From 1dfe6ebd8175d0e78e38757a9209d4c9d6b5f4569dbe09728ffbbb6ddb72ac0e Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 12 Oct 2012 13:06:39 +0000 Subject: [PATCH] Accepting request 137972 from home:coolo:branches:openSUSE:Factory - Update to version 2.2.1, see audit's changes - update to 2.2.1, upstream changelog: 2.2.1 - Add more interpretations in auparse for syscall parameters - Add some interpretations to ausearch for syscall parameters - In ausearch/report and auparse, allocate extra space for node names - Update syscall tables for the 3.3.0 kernel - Update libev to 4.0.4 - Reduce the size of some applications - In auditctl, check usage against euid rather than uid 2.2 - Correct all rules for clock_settime - Fix possible segfault in auparse library - Handle malformed socket addresses better - Improve performance in audit_log_user_message() - Improve performance in writing to the log file in auditd - Syscall update for accept4 and recvmmsg - Update autrace resource usage mode syscall list - Improved sample rules for recent syscalls - Add some debug info to audisp-remote startup and shutdown - Make compiling with Python optional - In auditd, if disk_error_action is ignore, don't syslog anything - Fix some memory leaks - If audispd is stopping, don't restart children - Add support in auditctl for shell escaped filenames (Alexander) - Add search support for virt events (Marcelo Cerri) - Update interpretation tables - Sync auparse's auditd config parser with auditd's parser OBS-URL: https://build.opensuse.org/request/show/137972 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=39 --- audit-2.1.3.tar.bz2 | 3 --- audit-2.2.1.tar.gz | 3 +++ audit-no_python.patch | 57 ----------------------------------------- audit-secondary.changes | 5 ++++ audit-secondary.spec | 5 ++-- audit.changes | 46 +++++++++++++++++++++++++++++++++ audit.spec | 41 +++++++++++++++++------------ auditd.init | 2 +- auditd.sysconfig | 20 --------------- 9 files changed, 82 insertions(+), 100 deletions(-) delete mode 100644 audit-2.1.3.tar.bz2 create mode 100644 audit-2.2.1.tar.gz delete mode 100644 audit-no_python.patch diff --git a/audit-2.1.3.tar.bz2 b/audit-2.1.3.tar.bz2 deleted file mode 100644 index 2e1bb3c..0000000 --- a/audit-2.1.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6327318a73e4e38efeacfb0521388d1e6891e416992ff3798d37262395c6c4d3 -size 636030 diff --git a/audit-2.2.1.tar.gz b/audit-2.2.1.tar.gz new file mode 100644 index 0000000..c9c76d5 --- /dev/null +++ b/audit-2.2.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9865ca89f5b975ccf25441ddf45a874448f2bba944005aa8cd5e3c3148713a63 +size 877202 diff --git a/audit-no_python.patch b/audit-no_python.patch deleted file mode 100644 index 16df6b3..0000000 --- a/audit-no_python.patch +++ /dev/null @@ -1,57 +0,0 @@ -From: Tony Jones -Subject: Disable automatic building of python code -Upsteam: never - -Python code is disabled for audit.spec. Built manually by audit-libs-python.spec. -This is apparantly necessary due to the SuSE build system. Bit of a PITA but -there you have it. - ---- - Makefile.am | 4 ++-- - auparse/Makefile.am | 1 - - configure.ac | 4 ++-- - 3 files changed, 4 insertions(+), 5 deletions(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -40,7 +40,6 @@ AC_CANONICAL_TARGET - AM_INIT_AUTOMAKE - AM_PROG_LIBTOOL - AC_SUBST(LIBTOOL_DEPS) --AM_PATH_PYTHON - OLDLIBS="$LIBS" - m4_include([src/libev/libev.m4]) - libev_LIBS="$LIBS" -@@ -231,7 +230,8 @@ AC_SUBST(libev_LIBS) - AC_SUBST(LIBPRELUDE_CFLAGS) - AC_SUBST(LIBPRELUDE_LDFLAGS) - --AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) -+# SuSE: remove swig/Makefile + bindings/Makefile + bindings/python/Makefile -+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) - - echo . - echo " ---- a/Makefile.am -+++ b/Makefile.am -@@ -21,8 +21,8 @@ - # Rickard E. (Rik) Faith - # - --SUBDIRS = lib auparse src/mt src/libev src audisp tools swig bindings init.d \ -- docs -+# SuSE: remove swig + bindings -+SUBDIRS = lib auparse src/mt src/libev src audisp tools init.d docs - EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \ - contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \ - contrib/stig.rules contrib/skeleton.c contrib/avc_snap \ ---- a/auparse/Makefile.am -+++ b/auparse/Makefile.am -@@ -20,7 +20,6 @@ - # Steve Grubb - # - --SUBDIRS = test - CLEANFILES = $(BUILT_SOURCES) - CONFIG_CLEAN_FILES = *.loT *.rej *.orig - AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG} diff --git a/audit-secondary.changes b/audit-secondary.changes index b51b8bc..5c702d6 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Oct 12 13:00:30 UTC 2012 - coolo@suse.com + +- Update to version 2.2.1, see audit's changes + ------------------------------------------------------------------- Tue Feb 28 21:58:24 UTC 2012 - tonyj@suse.com diff --git a/audit-secondary.spec b/audit-secondary.spec index 47c0b66..b244c8e 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -14,7 +14,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# nodebuginfo %define _name audit @@ -28,10 +27,10 @@ BuildRequires: swig Summary: Python Bindings for libaudit License: GPL-2.0+ Group: System/Monitoring -Version: 2.1.3 +Version: 2.2.1 Release: 0 Url: http://people.redhat.com/sgrubb/audit/ -Source0: audit-%{version}.tar.bz2 +Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Patch1: audit-plugins-path.patch Requires: audit = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build diff --git a/audit.changes b/audit.changes index fc56447..c2c4914 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Fri Oct 12 12:51:13 UTC 2012 - coolo@suse.com + +- update to 2.2.1, upstream changelog: + 2.2.1 + - Add more interpretations in auparse for syscall parameters + - Add some interpretations to ausearch for syscall parameters + - In ausearch/report and auparse, allocate extra space for node names + - Update syscall tables for the 3.3.0 kernel + - Update libev to 4.0.4 + - Reduce the size of some applications + - In auditctl, check usage against euid rather than uid + + 2.2 + - Correct all rules for clock_settime + - Fix possible segfault in auparse library + - Handle malformed socket addresses better + - Improve performance in audit_log_user_message() + - Improve performance in writing to the log file in auditd + - Syscall update for accept4 and recvmmsg + - Update autrace resource usage mode syscall list + - Improved sample rules for recent syscalls + - Add some debug info to audisp-remote startup and shutdown + - Make compiling with Python optional + - In auditd, if disk_error_action is ignore, don't syslog anything + - Fix some memory leaks + - If audispd is stopping, don't restart children + - Add support in auditctl for shell escaped filenames (Alexander) + - Add search support for virt events (Marcelo Cerri) + - Update interpretation tables + - Sync auparse's auditd config parser with auditd's parser + - In ausearch, also use cwd fields in file name searchs + - In ausearch, parse cwd in USER_CMD events + - In ausearch, correct parsing of uid in user space events + - In ausearch, update parsing of integrity events + - Apply some text cleanups from Debian (Russell Coker) + - In auditd, relax some permission checks for external apps + - Add ROLE_MODIFY event type + - In auditctl, new -c option to continue through bad rules but with failed exit + - Add auvirt program to do special reporting on virt events (Marcelo Cerri) + - Add interfield comparison support to auditctl (Peter Moody) + - Update auparse type intepretation for apparmor (Marcelo Cerri) + - Increase tcp_max_per_addr maximum to 1024. +- remove audit-no_python.patch, there is a configure switch for that now +- remove prereq on sysvinit + ------------------------------------------------------------------- Tue Feb 28 21:55:39 UTC 2012 - tonyj@suse.com diff --git a/audit.spec b/audit.spec index f6e79e4..2f7ee35 100644 --- a/audit.spec +++ b/audit.spec @@ -24,20 +24,19 @@ BuildRequires: tcpd-devel Summary: User Space Tools for 2.6 Kernel Auditing License: GPL-2.0+ Group: System/Monitoring -Version: 2.1.3 +Version: 2.2.1 Release: 0 Url: http://people.redhat.com/sgrubb/audit/ -Source0: %{name}-%{version}.tar.bz2 +Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: auditd.init Source2: auditd.sysconfig Source3: baselibs.conf Source4: README-BEFORE-ADDING-PATCHES -Patch1: audit-no_python.patch Patch2: audit-no_plugins.patch Patch3: audit-no-gss.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-libs = %{version} -PreReq: %insserv_prereq %fillup_prereq sysvinit(syslog) +PreReq: %insserv_prereq %fillup_prereq %description The audit package contains the user space utilities for storing and @@ -78,7 +77,6 @@ libraries. %prep %setup -q -%patch1 -p1 %patch2 -p1 %patch3 -p1 @@ -88,10 +86,9 @@ export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" export LDFLAGS="-Wl,-z,relro,-z,now" # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch -%configure --sbindir=/sbin \ - --libdir=/%{_lib} --libexecdir=%{_prefix}/lib/%{name} \ +%configure --libexecdir=%{_prefix}/lib/%{name} \ --with-apparmor --with-libwrap --with-libcap-ng=yes \ - --disable-static --with-pic + --disable-static --with-pic --without-python %{__make} %{?_smp_mflags} %install @@ -106,8 +103,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir} install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir} for libname in libaudit libauparse;do -%{__ln_s} -v /%{_lib}/$(readlink %{buildroot}/%{_lib}/$libname.so) %{buildroot}%{_libdir}/$libname.so -%{__rm} -v %{buildroot}/%{_lib}/$libname.{so,la} + %{__rm} -v %{buildroot}/%{_libdir}/$libname.la +done + +# USR-MERGE +for prog in auditctl auditd ausearch autrace audispd aureport; do + ln -s %{_prefix}/sbin/$prog %{buildroot}/sbin/$prog done mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates @@ -117,7 +118,7 @@ rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/auditd -ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/sbin/rcauditd +ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/usr/sbin/rcauditd mkdir -p $RPM_BUILD_ROOT/var/log/audit/ touch $RPM_BUILD_ROOT/var/log/audit/audit.log mkdir -p $RPM_BUILD_ROOT/var/spool/audit/ @@ -159,19 +160,19 @@ fi %files -n libaudit1 %defattr(-,root,root) -/%{_lib}/libaudit.* +%{_libdir}/libaudit.so.* %config(noreplace) %attr(640,root,root) /etc/libaudit.conf %{_mandir}/man5/libaudit.conf.5* %files -n libauparse0 %defattr(-,root,root) -/%{_lib}/libauparse.* +%{_libdir}/libauparse.so.* %files devel %defattr(-,root,root) %doc contrib/skeleton.c contrib/plugin -%{_libdir}/libaudit.* -%{_libdir}/libauparse.* +%{_libdir}/libaudit.so +%{_libdir}/libauparse.so %{_includedir}/libaudit.h %{_includedir}/auparse.h %{_includedir}/auparse-defs.h @@ -193,16 +194,24 @@ fi %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz +%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz %attr(750,root,root) /sbin/auditctl +%attr(750,root,root) /usr/sbin/auditctl %attr(750,root,root) /sbin/auditd +%attr(750,root,root) /usr/sbin/auditd %attr(755,root,root) /sbin/ausearch -%attr(750,root,root) /sbin/rcauditd +%attr(755,root,root) /usr/sbin/ausearch +%attr(750,root,root) /usr/sbin/rcauditd %attr(750,root,root) /sbin/autrace +%attr(750,root,root) /usr/sbin/autrace %attr(750,root,root) /sbin/audispd +%attr(750,root,root) /usr/sbin/audispd %attr(755,root,root) /usr/bin/aulast %attr(755,root,root) /usr/bin/aulastlog %attr(755,root,root) /usr/bin/ausyscall %attr(755,root,root) /sbin/aureport +%attr(755,root,root) /usr/sbin/aureport +%attr(755,root,root) /usr/bin/auvirt /etc/init.d/auditd %dir %attr(750,root,root) /etc/audit %attr(750,root,root) %dir /etc/audisp diff --git a/auditd.init b/auditd.init index 4178144..d016625 100644 --- a/auditd.init +++ b/auditd.init @@ -39,7 +39,7 @@ # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance -AUDITD_BIN=/sbin/auditd +AUDITD_BIN=/usr/sbin/auditd test -x $AUDITD_BIN || { echo "$AUDITD_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } diff --git a/auditd.sysconfig b/auditd.sysconfig index 9fdd65b..75fac98 100644 --- a/auditd.sysconfig +++ b/auditd.sysconfig @@ -1,23 +1,3 @@ -## Path: System/Auditing -## Description: Auditing Options -## Type: string -## Default: auditd -## ServiceReload: auditd -## ServiceRestart: auditd -# -IDENT="auditd" -# Type: string -# Default: "" -# Add extra options here -EXTRAOPTIONS="" -# -## Type: string -## Default: "en_US" -# -# This is the locale information that audit uses. Its defaulted to en_US. -# To remove all locale information from audit's environment, set -# AUDITD_LANG to the empty string or the string "none". -AUDITD_LANG="en_US" # ## Type: string ## Default: "yes"