rpm/audit
SHA256
1
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=23

Browse Source
This commit is contained in:
OBS User unknown 2008-12-05 14:04:37 +00:00 committed by Git OBS Bridge
parent 251d24e5a4
commit 47b4c91a45
6 changed files with 240 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
audit-445353-1.patch Normal file
View File

@ -0,0 +1,126 @@
---
docs/ausearch.8 | 3 +++
src/ausearch-options.c | 10 +++++++++-
src/ausearch-options.h | 1 +
src/ausearch.c | 5 ++---
4 files changed, 15 insertions(+), 4 deletions(-)
Index: trunk/docs/ausearch.8
===================================================================
--- trunk.orig/docs/ausearch.8
+++ trunk/docs/ausearch.8
@@ -57,6 +57,9 @@ Stop after emitting the first event that
.BR \-k ,\ \-\-key \ \fIkey-string\fP
Search for an event based on the given \fIkey string\fP.
.TP
+.BR \-l ,\ \-\-line-buffered
+Flush output on every line. Most useful when stdout is connected to a pipe and the default block buffering strategy is undesirable. May impose a performance penalty.
+.TP
.BR \-m ,\ \-\-message \ \fImessage-type\fP\ |\ \fIcomma-sep-message-type-list\fP
Search for an event matching the given \fImessage type\fP. You may also enter a \fIcomma separated list of message types\fP. There is an \fBALL\fP message type that doesn't exist in the actual logs. It allows you to get all messages in the system. The list of valid messages types is long. The program will display the list whenever no message type is passed with this parameter. The message type can be either text or numeric. If you enter a list, there can be only commas and no spaces separating the list.
.TP
Index: trunk/src/ausearch-options.c
===================================================================
--- trunk.orig/src/ausearch-options.c
+++ trunk/src/ausearch-options.c
@@ -51,5 +51,6 @@ int event_ua = 0, event_ga = 0, event_se
int just_one = 0;
int event_session_id = -1;
+int line_buffered = 0;
const char *event_key = NULL;
const char *event_node = NULL;
const char *event_filename = NULL;
@@ -72,7 +73,7 @@ enum { S_EVENT, S_COMM, S_FILENAME, S_AL
S_HOSTNAME, S_INTERP, S_INFILE, S_MESSAGE_TYPE, S_PID, S_SYSCALL, S_OSUCCESS,
S_TIME_END, S_TIME_START, S_TERMINAL, S_ALL_UID, S_EFF_UID, S_UID, S_LOGINID,
S_VERSION, S_EXACT_MATCH, S_EXECUTABLE, S_CONTEXT, S_SUBJECT, S_OBJECT,
-S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION };
+S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION, S_LINEBUFFERED };
static struct nv_pair optiontab[] = {
{ S_EVENT, "-a" },
@@ -101,6 +103,8 @@ static struct nv_pair optiontab[] = {
{ S_JUST_ONE, "--just-one" },
{ S_KEY, "-k" },
{ S_KEY, "--key" },
+ { S_LINEBUFFERED, "-l" },
+ { S_LINEBUFFERED, "--line-buffered" },
{ S_MESSAGE_TYPE, "-m" },
{ S_MESSAGE_TYPE, "--message" },
{ S_NODE, "-n" },
@@ -173,6 +177,7 @@ static void usage(void)
"\t--input-logs\t\t\tUse the logs even if stdin is a pipe\n"
"\t--just-one\t\t\tEmit just one event\n"
"\t-k,--key <key string>\t\tsearch based on key field\n"
+ "\t-l, --line-buffered\t\tFlush output on every line\n"
"\t-m,--message <Message type>\tsearch based on message type\n"
"\t-n,--node <Node name>\t\tsearch based on machine's name\n"
"\t-o,--object <SE Linux Object context> search based on context of object\n"
@@ -1003,6 +1008,9 @@ int check_params(int count, char *vars[]
c++;
}
break;
+ case S_LINEBUFFERED:
+ line_buffered = 1;
+ break;
default:
fprintf(stderr, "%s is an unsupported option\n",
vars[c]);
Index: trunk/src/ausearch-options.h
===================================================================
--- trunk.orig/src/ausearch-options.h
+++ trunk/src/ausearch-options.h
@@ -36,6 +36,7 @@ extern const char *event_subject;
extern const char *event_object;
extern int event_se;
extern int just_one;
+extern int line_buffered;
extern pid_t event_ppid;
extern int event_session_id;
Index: trunk/src/ausearch.c
===================================================================
--- audit-1.7.7/src/ausearch.c.orig 2008-11-27 02:09:24.438158000 +0100
+++ audit-1.7.7/src/ausearch.c 2008-11-27 02:12:45.548843000 +0100
@@ -43,7 +43,6 @@
static FILE *log_fd = NULL;
static int found = 0;
-static int pipe_mode = 0;
static int process_logs(void);
static int process_log_fd(void);
static int process_stdin(void);
@@ -58,11 +57,12 @@
extern int match(llist *l);
extern void output_record(llist *l);
-static int input_is_pipe(void)
+static int is_pipe(int fd)
{
struct stat st;
+ int pipe_mode = 0;
- if (fstat(0, &st) == 0) {
+ if (fstat(fd, &st) == 0) {
if (S_ISFIFO(st.st_mode))
pipe_mode = 1;
}
@@ -92,7 +92,7 @@
rc = process_file(user_file);
else if (force_logs)
rc = process_logs();
- else if (input_is_pipe())
+ else if (is_pipe(0))
rc = process_stdin();
else
rc = process_logs();
@@ -190,6 +190,8 @@
list_clear(&entries);
break;
}
+ if (line_buffered)
+ fflush(stdout);
}
list_clear(&entries);
} while (ret == 0);

88
audit-445353-2.patch Normal file
View File

@ -0,0 +1,88 @@
---
ausearch.c | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
Index: trunk/src/ausearch.c
===================================================================
--- audit-1.7.7/src/ausearch.c.orig 2008-11-26 22:39:25.736364000 +0100
+++ audit-1.7.7/src/ausearch.c 2008-11-27 00:21:32.801448000 +0100
@@ -34,6 +34,7 @@
#include <sys/resource.h>
#include <sys/stat.h>
#include <locale.h>
+#include <signal.h>
#include "libaudit.h"
#include "auditd-config.h"
#include "ausearch-options.h"
@@ -43,6 +44,8 @@
static FILE *log_fd = NULL;
static int found = 0;
+static int input_is_pipe = 0;
+static int timeout_interval = 5; /* timeout in seconds */
static int process_logs(void);
static int process_log_fd(void);
static int process_stdin(void);
@@ -200,9 +203,19 @@
return 0;
}
+static void alarm_handler(int signal)
+{
+ /* will interrupt current syscall */
+}
+
static int process_stdin(void)
{
log_fd = stdin;
+ input_is_pipe=1;
+
+ if (signal(SIGALRM, alarm_handler) == SIG_ERR ||
+ siginterrupt(SIGALRM, 1) == -1)
+ return -1;
return process_log_fd();
}
@@ -236,6 +249,7 @@
char *rc;
char *buff = NULL;
int first_time = 1;
+ int timer_running = 0;
while (1) {
if (saved_buff) {
@@ -248,11 +262,20 @@
if (!buff)
return -1;
}
- // FIXME: In pipe mode, if there is a waiting buffer
- // and 5 seconds has elapsed, go ahead and process
- // the buffer - nothings coming that's related.
+
+ if (input_is_pipe && !first_time) {
+ timer_running = 1;
+ alarm(timeout_interval);
+ }
+
rc = fgets_unlocked(buff, MAX_AUDIT_MESSAGE_LENGTH,
log_fd);
+
+ if (timer_running) {
+ /* timer may have fired but thats ok */
+ timer_running = 0;
+ alarm(0);
+ }
}
if (rc) {
lnode n;
@@ -282,7 +305,9 @@
}
} else {
free(buff);
- if (feof(log_fd))
+ if (ferror(log_fd) && errno == EINTR)
+ return 0;
+ else if (feof(log_fd))
return 1;
else
return -1;

50
audit-445353.patch
View File

@ -1,50 +0,0 @@
From: tonyj@suse.de
Date: Tue Nov 18 18:08:32 CET 2008
References: 445353
Upstream: no
Flush stdout if pipe. Prevents output being queued in pipebuf if input fails
to signal EOF.
--- audit-1.2.9/src/ausearch.c.old 2008-11-17 15:55:47.000000000 -0800
+++ audit-1.2.9/src/ausearch.c 2008-11-17 16:06:54.000000000 -0800
@@ -58,11 +58,11 @@
extern int match(llist *l);
extern void output_record(llist *l);
-static int input_is_pipe(void)
+static int is_pipe(int fd)
{
struct stat st;
- if (fstat(0, &st) == 0) {
+ if (fstat(fd, &st) == 0) {
if (S_ISFIFO(st.st_mode))
pipe_mode = 1;
}
@@ -92,7 +92,7 @@
rc = process_file(user_file);
else if (force_logs)
rc = process_logs();
- else if (input_is_pipe())
+ else if (is_pipe(0))
rc = process_stdin();
else
rc = process_logs();
@@ -175,6 +175,7 @@
{
llist entries; // entries in a record
int ret;
+ int flush = is_pipe(1);
/* For each record in file */
list_create(&entries);
@@ -185,6 +186,8 @@
}
if (match(&entries)) {
output_record(&entries);
+ if (flush)
+ fflush(stdout);
found = 1;
if (just_one) {
list_clear(&entries);

2
audit-secondary.spec
View File

@ -26,7 +26,7 @@ Summary: Python Bindings for libaudit
License: GPL v2 or later License: GPL v2 or later
Group: System/Monitoring Group: System/Monitoring
Version: 1.7.7 Version: 1.7.7
Release: 3 Release: 4
Url: http://people.redhat.com/sgrubb/audit/ Url: http://people.redhat.com/sgrubb/audit/
Source0: audit-%{version}.tar.bz2 Source0: audit-%{version}.tar.bz2
Patch0: audit-no_sca.patch Patch0: audit-no_sca.patch

12
audit.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Fri Dec 5 02:30:03 CET 2008 - tonyj@suse.de
- Revision to previous fix for bnc#445353.
These should go into SLES11 RC1.
1) Add --line-buffered option to limit when stdout is flushed (performance).
2) Testing found a related bug where (if input is a pipe) the last logical
record would permanently be queued waiting for a subsequent record indicating
end of the previous. This subsequent record may never arrive. Timer is
now run causing this record to be flushed if no new record arrives within
timeout. This fix is upstream also.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 21 08:45:03 CET 2008 - tonyj@suse.de Fri Nov 21 08:45:03 CET 2008 - tonyj@suse.de

15
audit.spec
View File

@ -22,7 +22,7 @@ Name: audit
BuildRequires: gcc-c++ tcpd-devel BuildRequires: gcc-c++ tcpd-devel
Summary: User Space Tools for 2.6 Kernel Auditing Summary: User Space Tools for 2.6 Kernel Auditing
Version: 1.7.7 Version: 1.7.7
Release: 3 Release: 4
License: GPL v2 or later License: GPL v2 or later
Group: System/Monitoring Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/ Url: http://people.redhat.com/sgrubb/audit/
@ -33,7 +33,8 @@ Patch0: audit-no_sca.patch
Patch1: audit-no_python.patch Patch1: audit-no_python.patch
Patch2: audit-no_plugins.patch Patch2: audit-no_plugins.patch
Patch3: audit-no-gss.patch Patch3: audit-no-gss.patch
Patch4: audit-445353.patch Patch4: audit-445353-1.patch
Patch5: audit-445353-2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
PreReq: %insserv_prereq %fillup_prereq PreReq: %insserv_prereq %fillup_prereq
@ -96,6 +97,7 @@ Authors:
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
autoreconf -fi autoreconf -fi
@ -224,6 +226,15 @@ fi
%attr(755,root,root) /usr/bin/ausyscall %attr(755,root,root) /usr/bin/ausyscall
%changelog %changelog
* Fri Dec 05 2008 tonyj@suse.de
- Revision to previous fix for bnc#445353.
These should go into SLES11 RC1.
1) Add --line-buffered option to limit when stdout is flushed (performance).
2) Testing found a related bug where (if input is a pipe) the last logical
record would permanently be queued waiting for a subsequent record indicating
end of the previous. This subsequent record may never arrive. Timer is
now run causing this record to be flushed if no new record arrives within
timeout. This fix is upstream also.
* Fri Nov 21 2008 tonyj@suse.de * Fri Nov 21 2008 tonyj@suse.de
- Force ausearch to flush stdout if pipe (bnc#445353) - Force ausearch to flush stdout if pipe (bnc#445353)
* Thu Oct 30 2008 olh@suse.de * Thu Oct 30 2008 olh@suse.de