From c3095366301c03c3be0421245933987ef9538d935d34059b51859ad570f5bcd3 Mon Sep 17 00:00:00 2001 From: Enzo Matsumiya Date: Tue, 30 Nov 2021 01:45:17 +0000 Subject: [PATCH] Accepting request 934558 from home:favogt:branches:security - Use %autosetup - Don't include sample rules as %doc, they're already installed as normal files - Fix create-augenrules-service.patch: * auditd.service needs to require augenrules.service, not the other way around - Fix documentation for enable-stop-rules.patch OBS-URL: https://build.opensuse.org/request/show/934558 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=134 --- audit-secondary.changes | 11 ++++++++++ audit-secondary.spec | 15 ++----------- create-augenrules-service.patch | 38 +++++++++++++++++++++------------ enable-stop-rules.patch | 13 +++++++---- 4 files changed, 46 insertions(+), 31 deletions(-) diff --git a/audit-secondary.changes b/audit-secondary.changes index ff908f7..098dda5 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Nov 29 13:13:56 UTC 2021 - Fabian Vogt + +- Use %autosetup +- Don't include sample rules as %doc, they're already installed + as normal files +- Fix create-augenrules-service.patch: + * auditd.service needs to require augenrules.service, + not the other way around +- Fix documentation for enable-stop-rules.patch + ------------------------------------------------------------------- Sun Nov 7 13:34:20 UTC 2021 - Callum Farmer diff --git a/audit-secondary.spec b/audit-secondary.spec index eaaabb1..efed795 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -125,18 +125,7 @@ audit dispatcher (audispd). rm -rf audisp/plugins/zos-remote/policy # we don't build prelude rm -rf audisp/plugins/prelude -%setup -q -n %{_name}-%{version} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 +%autosetup -p1 -n %{_name}-%{version} %if %{without python2} && %{with python3} # Fix python env call in tests if we only have Python3. @@ -252,7 +241,7 @@ fi %files -n audit %license COPYING -%doc README ChangeLog rules init.d/auditd.cron +%doc README ChangeLog init.d/auditd.cron %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz %attr(644,root,root) %{_mandir}/man8/auditd.8.gz %attr(644,root,root) %{_mandir}/man8/aureport.8.gz diff --git a/create-augenrules-service.patch b/create-augenrules-service.patch index e8bcefe..f876a69 100644 --- a/create-augenrules-service.patch +++ b/create-augenrules-service.patch @@ -1,10 +1,11 @@ +Index: audit-3.0.6/init.d/augenrules.service +=================================================================== --- /dev/null -+++ b/init.d/augenrules.service -@@ -0,0 +1,33 @@ ++++ audit-3.0.6/init.d/augenrules.service +@@ -0,0 +1,29 @@ +[Unit] +Description=auditd rules generation +After=auditd.service -+PartOf=auditd.service +Documentation=man:augenrules(8) + +[Service] @@ -31,12 +32,19 @@ +ProtectKernelTunables=true +ProtectKernelLogs=true +ReadWritePaths=/etc/audit -+ -+[Install] -+WantedBy=multi-user.target ---- a/init.d/auditd.service -+++ b/init.d/auditd.service -@@ -18,10 +18,8 @@ Documentation=man:auditd(8) https://gith +Index: audit-3.0.6/init.d/auditd.service +=================================================================== +--- audit-3.0.6.orig/init.d/auditd.service ++++ audit-3.0.6/init.d/auditd.service +@@ -13,15 +13,16 @@ Before=sysinit.target shutdown.target + Conflicts=shutdown.target + ConditionKernelCommandLine=!audit=0 + Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation ++Requires=augenrules.service ++# This unit clears rules on stop, so make sure that augenrules runs again ++PropagatesStopTo=augenrules.service + + [Service] Type=forking PIDFile=/run/auditd.pid ExecStart=/sbin/auditd @@ -45,11 +53,11 @@ -## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ -ExecStartPost=-/sbin/augenrules --load +## To not use augenrules: copy this file to /etc/systemd/system/auditd.service, -+## uncomment the next line, and run "systemctl disable --now augenrules.service". ++## uncomment the next line, and comment the Requires=augenrules.service above. #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules - # By default we don't clear the rules on exit. To enable this, uncomment + # By default we clear the rules on exit. To disable this, comment # the next line after copying the file to /etc/systemd/system/auditd.service -@@ -42,7 +40,6 @@ ProtectClock=true +@@ -45,7 +46,6 @@ ProtectClock=true ProtectKernelTunables=true ProtectKernelLogs=true # end of automatic additions @@ -57,8 +65,10 @@ [Install] WantedBy=multi-user.target ---- a/init.d/Makefile.am -+++ b/init.d/Makefile.am +Index: audit-3.0.6/init.d/Makefile.am +=================================================================== +--- audit-3.0.6.orig/init.d/Makefile.am ++++ audit-3.0.6/init.d/Makefile.am @@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service auditd.cron libaudit.conf auditd.condrestart \ auditd.reload auditd.restart auditd.resume \ diff --git a/enable-stop-rules.patch b/enable-stop-rules.patch index ffa2445..9d405f0 100644 --- a/enable-stop-rules.patch +++ b/enable-stop-rules.patch @@ -11,11 +11,16 @@ Disable audit when auditd.service stops, so kauditd stops logging/running. Signed-off-by: Enzo Matsumiya ---- a/init.d/auditd.service -+++ b/init.d/auditd.service -@@ -25,7 +25,7 @@ ExecStartPost=-/sbin/augenrules --load +Index: audit-3.0.6/init.d/auditd.service +=================================================================== +--- audit-3.0.6.orig/init.d/auditd.service ++++ audit-3.0.6/init.d/auditd.service +@@ -23,9 +23,9 @@ ExecStart=/sbin/auditd + ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ + ExecStartPost=-/sbin/augenrules --load #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules - # By default we don't clear the rules on exit. To enable this, uncomment +-# By default we don't clear the rules on exit. To enable this, uncomment ++# By default we clear the rules on exit. To disable this, comment # the next line after copying the file to /etc/systemd/system/auditd.service -#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules +ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules