rpm/audit
SHA256
1
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

Accepting request 580988 from openSUSE:Factory:Staging:O

Browse Source 
- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * Add SOFTWARE_UPDATE event
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname

- Add patch to fix test run without python2 interpreter:
  * audit-python3.patch
- Update to 2.8.2 release:
  * Update tables for 4.14 kernel
  * Fixup ipv6 server side binding
  * AVC report from aureport was missing result column header (#1511606)
  * Add SOFTWARE_UPDATE event
  * In ausearch/report pickup any path and new-disk fields as a file
  * Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
  * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
  * Fix building on old systems without linux/fanotify.h
  * Fix shell portability issues reported by shellcheck
  * Auditd validate_email should not use gethostbyname

OBS-URL: https://build.opensuse.org/request/show/580988
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=98
This commit is contained in:
Tony Jones 2018-03-01 21:24:42 +00:00 committed by Git OBS Bridge
parent c3b4f0e839
commit 7176e3c394
7 changed files with 343 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
audit-2.8.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1becde92ff6e81798fa8878820ab2497d867036a6596f55109504b37c8b33b6c
size 1120440

3
audit-2.8.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba
size 1121970

290
audit-python3.patch Normal file
View File

@ -0,0 +1,290 @@
From: Tomas Chvatal <tchvatal@suse.com>
Subject: Convert tests to run under python3
Upsteam: yes 0dc17590 https://github.com/linux-audit/audit-userspace/pull/39
Adjust auparse_test to run with python3 and python2
Index: audit-2.8.1/auparse/test/auparse_test.py
===================================================================
--- audit-2.8.1.orig/auparse/test/auparse_test.py
+++ audit-2.8.1/auparse/test/auparse_test.py
@@ -1,5 +1,7 @@
#!/usr/bin/env python
+from __future__ import print_function
+
import os
srcdir = os.getenv('srcdir')
@@ -30,29 +32,29 @@ def walk_test(au):
au.reset()
while True:
if not au.first_record():
- print "Error getting first record"
+ print("Error getting first record")
sys.exit(1)
- print "event %d has %d records" % (event_cnt, au.get_num_records())
+ print("event %d has %d records" % (event_cnt, au.get_num_records()))
record_cnt = 1
while True:
- print " record %d of type %d(%s) has %d fields" % \
+ print(" record %d of type %d(%s) has %d fields" % \
(record_cnt,
au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
- au.get_num_fields())
- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
+ au.get_num_fields()))
+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
event = au.get_timestamp()
if event is None:
- print "Error getting timestamp - aborting"
+ print("Error getting timestamp - aborting")
sys.exit(1)
- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
au.first_field()
while True:
- print " %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
+ print(" %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
if not au.next_field(): break
- print
+ print("")
record_cnt += 1
if not au.next_record(): break
event_cnt += 1
@@ -62,25 +64,25 @@ def walk_test(au):
def light_test(au):
while True:
if not au.first_record():
- print "Error getting first record"
+ print("Error getting first record")
sys.exit(1)
- print "event has %d records" % (au.get_num_records())
+ print("event has %d records" % (au.get_num_records()))
record_cnt = 1
while True:
- print " record %d of type %d(%s) has %d fields" % \
+ print(" record %d of type %d(%s) has %d fields" % \
(record_cnt,
au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
- au.get_num_fields())
- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
+ au.get_num_fields()))
+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
event = au.get_timestamp()
if event is None:
- print "Error getting timestamp - aborting"
+ print("Error getting timestamp - aborting")
sys.exit(1)
- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
- print
+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
+ print("")
record_cnt += 1
if not au.next_record(): break
if not au.parse_next_event(): break
@@ -97,9 +99,9 @@ def simple_search(au, source, where):
au.search_add_item("auid", "=", val, auparse.AUSEARCH_RULE_CLEAR)
au.search_set_stop(where)
if not au.search_next_event():
- print "Error searching for auid"
+ print("Error searching for auid")
else:
- print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
+ print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
def compound_search(au, how):
au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
@@ -115,119 +117,119 @@ def compound_search(au, how):
au.search_set_stop(auparse.AUSEARCH_STOP_FIELD)
if not au.search_next_event():
- print "Error searching for auid"
+ print("Error searching for auid")
else:
- print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
+ print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
def feed_callback(au, cb_event_type, event_cnt):
if cb_event_type == auparse.AUPARSE_CB_EVENT_READY:
if not au.first_record():
- print "Error getting first record"
+ print("Error getting first record")
sys.exit(1)
- print "event %d has %d records" % (event_cnt[0], au.get_num_records())
+ print("event %d has %d records" % (event_cnt[0], au.get_num_records()))
record_cnt = 1
while True:
- print " record %d of type %d(%s) has %d fields" % \
+ print(" record %d of type %d(%s) has %d fields" % \
(record_cnt,
au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
- au.get_num_fields())
- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
+ au.get_num_fields()))
+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
event = au.get_timestamp()
if event is None:
- print "Error getting timestamp - aborting"
+ print("Error getting timestamp - aborting")
sys.exit(1)
- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
au.first_field()
while True:
- print " %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
+ print(" %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
if not au.next_field(): break
- print
+ print("")
record_cnt += 1
if not au.next_record(): break
event_cnt[0] += 1
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
-print "Starting Test 1, iterate..."
+print("Starting Test 1, iterate...")
while au.parse_next_event():
if au.find_field("auid"):
- print "%s=%s" % (au.get_field_name(), au.get_field_str())
- print "interp auid=%s" % (au.interpret_field())
+ print("%s=%s" % (au.get_field_name(), au.get_field_str()))
+ print("interp auid=%s" % (au.interpret_field()))
else:
- print "Error iterating to auid"
-print "Test 1 Done\n"
+ print("Error iterating to auid")
+print("Test 1 Done\n")
# Reset, now lets go to beginning and walk the list manually */
-print "Starting Test 2, walk events, records, and fields..."
+print("Starting Test 2, walk events, records, and fields...")
au.reset()
walk_test(au)
-print "Test 2 Done\n"
+print("Test 2 Done\n")
# Reset, now lets go to beginning and walk the list manually */
-print "Starting Test 3, walk events, records of 1 buffer..."
+print("Starting Test 3, walk events, records of 1 buffer...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER, buf[1])
au.reset()
light_test(au);
-print "Test 3 Done\n"
+print("Test 3 Done\n")
-print "Starting Test 4, walk events, records of 1 file..."
+print("Starting Test 4, walk events, records of 1 file...")
au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
walk_test(au);
-print "Test 4 Done\n"
+print("Test 4 Done\n")
-print "Starting Test 5, walk events, records of 2 files..."
+print("Starting Test 5, walk events, records of 2 files...")
au = auparse.AuParser(auparse.AUSOURCE_FILE_ARRAY, files);
walk_test(au);
-print "Test 5 Done\n"
+print("Test 5 Done\n")
-print "Starting Test 6, search..."
+print("Starting Test 6, search...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
au.search_add_item("auid", "=", "500", auparse.AUSEARCH_RULE_CLEAR)
au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
if au.search_next_event():
- print "Error search found something it shouldn't have"
+ print("Error search found something it shouldn't have")
else:
- print "auid = 500 not found...which is correct"
+ print("auid = 500 not found...which is correct")
au.search_clear()
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
#au.search_add_item("auid", "exists", None, auparse.AUSEARCH_RULE_CLEAR)
au.search_add_item("auid", "exists", "", auparse.AUSEARCH_RULE_CLEAR)
au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
if not au.search_next_event():
- print "Error searching for existence of auid"
-print "auid exists...which is correct"
-print "Testing BUFFER_ARRAY, stop on field"
+ print("Error searching for existence of auid")
+print("auid exists...which is correct")
+print("Testing BUFFER_ARRAY, stop on field")
simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_FIELD)
-print "Testing BUFFER_ARRAY, stop on record"
+print("Testing BUFFER_ARRAY, stop on record")
simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_RECORD)
-print "Testing BUFFER_ARRAY, stop on event"
+print("Testing BUFFER_ARRAY, stop on event")
simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_EVENT)
-print "Testing test.log, stop on field"
+print("Testing test.log, stop on field")
simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_FIELD)
-print "Testing test.log, stop on record"
+print("Testing test.log, stop on record")
simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_RECORD)
-print "Testing test.log, stop on event"
+print("Testing test.log, stop on event")
simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_EVENT)
-print "Test 6 Done\n"
+print("Test 6 Done\n")
-print "Starting Test 7, compound search..."
+print("Starting Test 7, compound search...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
compound_search(au, auparse.AUSEARCH_RULE_AND)
compound_search(au, auparse.AUSEARCH_RULE_OR)
-print "Test 7 Done\n"
+print("Test 7 Done\n")
-print "Starting Test 8, regex search..."
+print("Starting Test 8, regex search...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
-print "Doing regex match...\n"
+print("Doing regex match...\n")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
-print "Test 8 Done\n"
+print("Test 8 Done\n")
# Note: this should match Test 2 exactly
# Note: this should match Test 2 exactly
-print "Starting Test 9, buffer feed..."
+print("Starting Test 9, buffer feed...")
au = auparse.AuParser(auparse.AUSOURCE_FEED);
event_cnt = 1
au.add_callback(feed_callback, [event_cnt])
@@ -241,10 +243,10 @@ for s in buf:
beg += chunk_len
au.feed(data)
au.flush_feed()
-print "Test 9 Done\n"
+print("Test 9 Done\n")
# Note: this should match Test 4 exactly
-print "Starting Test 10, file feed..."
+print("Starting Test 10, file feed...")
au = auparse.AuParser(auparse.AUSOURCE_FEED);
event_cnt = 1
au.add_callback(feed_callback, [event_cnt])
@@ -254,9 +256,9 @@ while True:
if not data: break
au.feed(data)
au.flush_feed()
-print "Test 10 Done\n"
+print("Test 10 Done\n")
-print "Finished non-admin tests\n"
+print("Finished non-admin tests\n")
au = None
sys.exit(0)

17
audit-secondary.changes
View File

@ -3,6 +3,23 @@ Thu Feb 22 11:00:16 UTC 2018 - meissner@suse.com
- reverted -j1 force ppc specific only
-------------------------------------------------------------------
Wed Feb 7 09:26:35 UTC 2018 - tchvatal@suse.com
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
-------------------------------------------------------------------
Tue Feb 6 13:24:43 UTC 2018 - normand@linux.vnet.ibm.com

17
audit-secondary.spec
View File

@ -22,10 +22,10 @@
# The seperation is required to minimize unnecessary build cycles.
%define _name audit
Name: audit-secondary
Version: 2.8.1
Version: 2.8.2
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0+
License: GPL-2.0-or-later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
@ -33,6 +33,7 @@ Patch1: audit-plugins-path.patch
Patch2: audit-no-gss.patch
Patch3: audit-allow-manual-stop.patch
Patch4: audit-ausearch-do-not-require-tclass.patch
Patch5: audit-python3.patch
BuildRequires: audit-devel = %{version}
BuildRequires: autoconf >= 2.12
BuildRequires: gcc-c++
@ -58,7 +59,7 @@ Linux kernel.
%package -n audit
Summary: User Space Tools for Kernel Auditing
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: System/Monitoring
Requires: %{_name}-libs = %{version}
Requires: coreutils
@ -71,7 +72,7 @@ Linux kernel.
%package -n python2-audit
Summary: Python Bindings for libaudit
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: Development/Languages/Python
Provides: audit-libs-python = %{version}
Obsoletes: audit-libs-python < %{version}
@ -82,7 +83,7 @@ by python.
%package -n python3-audit
Summary: Python3 Bindings for libaudit
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: Development/Languages/Python
Provides: audit-libs-python3 = %{version}
Obsoletes: audit-libs-python3 < %{version}
@ -93,7 +94,7 @@ by python3.
%package -n audit-audispd-plugins
Summary: Default plugins for the audit dispatcher
License: GPL-2.0+
License: GPL-2.0-or-later
Group: System/Monitoring
Requires: openldap2
@ -111,6 +112,10 @@ rm -rf audisp/plugins/prelude
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
# fix python env call in tests
sed -i -e 's:#!/usr/bin/env python:#!/usr/bin/python3:g' auparse/test/auparse_test.py
%build
autoreconf -fi

17
audit.changes
View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Wed Feb 7 09:26:35 UTC 2018 - tchvatal@suse.com
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
-------------------------------------------------------------------
Sat Nov 4 21:12:09 UTC 2017 - aavindraa@gmail.com

10
audit.spec
View File

@ -17,10 +17,10 @@
Name: audit
Version: 2.8.1
Version: 2.8.2
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0+
License: GPL-2.0-or-later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -41,7 +41,7 @@ Linux kernel.
%package -n libaudit1
Summary: Library for interfacing with the kernel audit subsystem
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: System/Libraries
Obsoletes: %{name}-libs < 2.0.4
Provides: %{name}-libs = %{version}
@ -52,7 +52,7 @@ applications to use the audit framework.
%package -n libauparse0
Summary: Library for parsing and interpreting audit events
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: System/Libraries
%description -n libauparse0
@ -61,7 +61,7 @@ parse audit records.
%package -n audit-devel
Summary: Header files for libaudit
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: libaudit1 = %{version}
Requires: libauparse0 = %{version}