit-libs-python.spec @@ -0,0 +1,93 @@ +# +# spec file for package audit-libs-python (Version 1.2.9) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: audit-libs-python +%define _name audit +BuildRequires: audit-devel gcc-c++ python-devel swig +Summary: Python bindings for libaudit +Version: 1.2.9 +Release: 2 +License: GNU General Public License (GPL) +Group: System/Monitoring +URL: http://people.redhat.com/sgrubb/audit/ +Source0: audit-%{version}.tar.bz2 +Patch0: audit-change-paths.patch +Patch1: audit-disable-syscall-contexts.patch +Patch2: audit-auparse_missing_return.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Requires: audit-libs = %( echo `rpm -q --queryformat '%{VERSION}-%{RELEASE}' audit-libs`) +PreReq: %insserv_prereq %fillup_prereq + +%description +The audit-libs-python package contains the bindings so that libaudit +can be used by python. + + + +Authors: +-------- + Steve Grubb + +%prep +%setup -q -n audit-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 + +%build +autoreconf -fv --install +export CFLAGS="%{optflags} -fno-strict-aliasing" +export CXXFLAGS="$CFLAGS" +./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor +pushd src/mt + make libaudit.h +popd +make + +%install +make DESTDIR=$RPM_BUILD_ROOT install -C swig +make DESTDIR=$RPM_BUILD_ROOT install -C audisp LIBDIR=$RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages +mkdir $RPM_BUILD_ROOT/usr/sbin +mv $RPM_BUILD_ROOT/sbin/audispd $RPM_BUILD_ROOT/usr/sbin/audispd +rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +if [ -f /etc/audit/auditd.conf ]; then + tmp=`mktemp /etc/audit/auditd-post.$$` + if [ -n $tmp ]; then + sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \ + cat $tmp > /etc/audit/auditd.conf + rm -f $tmp + fi +fi + +%files +%defattr(-,root,root,-) +%attr(750,root,root) /usr/sbin/audispd +%{_libdir}/python%{py_ver}/site-packages/_audit.so +%{_libdir}/python%{py_ver}/site-packages/audit.py* +%{_libdir}/python%{py_ver}/site-packages/AuditMsg.py* + +%changelog -n audit-libs-python +* Wed Nov 29 2006 - tonyj@suse.de +- Upgrade to 1.2.9 (drop several patches which are now upstream) +- /usr/sbin/audispd now packaged by audit-libs-python +* Sun Nov 05 2006 - ro@suse.de +- fix requires +* Thu Aug 31 2006 - tonyj@suse.de +- Upgrade to 1.2.6-1 +* Wed Aug 16 2006 - cthiel@suse.de +- split off package diff --git a/audit-no_python.patch b/audit-no_python.patch new file mode 100644 index 0000000..81c5314 --- /dev/null +++ b/audit-no_python.patch @@ -0,0 +1,41 @@ +From: tonyj@suse.de +Date: unknown +Upstream: no + +This patch is used by audit.spec to disable use of Python. +Necessary Python files are built seperately by audit-libs-python.spec +(make -C swig ; make -C auditsp) + +--- audit-1.2.6/configure.ac.xx 2006-07-13 23:02:17.000000000 +0200 ++++ audit-1.2.6/configure.ac 2006-08-31 20:52:49.000000000 +0200 +@@ -39,7 +39,7 @@ + AM_INIT_AUTOMAKE + AM_PROG_LIBTOOL + AC_SUBST(LIBTOOL_DEPS) +-AM_PATH_PYTHON(2.4) ++#AM_PATH_PYTHON(2.4) + + echo . + echo Checking for programs +@@ -105,7 +105,8 @@ + if test x$use_apparmor != xno ; then + AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi + +-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile) ++#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile) ++AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile) + + echo . + echo " +--- audit-1.2.6/Makefile.am.xx 2006-07-13 22:24:35.000000000 +0200 ++++ audit-1.2.6/Makefile.am 2006-08-31 20:52:49.000000000 +0200 +@@ -22,7 +22,8 @@ + # + + #SUBDIRS = lib auparse src/mt src audisp audisp/tests swig init.d docs +-SUBDIRS = lib src/mt src audisp swig init.d docs ++#SUBDIRS = lib src/mt src audisp swig init.d docs ++SUBDIRS = lib src/mt src init.d docs + EXTRA_DIST = ChangeLog AUTHORS NEWS README sample.rules contrib/capp.rules contrib/lspp.rules contrib/skeleton.c README-install audit.spec + CONFIG_CLEAN_FILES = Makefile.in aclocal.m4* config.h.* configure debug*.list config/* + diff --git a/audit.changes b/audit.changes new file mode 100644 index 0000000..d0fe3ce --- /dev/null +++ b/audit.changes @@ -0,0 +1,209 @@ +------------------------------------------------------------------- +Wed Nov 29 02:46:08 CET 2006 - tonyj@suse.de + +- Upgrade to 1.2.9 (drop several patches which are now upstream) +- Move to using /etc/audit directory for config files + +------------------------------------------------------------------- +Thu Aug 31 22:57:52 CEST 2006 - tonyj@suse.de + +- Upgrade to 1.2.6-1 + +------------------------------------------------------------------- +Sat Aug 26 09:01:50 CEST 2006 - olh@suse.de + +- do not define __KERNEL__ in userland apps +- remove unused sys/syscall.h include + +------------------------------------------------------------------- +Wed Aug 16 15:42:58 CEST 2006 - cthiel@suse.de + +- split audit into audit and audit-libs-python + +------------------------------------------------------------------- +Fri May 5 21:05:40 CEST 2006 - sbeattie@suse.de + +- disable syscall audit context creation by default #172154 + +------------------------------------------------------------------- +Mon Mar 20 16:18:29 CET 2006 - meissner@suse.de + +- Do not print a misleading errormessage when audit + is not compiled into the kernel. #152733 + +------------------------------------------------------------------- +Mon Mar 6 14:21:06 CET 2006 - meissner@suse.de + +- On kernels without auditing, which report ECONNREFUSED, + do not output stuff to stderr on startup. #152733 + +------------------------------------------------------------------- +Sat Feb 25 09:55:48 CET 2006 - kukuk@suse.de + +- Fix moving of devel libraries, don't install .la file + +------------------------------------------------------------------- +Wed Feb 22 15:10:44 CET 2006 - meissner@suse.de + +- moved libaudit.so symlink to /usr/lib and to -devel package, + as requested by Thorsten. + +------------------------------------------------------------------- +Fri Feb 17 19:56:14 CET 2006 - meissner@suse.de + +- check sendto() return against -1 (error with errno set). + +------------------------------------------------------------------- +Wed Jan 25 21:34:31 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 12:09:31 CET 2006 - ro@suse.de + +- fix fillup call since filename != packagename + +------------------------------------------------------------------- +Tue Jan 24 19:01:52 CET 2006 - ro@suse.de + +- do not skip fillup in postinstall + +------------------------------------------------------------------- +Mon Jan 23 08:54:33 CET 2006 - dreynolds@suse.de + +- Modified inssrv macro args to enable on boot + +------------------------------------------------------------------- +Wed Jan 18 21:33:21 CET 2006 - tonyj@suse.de + +- Add support for AppArmor (submitted upstream for 1.1.4) + +------------------------------------------------------------------- +Fri Jan 13 11:35:57 CET 2006 - meissner@suse.de + +- Updated to 1.1.3. +- Moved audispd to /usr/sbin since it uses /usr/lib/libstdc++ +- Updated sysconfig snippet. + +------------------------------------------------------------------- +Tue Nov 8 11:32:45 CET 2005 - meissner@suse.de + +- upgraded to 1.0.12. + +------------------------------------------------------------------- +Fri Nov 4 12:41:35 CET 2005 - kukuk@suse.de + +- Update to 1.0.9. + +------------------------------------------------------------------- +Wed Oct 12 17:24:55 CEST 2005 - meissner@suse.de + +- upgraded to 1.0.6. ptrdift patch now solved upstream. + +------------------------------------------------------------------- +Wed Oct 5 15:17:05 CEST 2005 - meissner@suse.de + +- Upgraded to 1.0.5 + +------------------------------------------------------------------- +Wed Oct 5 12:00:38 CEST 2005 - dmueller@suse.de + + - add norootforbuild + +------------------------------------------------------------------- +Mon Sep 26 11:40:27 CEST 2005 - meissner@suse.de + +- Upgraded to 1.0.4. + - Make rate & backlog 32 bit unsigned int in auditctl + - In auditctl, if -F arch is given with -t option, don't require list + - Update auditd man page + - Add size check to audit_send + - Update message for audit_open failure when kernel doesn't support audit + +------------------------------------------------------------------- +Tue Aug 23 14:07:44 CEST 2005 - meissner@suse.de + +- Upgraded to 1.0.3 bugfix release: + - adjust file perms of newly created log file in auditd + - fix 2 memory leaks and an out of bounds access in auditd + - fix case where auditd was closing netlink descriptor too early + - fix watch rules not to take field arguments in auditctl + - fix bug where inode, devmajor, devminor, exit, and success fields in auditctl + rules were not getting the correct value stored + +------------------------------------------------------------------- +Wed Aug 17 14:19:29 CEST 2005 - meissner@suse.de + +- Added /var/log/audit directory and ghost audit.log #105131 + +------------------------------------------------------------------- +Wed Aug 10 13:37:56 CEST 2005 - meissner@suse.de + +- Upgraded to 1.0.2 + +------------------------------------------------------------------- +Thu Aug 4 11:20:00 CEST 2005 - meissner@suse.de + +- Upgraded to 1.0.1. + +------------------------------------------------------------------- +Mon Jul 11 14:47:38 CEST 2005 - meissner@suse.de + +- Update to version 0.9.16. + +------------------------------------------------------------------- +Tue Jun 21 08:38:17 CEST 2005 - meissner@suse.de + +- Update to version 0.9.10. + +------------------------------------------------------------------- +Fri Jun 17 11:21:42 CEST 2005 - meissner@suse.de + +- Update to version 0.9.7. + +------------------------------------------------------------------- +Thu Jun 16 14:51:48 CEST 2005 - kukuk@suse.de + +- Update to version 0.9.5 + +------------------------------------------------------------------- +Tue Jun 14 01:30:20 CEST 2005 - ro@suse.de + +- make it build with current includes + +------------------------------------------------------------------- +Tue May 31 14:15:30 CEST 2005 - meissner@suse.de + +- Upgraded to 0.9. + +------------------------------------------------------------------- +Fri May 13 13:08:41 CEST 2005 - meissner@suse.de + +- upgraded to 0.6.8 + +------------------------------------------------------------------- +Tue Apr 19 10:39:54 CEST 2005 - meissner@suse.de + +- Upgraded to 0.6.11. + +------------------------------------------------------------------- +Fri Apr 15 17:52:43 CEST 2005 - pth@suse.de + +- Make libaudit.h define pgoff_t by itself. +- Fix a minor warning. + +------------------------------------------------------------------- +Wed Mar 30 17:58:32 CEST 2005 - meissner@suse.de + +- Upgraded to 0.6.9. + +------------------------------------------------------------------- +Fri Mar 4 11:23:29 CET 2005 - meissner@suse.de + +- Upgraded to 0.6.5. + +------------------------------------------------------------------- +Thu Mar 3 14:59:36 CET 2005 - meissner@suse.de + +- initial package of auditd for new kernel auditing system. + diff --git a/audit.spec b/audit.spec new file mode 100644 index 0000000..60c3816 --- /dev/null +++ b/audit.spec @@ -0,0 +1,283 @@ +# +# spec file for package audit (Version 1.2.9) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: audit +BuildRequires: gcc-c++ +Summary: User Space Tools for 2.6 Kernel Auditing +Version: 1.2.9 +Release: 2 +License: GNU General Public License (GPL) +Group: System/Monitoring +URL: http://people.redhat.com/sgrubb/audit/ +Source0: %{name}-%{version}.tar.bz2 +Source1: auditd.init +Source2: auditd.sysconfig +Patch0: audit-change-paths.patch +Patch1: audit-no_python.patch +Patch2: audit-disable-syscall-contexts.patch +Patch3: audit-auparse_missing_return.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Requires: %{name}-libs = %{version}-%{release} +PreReq: %insserv_prereq %fillup_prereq + +%description +The audit package contains the user space utilities for storing and +processing the audit records generated by the audit subsystem in the +Linux 2.6 kernel. + + + +Authors: +-------- + Steve Grubb + +%package libs +Summary: Dynamic library for libaudit +License: GNU General Public License (GPL) +Group: System/Monitoring + +%description libs +The audit-libs package contains the dynamic libraries needed for +applications to use the audit framework. + + + +Authors: +-------- + Steve Grubb + +%package devel +Summary: Header files and static library for libaudit +License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) +Group: System/Monitoring +Requires: %{name}-libs = %{version}-%{release} + +%description devel +The audit-devel package contains the static libraries and header files +needed for developing applications that need to use the audit framework +libraries. + + + +Authors: +-------- + Steve Grubb + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +autoreconf -fv --install +export CFLAGS="%{optflags} -fno-strict-aliasing" +export CXXFLAGS="$CFLAGS" +./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor +pushd src/mt + make libaudit.h +popd +make + +%install +mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,init.d}} +mkdir -p $RPM_BUILD_ROOT/usr/sbin +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 +mkdir -p $RPM_BUILD_ROOT/%{_lib}/security +make DESTDIR=$RPM_BUILD_ROOT install +mkdir -p $RPM_BUILD_ROOT/%{_includedir} +mkdir -p $RPM_BUILD_ROOT/%{_libdir} +# We manually install this since Makefile doesn't +install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir} +# This winds up in the wrong place when libtool is involved +# -- 11/06 -- temp disable libauparse +#rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so +#ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so +#ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so +#mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir} +#rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la +# -- +rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so +# Link points to real /lib not buildroot /lib +ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so +mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir} +rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la +mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates +cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd +# delete redhat script, use ours +rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd +rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd +rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d +install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/auditd +ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/sbin/rcauditd +mkdir -p $RPM_BUILD_ROOT/var/log/audit/ +touch $RPM_BUILD_ROOT/var/log/audit/audit.log +# for %ghost below, so that old location files will still be there when +# %post copy runs +touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules} + +%clean +rm -rf $RPM_BUILD_ROOT + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%post +%{fillup_and_insserv -yn auditd auditd} +# Save existing audit files if any (from old location) +if [ -f /etc/auditd.conf ]; then + mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new + mv /etc/auditd.conf /etc/audit/auditd.conf +fi +if [ -f /etc/audit.rules ]; then + mv /etc/audit/audit.rules /etc/audit/audit.rules.new + mv /etc/audit.rules /etc/audit/audit.rules +fi + +%preun +%stop_on_removal auditd + +%postun +%restart_on_update auditd +%{insserv_cleanup} + +%files libs +%defattr(-,root,root) +/%{_lib}/libaudit.* +#/%{_lib}/libauparse.* +%config(noreplace) %attr(640,root,root) /etc/libaudit.conf + +%files devel +%defattr(-,root,root) +%{_libdir}/libaudit.* +#%{_libdir}/libauparse.* +%{_includedir}/libaudit.h +%{_mandir}/man3/* + +%files +%defattr(-,root,root,-) +%doc README COPYING ChangeLog sample.rules +%{_mandir}/man8/* +%attr(750,root,root) /sbin/auditctl +%attr(750,root,root) /sbin/auditd +%attr(750,root,root) /sbin/ausearch +%attr(750,root,root) /sbin/rcauditd +%attr(750,root,root) /sbin/autrace +%attr(750,root,root) /sbin/aureport +/etc/init.d/auditd +%dir %attr(750,root,root) /etc/audit +%ghost /etc/auditd.conf +%ghost /etc/audit.rules +%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf +%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules +/var/adm/fillup-templates/sysconfig.auditd +%dir %attr(700,root,root) /var/log/audit +%ghost /var/log/audit/audit.log + +%changelog -n audit +* Wed Nov 29 2006 - tonyj@suse.de +- Upgrade to 1.2.9 (drop several patches which are now upstream) +- Move to using /etc/audit directory for config files +* Thu Aug 31 2006 - tonyj@suse.de +- Upgrade to 1.2.6-1 +* Sat Aug 26 2006 - olh@suse.de +- do not define __KERNEL__ in userland apps +- remove unused sys/syscall.h include +* Wed Aug 16 2006 - cthiel@suse.de +- split audit into audit and audit-libs-python +* Fri May 05 2006 - sbeattie@suse.de +- disable syscall audit context creation by default #172154 +* Mon Mar 20 2006 - meissner@suse.de +- Do not print a misleading errormessage when audit + is not compiled into the kernel. #152733 +* Mon Mar 06 2006 - meissner@suse.de +- On kernels without auditing, which report ECONNREFUSED, + do not output stuff to stderr on startup. #152733 +* Sat Feb 25 2006 - kukuk@suse.de +- Fix moving of devel libraries, don't install .la file +* Wed Feb 22 2006 - meissner@suse.de +- moved libaudit.so symlink to /usr/lib and to -devel package, + as requested by Thorsten. +* Fri Feb 17 2006 - meissner@suse.de +- check sendto() return against -1 (error with errno set). +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Wed Jan 25 2006 - ro@suse.de +- fix fillup call since filename != packagename +* Tue Jan 24 2006 - ro@suse.de +- do not skip fillup in postinstall +* Mon Jan 23 2006 - dreynolds@suse.de +- Modified inssrv macro args to enable on boot +* Wed Jan 18 2006 - tonyj@suse.de +- Add support for AppArmor (submitted upstream for 1.1.4) +* Fri Jan 13 2006 - meissner@suse.de +- Updated to 1.1.3. +- Moved audispd to /usr/sbin since it uses /usr/lib/libstdc++ +- Updated sysconfig snippet. +* Tue Nov 08 2005 - meissner@suse.de +- upgraded to 1.0.12. +* Fri Nov 04 2005 - kukuk@suse.de +- Update to 1.0.9. +* Wed Oct 12 2005 - meissner@suse.de +- upgraded to 1.0.6. ptrdift patch now solved upstream. +* Wed Oct 05 2005 - meissner@suse.de +- Upgraded to 1.0.5 +* Wed Oct 05 2005 - dmueller@suse.de +- add norootforbuild +* Mon Sep 26 2005 - meissner@suse.de +- Upgraded to 1.0.4. + - Make rate & backlog 32 bit unsigned int in auditctl + - In auditctl, if -F arch is given with -t option, don't require list + - Update auditd man page + - Add size check to audit_send + - Update message for audit_open failure when kernel doesn't support audit +* Tue Aug 23 2005 - meissner@suse.de +- Upgraded to 1.0.3 bugfix release: + - adjust file perms of newly created log file in auditd + - fix 2 memory leaks and an out of bounds access in auditd + - fix case where auditd was closing netlink descriptor too early + - fix watch rules not to take field arguments in auditctl + - fix bug where inode, devmajor, devminor, exit, and success fields in auditctl + rules were not getting the correct value stored +* Wed Aug 17 2005 - meissner@suse.de +- Added /var/log/audit directory and ghost audit.log #105131 +* Wed Aug 10 2005 - meissner@suse.de +- Upgraded to 1.0.2 +* Thu Aug 04 2005 - meissner@suse.de +- Upgraded to 1.0.1. +* Mon Jul 11 2005 - meissner@suse.de +- Update to version 0.9.16. +* Tue Jun 21 2005 - meissner@suse.de +- Update to version 0.9.10. +* Fri Jun 17 2005 - meissner@suse.de +- Update to version 0.9.7. +* Thu Jun 16 2005 - kukuk@suse.de +- Update to version 0.9.5 +* Tue Jun 14 2005 - ro@suse.de +- make it build with current includes +* Tue May 31 2005 - meissner@suse.de +- Upgraded to 0.9. +* Fri May 13 2005 - meissner@suse.de +- upgraded to 0.6.8 +* Tue Apr 19 2005 - meissner@suse.de +- Upgraded to 0.6.11. +* Fri Apr 15 2005 - pth@suse.de +- Make libaudit.h define pgoff_t by itself. +- Fix a minor warning. +* Wed Mar 30 2005 - meissner@suse.de +- Upgraded to 0.6.9. +* Fri Mar 04 2005 - meissner@suse.de +- Upgraded to 0.6.5. +* Thu Mar 03 2005 - meissner@suse.de +- initial package of auditd for new kernel auditing system. diff --git a/auditd.init b/auditd.init new file mode 100644 index 0000000..ea25658 --- /dev/null +++ b/auditd.init @@ -0,0 +1,207 @@ +#! /bin/sh +# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany. +# All rights reserved. +# +# Author: Kurt Garloff +# Please send feedback to http://www.suse.de/feedback/ +# +# /etc/init.d/auditd +# and its symbolic link +# /(usr/)sbin/rcauditd +# +# Template system startup script for some example service/daemon auditd +# +# LSB compatible service control script; see http://www.linuxbase.org/spec/ +# +# Note: This template uses functions rc_XXX defined in /etc/rc.status on +# UnitedLinux (UL) based Linux distributions. If you want to base your +# script on this template and ensure that it works on non UL based LSB +# compliant Linux distributions, you either have to provide the rc.status +# functions from UL or change the script to work without them. +# +### BEGIN INIT INFO +# Provides: auditd +# Required-Start: $syslog +# Should-Start: +# Required-Stop: $syslog +# Should-Stop: +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: auditd daemon providing core auditing services +# Description: Starts the auditing subsystem. +### END INIT INFO +# +# A registry has been set up to manage the init script namespace. +# http://www.lanana.org/ +# Please use the names already registered or register one or use a +# vendor prefix. + + +# Check for missing binaries (stale symlinks should not happen) +# Note: Special treatment of stop for LSB conformance +AUDITD_BIN=/sbin/auditd +test -x $AUDITD_BIN || { echo "$AUDITD_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } + +# Check for existence of needed config file and read it +AUDITD_CONFIG=/etc/sysconfig/auditd +test -r $AUDITD_CONFIG || { echo "$AUDITD_CONFIG not existing"; + if [ "$1" = "stop" ]; then exit 0; + else exit 6; fi; } + +# Read config +. $AUDITD_CONFIG + +# Source LSB init functions +# providing start_daemon, killproc, pidofproc, +# log_success_msg, log_failure_msg and log_warning_msg. +# This is currently not used by UnitedLinux based distributions and +# not needed for init scripts for UnitedLinux only. If it is used, +# the functions from rc.status should not be sourced or used. +#. /lib/lsb/init-functions + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v be verbose in local rc status and clear it afterwards +# rc_status -v -r ditto and clear both the local and overall rc status +# rc_status -s display "skipped" and exit with status 3 +# rc_status -u display "unused" and exit with status 3 +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear both the local and overall rc status +# rc_exit exit appropriate to overall rc status +# rc_active checks whether a service is activated by symlinks +# rc_splash arg sets the boot splash screen to arg (if active) +. /etc/rc.status + +# Reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - user had insufficient privileges +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signaling is not supported) are +# considered a success. + +case "$1" in + start) + echo -n "Starting auditd " + if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then + EXTRAOPTIONS="$EXTRAOPTIONS -n" + fi + ## Start daemon with startproc(8). If this fails + ## the return value is set appropriately by startproc. + startproc $AUDITD_BIN $EXTRAOPTIONS + test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down auditd " + ## Stop daemon with killproc(8) and if this fails + ## killproc sets the return value according to LSB. + + killproc -TERM $AUDITD_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart|condrestart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + echo -n "Reload service AUDITD " + ## if it supports it: + killproc -HUP $AUDITD_BIN + #touch /var/run/auditd.pid + rc_status -v + + ## Otherwise: + #$0 try-restart + #rc_status + ;; + reload) + ## Like force-reload, but if daemon does not support + ## signaling, do nothing (!) + + # If it supports signaling: + echo -n "Reload service auditd " + killproc -HUP $AUDITD_BIN + #touch /var/run/auditd.pid + rc_status -v + + ## Otherwise if it does not support reload: + #rc_failed 3 + #rc_status -v + ;; + status) + echo -n "Checking for service auditd " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + # NOTE: checkproc returns LSB compliant status values. + checkproc $AUDITD_BIN + # NOTE: rc_status knows that we called this init script with + # "status" option and adapts its messages accordingly. + rc_status -v + ;; + probe) + ## Optional: Probe for the necessity of a reload, print out the + ## argument to this init script which is required for a reload. + ## Note: probe is not (yet) part of LSB (as of 1.9) + + test /etc/audit/auditd.conf -nt /var/run/auditd.pid && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit diff --git a/auditd.sysconfig b/auditd.sysconfig new file mode 100644 index 0000000..9fdd65b --- /dev/null +++ b/auditd.sysconfig @@ -0,0 +1,35 @@ +## Path: System/Auditing +## Description: Auditing Options +## Type: string +## Default: auditd +## ServiceReload: auditd +## ServiceRestart: auditd +# +IDENT="auditd" +# Type: string +# Default: "" +# Add extra options here +EXTRAOPTIONS="" +# +## Type: string +## Default: "en_US" +# +# This is the locale information that audit uses. Its defaulted to en_US. +# To remove all locale information from audit's environment, set +# AUDITD_LANG to the empty string or the string "none". +AUDITD_LANG="en_US" +# +## Type: string +## Default: "yes" +# +# This option is used to determine if rules & watches should be deleted on +# shutdown. This is beneficial in most cases so that a watch doesn't linger +# on a drive that is being unmounted. If set to no, it will NOT be cleaned up. +AUDITD_CLEAN_STOP="yes" +# +## Type: yesno +## Default: yes +# +# This option disables syscall auditing by default. This can also be +# accomplished by auditctl -e. +AUDITD_DISABLE_CONTEXTS="yes" diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4