rpm/audit
SHA256
1
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

Accepting request 868681 from security

Browse Source 
- Do not explicitly provide group(audit) in system-users-audit:
  this is automatically handled by rpm/providers.

- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) (forwarded request 868443 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/868681
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=93
This commit is contained in:
Dominique Leuenberger 2021-02-07 14:13:59 +00:00 committed by Git OBS Bridge
commit 0a1e448676
5 changed files with 66 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
audit-secondary.changes
View File

@ -1,7 +1,20 @@
-------------------------------------------------------------------
Mon Feb 1 18:13:18 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Do not explicitly provide group(audit) in system-users-audit:
this is automatically handled by rpm/providers.
-------------------------------------------------------------------
Thu Jan 28 17:59:43 UTC 2021 - Enzo Matsumiya <ematsumiya@suse.com>
- Create new "audit" group for read access to logs (bsc#1178154)
* add change-default-log_group.patch
* update audit-secondary.spec
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 2 11:49:28 UTC 2020 - Alexander Bergmann <abergmann@suse.com> Wed Dec 2 11:49:28 UTC 2020 - Alexander Bergmann <abergmann@suse.com>
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 16 09:40:34 UTC 2020 - Ludwig Nussel <lnussel@suse.de> Fri Oct 16 09:40:34 UTC 2020 - Ludwig Nussel <lnussel@suse.de>

29
audit-secondary.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package audit-secondary # spec file for package audit-secondary
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -29,12 +29,14 @@ License: GPL-2.0-or-later
Group: System/Monitoring Group: System/Monitoring
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
Source1: system-group-audit.conf
Patch1: audit-plugins-path.patch Patch1: audit-plugins-path.patch
Patch2: audit-no-gss.patch Patch2: audit-no-gss.patch
Patch3: audit-allow-manual-stop.patch Patch3: audit-allow-manual-stop.patch
Patch4: audit-ausearch-do-not-require-tclass.patch Patch4: audit-ausearch-do-not-require-tclass.patch
Patch5: audit-python3.patch Patch5: audit-python3.patch
Patch6: audit-fno-common.patch Patch6: audit-fno-common.patch
Patch7: change-default-log_group.patch
BuildRequires: audit-devel = %{version} BuildRequires: audit-devel = %{version}
BuildRequires: autoconf >= 2.12 BuildRequires: autoconf >= 2.12
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -50,6 +52,7 @@ BuildRequires: python3-devel
%endif %endif
BuildRequires: swig BuildRequires: swig
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
BuildRequires: tcpd-devel BuildRequires: tcpd-devel
BuildRequires: pkgconfig(libcap-ng) BuildRequires: pkgconfig(libcap-ng)
@ -64,6 +67,7 @@ License: LGPL-2.1-or-later
Group: System/Monitoring Group: System/Monitoring
Requires: %{_name}-libs = %{version} Requires: %{_name}-libs = %{version}
Requires: coreutils Requires: coreutils
Requires: group(audit)
%{?systemd_ordering} %{?systemd_ordering}
%description -n audit %description -n audit
@ -71,6 +75,15 @@ The audit package contains the user space utilities for storing and
processing the audit records generated by the audit subsystem in the processing the audit records generated by the audit subsystem in the
Linux kernel. Linux kernel.
%package -n system-group-audit
Summary: System group 'audit'
License: LGPL-2.1-or-later
Group: System/Fhs
%sysusers_requires
%description -n system-group-audit
This package contains the system group 'audit' for read access to logs.
%package -n python2-audit %package -n python2-audit
Summary: Python Bindings for libaudit Summary: Python Bindings for libaudit
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
@ -114,6 +127,7 @@ rm -rf audisp/plugins/prelude
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
%if %{without python2} && %{with python3} %if %{without python2} && %{with python3}
# Fix python env call in tests if we only have Python3. # Fix python env call in tests if we only have Python3.
@ -141,12 +155,16 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
--disable-static --disable-static
make %{?_smp_mflags} make %{?_smp_mflags}
%sysusers_generate_pre %{SOURCE1} audit
%install %install
%make_install %make_install
mkdir -p %{buildroot}%{_localstatedir}/log/audit/ mkdir -p %{buildroot}%{_localstatedir}/log/audit/
touch %{buildroot}%{_localstatedir}/log/audit/audit.log touch %{buildroot}%{_localstatedir}/log/audit/audit.log
mkdir -p %{buildroot}%{_localstatedir}/spool/audit/ mkdir -p %{buildroot}%{_localstatedir}/spool/audit/
mkdir -p %{buildroot}%{_sysusersdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/
# For ghost below, so that old location files will still be there when # For ghost below, so that old location files will still be there when
# post copy runs # post copy runs
mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/ mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/
@ -207,6 +225,8 @@ fi
%pre -n audit %pre -n audit
%service_add_pre auditd.service %service_add_pre auditd.service
%pre -n system-group-audit -f audit.pre
%preun -n audit %preun -n audit
%service_del_preun auditd.service %service_del_preun auditd.service
@ -263,12 +283,15 @@ fi
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
%dir %attr(700,root,root) %{_localstatedir}/log/audit %dir %attr(750,root,audit) %{_localstatedir}/log/audit
%ghost %config(noreplace) %{_localstatedir}/log/audit/audit.log %ghost %config(noreplace) %attr(640,root,audit) %{_localstatedir}/log/audit/audit.log
%dir %attr(700,root,root) %{_localstatedir}/spool/audit %dir %attr(700,root,root) %{_localstatedir}/spool/audit
%{_unitdir}/auditd.service %{_unitdir}/auditd.service
%{_sbindir}/rcauditd %{_sbindir}/rcauditd
%files -n system-group-audit
%{_sysusersdir}/system-group-audit.conf
%if %{with python2} %if %{with python2}
%files -n python2-audit %files -n python2-audit
%attr(755,root,root) %{python2_sitearch}/_audit.so %attr(755,root,root) %{python2_sitearch}/_audit.so

4
audit.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package audit # spec file for package audit
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,6 +26,7 @@ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: baselibs.conf Source1: baselibs.conf
Source2: README-BEFORE-ADDING-PATCHES Source2: README-BEFORE-ADDING-PATCHES
Patch0: change-default-log_group.patch
BuildRequires: autoconf >= 2.12 BuildRequires: autoconf >= 2.12
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: kernel-headers >= 2.6.30 BuildRequires: kernel-headers >= 2.6.30
@ -74,6 +75,7 @@ libraries.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
autoreconf -fi autoreconf -fi

21
change-default-log_group.patch Normal file
View File

@ -0,0 +1,21 @@
From: Enzo Matsumiya <ematsumiya@suse.de>
Date: Thu Jan 28 18:11:39 UTC 2021
References: bsc#1178154
Patch-mainline: Not yet, under review
Subject: change default log_group to "audit"
Change the default log_group to newly added "audit" group.
Signed-Off-by: Enzo Matsumiya <ematsumiya@suse.de>
--- a/init.d/auditd.conf
+++ b/init.d/auditd.conf
@@ -5,7 +5,7 @@
local_events = yes
write_logs = yes
log_file = /var/log/audit/audit.log
-log_group = root
+log_group = audit
log_format = RAW
flush = INCREMENTAL_ASYNC
freq = 50

2
system-group-audit.conf Normal file
View File

@ -0,0 +1,2 @@
# Type Name ID GECOS [HOME]
g audit -