forked from pool/audit
This commit is contained in:
parent
867ed2b559
commit
97cd17092d
3
audit-1.7.13.tar.bz2
Normal file
3
audit-1.7.13.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:053ebd92c6b8c1dac67f6cde59073798eb365c97bb73281b18b09b1b8bee5682
|
||||
size 905282
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bd635c98f200d0b436e69fb2cb074386dd9f557ca7e2479e1de0cb0f7b2eea6d
|
||||
size 934496
|
@ -1,117 +0,0 @@
|
||||
docs/ausearch.8 | 3 +++
|
||||
src/ausearch-options.c | 9 ++++++++-
|
||||
src/ausearch-options.h | 1 +
|
||||
src/ausearch.c | 10 ++++++----
|
||||
4 files changed, 18 insertions(+), 5 deletions(-)
|
||||
|
||||
--- audit-1.7.7/docs/ausearch.8
|
||||
+++ audit-1.7.7/docs/ausearch.8
|
||||
@@ -54,6 +54,9 @@
|
||||
.BR \-k ,\ \-\-key \ \fIkey-string\fP
|
||||
Search for an event based on the given \fIkey string\fP.
|
||||
.TP
|
||||
+.BR \-l ,\ \-\-line-buffered
|
||||
+Flush output on every line. Most useful when stdout is connected to a pipe and the default block buffering strategy is undesirable. May impose a performance penalty.
|
||||
+.TP
|
||||
.BR \-m ,\ \-\-message \ \fImessage-type\fP\ |\ \fIcomma-sep-message-type-list\fP
|
||||
Search for an event matching the given \fImessage type\fP. You may also enter a \fIcomma separated list of message types\fP. There is an \fBALL\fP message type that doesn't exist in the actual logs. It allows you to get all messages in the system. The list of valid messages types is long. The program will display the list whenever no message type is passed with this parameter. The message type can be either text or numeric. If you enter a list, there can be only commas and no spaces separating the list.
|
||||
.TP
|
||||
--- audit-1.7.7/src/ausearch-options.c
|
||||
+++ audit-1.7.7/src/ausearch-options.c
|
||||
@@ -50,6 +50,7 @@
|
||||
int event_ua = 0, event_ga = 0, event_se = 0;
|
||||
int just_one = 0;
|
||||
int event_session_id = -1;
|
||||
+int line_buffered = 0;
|
||||
const char *event_key = NULL;
|
||||
const char *event_node = NULL;
|
||||
const char *event_filename = NULL;
|
||||
@@ -71,7 +72,7 @@
|
||||
S_HOSTNAME, S_INTERP, S_INFILE, S_MESSAGE_TYPE, S_PID, S_SYSCALL, S_OSUCCESS,
|
||||
S_TIME_END, S_TIME_START, S_TERMINAL, S_ALL_UID, S_EFF_UID, S_UID, S_LOGINID,
|
||||
S_VERSION, S_EXACT_MATCH, S_EXECUTABLE, S_CONTEXT, S_SUBJECT, S_OBJECT,
|
||||
-S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION };
|
||||
+S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION, S_LINEBUFFERED };
|
||||
|
||||
static struct nv_pair optiontab[] = {
|
||||
{ S_EVENT, "-a" },
|
||||
@@ -98,6 +99,8 @@
|
||||
{ S_JUST_ONE, "--just-one" },
|
||||
{ S_KEY, "-k" },
|
||||
{ S_KEY, "--key" },
|
||||
+ { S_LINEBUFFERED, "-l" },
|
||||
+ { S_LINEBUFFERED, "--line-buffered" },
|
||||
{ S_MESSAGE_TYPE, "-m" },
|
||||
{ S_MESSAGE_TYPE, "--message" },
|
||||
{ S_NODE, "-n" },
|
||||
@@ -169,6 +172,7 @@
|
||||
"\t--input-logs\t\t\tUse the logs even if stdin is a pipe\n"
|
||||
"\t--just-one\t\t\tEmit just one event\n"
|
||||
"\t-k,--key <key string>\t\tsearch based on key field\n"
|
||||
+ "\t-l, --line-buffered\t\tFlush output on every line\n"
|
||||
"\t-m,--message <Message type>\tsearch based on message type\n"
|
||||
"\t-n,--node <Node name>\t\tsearch based on machine's name\n"
|
||||
"\t-o,--object <SE Linux Object context> search based on context of object\n"
|
||||
@@ -954,6 +958,9 @@
|
||||
c++;
|
||||
}
|
||||
break;
|
||||
+ case S_LINEBUFFERED:
|
||||
+ line_buffered = 1;
|
||||
+ break;
|
||||
default:
|
||||
fprintf(stderr, "%s is an unsupported option\n",
|
||||
vars[c]);
|
||||
--- audit-1.7.7/src/ausearch-options.h
|
||||
+++ audit-1.7.7/src/ausearch-options.h
|
||||
@@ -36,6 +36,7 @@
|
||||
extern const char *event_object;
|
||||
extern int event_se;
|
||||
extern int just_one;
|
||||
+extern int line_buffered;
|
||||
extern pid_t event_ppid;
|
||||
extern int event_session_id;
|
||||
|
||||
--- audit-1.7.7/src/ausearch.c
|
||||
+++ audit-1.7.7/src/ausearch.c
|
||||
@@ -43,7 +43,6 @@
|
||||
|
||||
static FILE *log_fd = NULL;
|
||||
static int found = 0;
|
||||
-static int pipe_mode = 0;
|
||||
static int process_logs(void);
|
||||
static int process_log_fd(void);
|
||||
static int process_stdin(void);
|
||||
@@ -58,11 +57,12 @@
|
||||
extern int match(llist *l);
|
||||
extern void output_record(llist *l);
|
||||
|
||||
-static int input_is_pipe(void)
|
||||
+static int is_pipe(int fd)
|
||||
{
|
||||
struct stat st;
|
||||
+ int pipe_mode = 0;
|
||||
|
||||
- if (fstat(0, &st) == 0) {
|
||||
+ if (fstat(fd, &st) == 0) {
|
||||
if (S_ISFIFO(st.st_mode))
|
||||
pipe_mode = 1;
|
||||
}
|
||||
@@ -92,7 +92,7 @@
|
||||
rc = process_file(user_file);
|
||||
else if (force_logs)
|
||||
rc = process_logs();
|
||||
- else if (input_is_pipe())
|
||||
+ else if (is_pipe(0))
|
||||
rc = process_stdin();
|
||||
else
|
||||
rc = process_logs();
|
||||
@@ -190,6 +190,8 @@
|
||||
list_clear(&entries);
|
||||
break;
|
||||
}
|
||||
+ if (line_buffered)
|
||||
+ fflush(stdout);
|
||||
}
|
||||
list_clear(&entries);
|
||||
} while (ret == 0);
|
@ -1,88 +0,0 @@
|
||||
---
|
||||
ausearch.c | 31 +++++++++++++++++++++++++++----
|
||||
1 file changed, 27 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: trunk/src/ausearch.c
|
||||
===================================================================
|
||||
--- audit-1.7.7/src/ausearch.c.orig 2008-11-26 22:39:25.736364000 +0100
|
||||
+++ audit-1.7.7/src/ausearch.c 2008-11-27 00:21:32.801448000 +0100
|
||||
@@ -34,6 +34,7 @@
|
||||
#include <sys/resource.h>
|
||||
#include <sys/stat.h>
|
||||
#include <locale.h>
|
||||
+#include <signal.h>
|
||||
#include "libaudit.h"
|
||||
#include "auditd-config.h"
|
||||
#include "ausearch-options.h"
|
||||
@@ -43,6 +44,8 @@
|
||||
|
||||
static FILE *log_fd = NULL;
|
||||
static int found = 0;
|
||||
+static int input_is_pipe = 0;
|
||||
+static int timeout_interval = 5; /* timeout in seconds */
|
||||
static int process_logs(void);
|
||||
static int process_log_fd(void);
|
||||
static int process_stdin(void);
|
||||
@@ -200,9 +203,19 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void alarm_handler(int signal)
|
||||
+{
|
||||
+ /* will interrupt current syscall */
|
||||
+}
|
||||
+
|
||||
static int process_stdin(void)
|
||||
{
|
||||
log_fd = stdin;
|
||||
+ input_is_pipe=1;
|
||||
+
|
||||
+ if (signal(SIGALRM, alarm_handler) == SIG_ERR ||
|
||||
+ siginterrupt(SIGALRM, 1) == -1)
|
||||
+ return -1;
|
||||
|
||||
return process_log_fd();
|
||||
}
|
||||
@@ -236,6 +249,7 @@
|
||||
char *rc;
|
||||
char *buff = NULL;
|
||||
int first_time = 1;
|
||||
+ int timer_running = 0;
|
||||
|
||||
while (1) {
|
||||
if (saved_buff) {
|
||||
@@ -248,11 +262,20 @@
|
||||
if (!buff)
|
||||
return -1;
|
||||
}
|
||||
- // FIXME: In pipe mode, if there is a waiting buffer
|
||||
- // and 5 seconds has elapsed, go ahead and process
|
||||
- // the buffer - nothings coming that's related.
|
||||
+
|
||||
+ if (input_is_pipe && !first_time) {
|
||||
+ timer_running = 1;
|
||||
+ alarm(timeout_interval);
|
||||
+ }
|
||||
+
|
||||
rc = fgets_unlocked(buff, MAX_AUDIT_MESSAGE_LENGTH,
|
||||
log_fd);
|
||||
+
|
||||
+ if (timer_running) {
|
||||
+ /* timer may have fired but thats ok */
|
||||
+ timer_running = 0;
|
||||
+ alarm(0);
|
||||
+ }
|
||||
}
|
||||
if (rc) {
|
||||
lnode n;
|
||||
@@ -282,7 +305,9 @@
|
||||
}
|
||||
} else {
|
||||
free(buff);
|
||||
- if (feof(log_fd))
|
||||
+ if (ferror(log_fd) && errno == EINTR)
|
||||
+ return 0;
|
||||
+ else if (feof(log_fd))
|
||||
return 1;
|
||||
else
|
||||
return -1;
|
@ -17,12 +17,12 @@ there you have it.
|
||||
m4_include([src/libev/libev.m4])
|
||||
libev_LIBS="$LIBS"
|
||||
@@ -195,7 +195,8 @@
|
||||
AC_SUBST(LIBWRAP_LIBS)
|
||||
AC_SUBST(libev_LIBS)
|
||||
AC_SUBST(LIBPRELUDE_CFLAGS)
|
||||
AC_SUBST(LIBPRELUDE_LDFLAGS)
|
||||
|
||||
-AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
|
||||
-AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
|
||||
+# SuSE: remove swig/Makefile + bindings/Makefile + bindings/python/Makefile
|
||||
+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
|
||||
+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
|
||||
|
||||
echo .
|
||||
echo "
|
||||
|
@ -7,12 +7,12 @@ Disable system-config-audit. A Yast equivalent would be useful though.
|
||||
--- audit-1.7.7/configure.ac.orig 2008-09-23 00:59:29.976782000 +0200
|
||||
+++ audit-1.7.7/configure.ac 2008-09-23 01:19:31.984128000 +0200
|
||||
@@ -195,7 +195,6 @@
|
||||
AC_SUBST(LIBWRAP_LIBS)
|
||||
AC_SUBST(libev_LIBS)
|
||||
AC_SUBST(LIBPRELUDE_CFLAGS)
|
||||
AC_SUBST(LIBPRELUDE_LDFLAGS)
|
||||
|
||||
-AC_CONFIG_SUBDIRS([system-config-audit])
|
||||
AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
|
||||
|
||||
AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
|
||||
|
||||
echo .
|
||||
--- audit-1.7.7/Makefile.am.orig 2008-09-23 01:20:05.010072000 +0200
|
||||
+++ audit-1.7.7/Makefile.am 2008-09-23 01:20:10.039036000 +0200
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 11 17:19:50 CEST 2009 - tonyj@suse.de
|
||||
|
||||
- Update from 1.7.7 to 1.7.13 (see audit.changes for upstream change
|
||||
history)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 26 23:27:36 CEST 2008 - tonyj@suse.de
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package audit-secondary (Version 1.7.7)
|
||||
# spec file for package audit-secondary (Version 1.7.13)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
@ -25,8 +25,8 @@ BuildRequires: audit audit-devel gcc-c++ openldap2-devel pkg-config python-deve
|
||||
Summary: Python Bindings for libaudit
|
||||
License: GPL v2 or later
|
||||
Group: System/Monitoring
|
||||
Version: 1.7.7
|
||||
Release: 6
|
||||
Version: 1.7.13
|
||||
Release: 1
|
||||
Url: http://people.redhat.com/sgrubb/audit/
|
||||
Source0: audit-%{version}.tar.bz2
|
||||
Patch0: audit-no_sca.patch
|
||||
@ -92,9 +92,6 @@ autoreconf -fi
|
||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||
export CXXFLAGS="$CFLAGS"
|
||||
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor
|
||||
pushd src/mt
|
||||
make libaudit.h
|
||||
popd
|
||||
make
|
||||
|
||||
%install
|
||||
@ -150,6 +147,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
|
||||
|
||||
%changelog
|
||||
* Mon May 11 2009 tonyj@suse.de
|
||||
- Update from 1.7.7 to 1.7.13 (see audit.changes for upstream change
|
||||
history)
|
||||
* Fri Sep 26 2008 tonyj@suse.de
|
||||
- Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change
|
||||
history)
|
||||
|
@ -1,4 +1,85 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 11 17:20:28 CEST 2009 - tonyj@suse.de
|
||||
|
||||
- Update from 1.7.7 to 1.7.13.
|
||||
- Redhat changelog for 1.7.8 - 1.7.13 follows:
|
||||
* Tue Apr 21 2009 Steve Grubb <sgrubb@redhat.com> 1.7.13-1
|
||||
- Disable libev asserts unless --with-debug passed to configure
|
||||
- Handle kernel 2.6.29's audit = 0 boot parameter better
|
||||
- Install audit.py file in arch specific python directory (Dan Walsh)
|
||||
- Fix problem with negative uids in audit rules on 32 bit systems
|
||||
- When file type is unknown, output octal for mode field (Miloslav Trmač)
|
||||
- Update tty keystroke interpretations (Miloslav Trmač)
|
||||
|
||||
* Tue Feb 24 2009 Steve Grubb <sgrubb@redhat.com> 1.7.12-1
|
||||
- Add definitions for crypto events
|
||||
- Fix regression where msgtype couldn't be used as a range in audit rules
|
||||
- In libaudit, extend time spent checking reply
|
||||
- In acct events, prefer id over acct if given
|
||||
- In aulast, try id and acct in USER_LOGIN events
|
||||
- When in immutable mode, have auditctl tell user instead of sending rules
|
||||
- Add option to sysconfig to disable audit system on auditd stop
|
||||
- Add tcp_wrappers config option to auditd
|
||||
- Aulastlog can now take input from stdin
|
||||
- Update libaudit python bindings to throw exceptions on error
|
||||
- Adjust formatting of TTY data in libauparse to be like ausearch/report
|
||||
- Add more key mappings to TTY interpretations
|
||||
- Add internal queue to audisp-remote
|
||||
- Fix failure action code to allow executables in audisp-remote (Chu Li)
|
||||
- Fix memory leak when NOLOG log_format option given to auditd
|
||||
- Quieten some of the reconnect text being sent to syslog in audisp-remote
|
||||
- Apply some libev fixups to auditd
|
||||
- Cleanup shutdown sequence of auditd
|
||||
- Allow auditd log rotation via SIGUSR1 when NOLOG log format option given
|
||||
|
||||
* Sat Jan 10 2009 Steve Grubb <sgrubb@redhat.com> 1.7.11-1
|
||||
- Don't error out in auditd when calling setsid
|
||||
- Reformat a couple auditd error messages (Oden Eriksson)
|
||||
- If log rotate fails, leave the old log writable
|
||||
- Fixed bug in setting up auditd event loop when listening
|
||||
- Warn if on biarch machine and auditctl rules show a syscall mismatch
|
||||
- Audisp-remote was not parsing some config options correctly
|
||||
- In auparse, check for single key in addition to virtual keys
|
||||
- When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients
|
||||
- Created reconnect option to remote ending setting of audisp-remote
|
||||
|
||||
* Sat Dec 13 2008 Steve Grubb <sgrubb@redhat.com> 1.7.10-1
|
||||
- Fix ausearch and aureport to handle out of order events
|
||||
- Add line-buffer option to ausearch & timeout pipe input (Tony Jones)
|
||||
- Add support in ausearch/report for tty data
|
||||
- In audisp-remote, allow the keyword "any" for local_port
|
||||
- Tighten parsing for -m and -w options in auditctl
|
||||
- Add session query hint for aulast proof
|
||||
- Fix audisp-remote to tolerate krb5 config options when not supported
|
||||
- Created new aureport option for tty keystroke report
|
||||
- audispd should detect backup config files and not use them
|
||||
- When checking for ack in netlink interface, retry on EAGAIN a few times
|
||||
- In aureport, fix mods report to show acct acted upon
|
||||
|
||||
* Wed Nov 05 2008 Steve Grubb <sgrubb@redhat.com> 1.7.9-1
|
||||
- Fix uninitialized variable in aureport causing segfault
|
||||
- Quieten down the gssapi not supported messages
|
||||
- Fix bug interpretting i386 logs on x86_64 machines
|
||||
- If kernel is in immutable mode, auditd should not send enable command
|
||||
- Fix ausearch/report recent and now time keyword lookups
|
||||
- Created aulast program
|
||||
- prelude plugin should pull auid for login alert from 2nd uid field
|
||||
- Add system boot, shutdown, and run level change events
|
||||
- Add max_restarts to audispd.conf to limit times a plugin is restarted
|
||||
- Expand session detection in ausearch
|
||||
|
||||
* Wed Oct 22 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-1
|
||||
- Interpret TTY audit data in auparse (Miloslav Trmač)
|
||||
- Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
|
||||
- Add USER_AVCs to aureport's avc reporting (Peng Haitao)
|
||||
- Short circuit hostname resolution in libaudit if host is empty
|
||||
- If log_group and user are not root, don't check dispatcher perms
|
||||
- Fix a bug when executing "ausearch -te today PM"
|
||||
- Add --exit search option to ausearch
|
||||
- Fix parsing config file when kerberos is disabled
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
Tue Apr 14 14:52:39 CEST 2009 - dmueller@suse.de
|
||||
|
||||
- refresh patches
|
||||
|
90
audit.spec
90
audit.spec
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package audit (Version 1.7.7)
|
||||
# spec file for package audit (Version 1.7.13)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
@ -21,8 +21,8 @@
|
||||
Name: audit
|
||||
BuildRequires: gcc-c++ tcpd-devel
|
||||
Summary: User Space Tools for 2.6 Kernel Auditing
|
||||
Version: 1.7.7
|
||||
Release: 6
|
||||
Version: 1.7.13
|
||||
Release: 1
|
||||
License: GPL v2 or later
|
||||
Group: System/Monitoring
|
||||
Url: http://people.redhat.com/sgrubb/audit/
|
||||
@ -33,8 +33,6 @@ Patch0: audit-no_sca.patch
|
||||
Patch1: audit-no_python.patch
|
||||
Patch2: audit-no_plugins.patch
|
||||
Patch3: audit-no-gss.patch
|
||||
Patch4: audit-445353-1.patch
|
||||
Patch5: audit-445353-2.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
@ -93,17 +91,13 @@ Authors:
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
autoreconf -fi
|
||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||
export CXXFLAGS="$CFLAGS"
|
||||
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
|
||||
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor --with-libwrap
|
||||
pushd src/mt
|
||||
make libaudit.h
|
||||
popd
|
||||
make
|
||||
|
||||
%install
|
||||
@ -192,6 +186,7 @@ fi
|
||||
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
|
||||
@ -203,7 +198,8 @@ fi
|
||||
%attr(750,root,root) /sbin/rcauditd
|
||||
%attr(750,root,root) /sbin/autrace
|
||||
%attr(750,root,root) /sbin/audispd
|
||||
%attr(750,root,root) /usr/bin/aulastlog
|
||||
%attr(755,root,root) /usr/bin/aulast
|
||||
%attr(755,root,root) /usr/bin/aulastlog
|
||||
%attr(755,root,root) /usr/bin/ausyscall
|
||||
%attr(755,root,root) /sbin/aureport
|
||||
/etc/init.d/auditd
|
||||
@ -223,6 +219,78 @@ fi
|
||||
%attr(755,root,root) /usr/bin/ausyscall
|
||||
|
||||
%changelog
|
||||
* Mon May 11 2009 tonyj@suse.de
|
||||
- Update from 1.7.7 to 1.7.13.
|
||||
- Redhat changelog for 1.7.8 - 1.7.13 follows:
|
||||
* Tue Apr 21 2009 Steve Grubb <sgrubb@redhat.com> 1.7.13-1
|
||||
- Disable libev asserts unless --with-debug passed to configure
|
||||
- Handle kernel 2.6.29's audit = 0 boot parameter better
|
||||
- Install audit.py file in arch specific python directory (Dan Walsh)
|
||||
- Fix problem with negative uids in audit rules on 32 bit systems
|
||||
- When file type is unknown, output octal for mode field (Miloslav Trmač)
|
||||
- Update tty keystroke interpretations (Miloslav Trmač)
|
||||
* Tue Feb 24 2009 Steve Grubb <sgrubb@redhat.com> 1.7.12-1
|
||||
- Add definitions for crypto events
|
||||
- Fix regression where msgtype couldn't be used as a range in audit rules
|
||||
- In libaudit, extend time spent checking reply
|
||||
- In acct events, prefer id over acct if given
|
||||
- In aulast, try id and acct in USER_LOGIN events
|
||||
- When in immutable mode, have auditctl tell user instead of sending rules
|
||||
- Add option to sysconfig to disable audit system on auditd stop
|
||||
- Add tcp_wrappers config option to auditd
|
||||
- Aulastlog can now take input from stdin
|
||||
- Update libaudit python bindings to throw exceptions on error
|
||||
- Adjust formatting of TTY data in libauparse to be like ausearch/report
|
||||
- Add more key mappings to TTY interpretations
|
||||
- Add internal queue to audisp-remote
|
||||
- Fix failure action code to allow executables in audisp-remote (Chu Li)
|
||||
- Fix memory leak when NOLOG log_format option given to auditd
|
||||
- Quieten some of the reconnect text being sent to syslog in audisp-remote
|
||||
- Apply some libev fixups to auditd
|
||||
- Cleanup shutdown sequence of auditd
|
||||
- Allow auditd log rotation via SIGUSR1 when NOLOG log format option given
|
||||
* Sat Jan 10 2009 Steve Grubb <sgrubb@redhat.com> 1.7.11-1
|
||||
- Don't error out in auditd when calling setsid
|
||||
- Reformat a couple auditd error messages (Oden Eriksson)
|
||||
- If log rotate fails, leave the old log writable
|
||||
- Fixed bug in setting up auditd event loop when listening
|
||||
- Warn if on biarch machine and auditctl rules show a syscall mismatch
|
||||
- Audisp-remote was not parsing some config options correctly
|
||||
- In auparse, check for single key in addition to virtual keys
|
||||
- When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients
|
||||
- Created reconnect option to remote ending setting of audisp-remote
|
||||
* Sat Dec 13 2008 Steve Grubb <sgrubb@redhat.com> 1.7.10-1
|
||||
- Fix ausearch and aureport to handle out of order events
|
||||
- Add line-buffer option to ausearch & timeout pipe input (Tony Jones)
|
||||
- Add support in ausearch/report for tty data
|
||||
- In audisp-remote, allow the keyword "any" for local_port
|
||||
- Tighten parsing for -m and -w options in auditctl
|
||||
- Add session query hint for aulast proof
|
||||
- Fix audisp-remote to tolerate krb5 config options when not supported
|
||||
- Created new aureport option for tty keystroke report
|
||||
- audispd should detect backup config files and not use them
|
||||
- When checking for ack in netlink interface, retry on EAGAIN a few times
|
||||
- In aureport, fix mods report to show acct acted upon
|
||||
* Wed Nov 05 2008 Steve Grubb <sgrubb@redhat.com> 1.7.9-1
|
||||
- Fix uninitialized variable in aureport causing segfault
|
||||
- Quieten down the gssapi not supported messages
|
||||
- Fix bug interpretting i386 logs on x86_64 machines
|
||||
- If kernel is in immutable mode, auditd should not send enable command
|
||||
- Fix ausearch/report recent and now time keyword lookups
|
||||
- Created aulast program
|
||||
- prelude plugin should pull auid for login alert from 2nd uid field
|
||||
- Add system boot, shutdown, and run level change events
|
||||
- Add max_restarts to audispd.conf to limit times a plugin is restarted
|
||||
- Expand session detection in ausearch
|
||||
* Wed Oct 22 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-1
|
||||
- Interpret TTY audit data in auparse (Miloslav Trmač)
|
||||
- Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
|
||||
- Add USER_AVCs to aureport's avc reporting (Peng Haitao)
|
||||
- Short circuit hostname resolution in libaudit if host is empty
|
||||
- If log_group and user are not root, don't check dispatcher perms
|
||||
- Fix a bug when executing "ausearch -te today PM"
|
||||
- Add --exit search option to ausearch
|
||||
- Fix parsing config file when kerberos is disabled
|
||||
* Tue Apr 14 2009 dmueller@suse.de
|
||||
- refresh patches
|
||||
* Wed Dec 10 2008 olh@suse.de
|
||||
|
Loading…
Reference in New Issue
Block a user