From d1358f4337c1e36835fcd1b29beb2b3fae32226b0f035d12f17b4a35591aaf81 Mon Sep 17 00:00:00 2001 From: Wolfgang Frisch Date: Mon, 3 Jul 2023 14:59:58 +0000 Subject: [PATCH] Accepting request 1096509 from home:polslinux:branches:security - Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program - Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program OBS-URL: https://build.opensuse.org/request/show/1096509 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=148 --- audit-3.1.1.tar.gz | 3 +++ audit-3.1.tar.gz | 3 --- audit-ausearch-do-not-require-tclass.patch | 8 ++++---- audit-secondary.changes | 10 ++++++++++ audit-secondary.spec | 2 +- audit.changes | 10 ++++++++++ audit.spec | 2 +- create-augenrules-service.patch | 18 +++++++++--------- fix-hardened-service.patch | 8 ++++---- harden_auditd.service.patch | 10 +++++----- 10 files changed, 47 insertions(+), 27 deletions(-) create mode 100644 audit-3.1.1.tar.gz delete mode 100644 audit-3.1.tar.gz diff --git a/audit-3.1.1.tar.gz b/audit-3.1.1.tar.gz new file mode 100644 index 0000000..16cf0d9 --- /dev/null +++ b/audit-3.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:46e46b37623cce09e6ee134e78d668afc34f4e1c870c853ef12e4193078cfe87 +size 1218111 diff --git a/audit-3.1.tar.gz b/audit-3.1.tar.gz deleted file mode 100644 index cd3b8e8..0000000 --- a/audit-3.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b5cf3cdabb2786c08b1de3599a3b1a547e55f7a9f9c1eb2078f5b44cf44e8378 -size 1215931 diff --git a/audit-ausearch-do-not-require-tclass.patch b/audit-ausearch-do-not-require-tclass.patch index 91c8fe7..532a6c2 100644 --- a/audit-ausearch-do-not-require-tclass.patch +++ b/audit-ausearch-do-not-require-tclass.patch @@ -9,11 +9,11 @@ Signed-off-by: Tony Jones src/ausearch-parse.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) -Index: audit-3.0.9/src/ausearch-parse.c +Index: audit-3.1.1/src/ausearch-parse.c =================================================================== ---- audit-3.0.9.orig/src/ausearch-parse.c -+++ audit-3.0.9/src/ausearch-parse.c -@@ -2062,17 +2062,15 @@ other_avc: +--- audit-3.1.1.orig/src/ausearch-parse.c ++++ audit-3.1.1/src/ausearch-parse.c +@@ -2075,17 +2075,15 @@ other_avc: // Now get the class...its at the end, so we do things different str = strstr(term, "tclass="); diff --git a/audit-secondary.changes b/audit-secondary.changes index 856d99f..9fb2020 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jul 3 08:34:22 UTC 2023 - Paolo Stivanin + +- Update to 3.1.1: + * Add user friendly keywords for signals to auditctl + * In ausearch, parse up URINGOP and DM_CTRL records + * Harden auparse to better handle corrupt logs + * Fix a CFLAGS propogation problem in the common directory + * Move the audispd af_unix plugin to a standalone program + ------------------------------------------------------------------- Thu May 4 12:58:06 UTC 2023 - Frederic Crozat diff --git a/audit-secondary.spec b/audit-secondary.spec index 33e6dcd..4db7b59 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -22,7 +22,7 @@ # The seperation is required to minimize unnecessary build cycles. %define _name audit Name: audit-secondary -Version: 3.1 +Version: 3.1.1 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later diff --git a/audit.changes b/audit.changes index 96a0231..c05a79e 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jul 3 08:33:52 UTC 2023 - Paolo Stivanin + +- Update to 3.1.1: + * Add user friendly keywords for signals to auditctl + * In ausearch, parse up URINGOP and DM_CTRL records + * Harden auparse to better handle corrupt logs + * Fix a CFLAGS propogation problem in the common directory + * Move the audispd af_unix plugin to a standalone program + ------------------------------------------------------------------- Thu May 4 12:58:06 UTC 2023 - Frederic Crozat diff --git a/audit.spec b/audit.spec index aa32ebd..5bf9cb0 100644 --- a/audit.spec +++ b/audit.spec @@ -23,7 +23,7 @@ %endif Name: audit -Version: 3.1 +Version: 3.1.1 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later diff --git a/create-augenrules-service.patch b/create-augenrules-service.patch index 72c8745..3064bc1 100644 --- a/create-augenrules-service.patch +++ b/create-augenrules-service.patch @@ -1,7 +1,7 @@ -Index: audit-3.0.9/init.d/augenrules.service +Index: audit-3.1.1/init.d/augenrules.service =================================================================== --- /dev/null -+++ audit-3.0.9/init.d/augenrules.service ++++ audit-3.1.1/init.d/augenrules.service @@ -0,0 +1,29 @@ +[Unit] +Description=auditd rules generation @@ -32,10 +32,10 @@ Index: audit-3.0.9/init.d/augenrules.service +ProtectKernelTunables=true +ProtectKernelLogs=true +ReadWritePaths=/etc/audit -Index: audit-3.0.9/init.d/auditd.service +Index: audit-3.1.1/init.d/auditd.service =================================================================== ---- audit-3.0.9.orig/init.d/auditd.service -+++ audit-3.0.9/init.d/auditd.service +--- audit-3.1.1.orig/init.d/auditd.service ++++ audit-3.1.1/init.d/auditd.service @@ -15,15 +15,16 @@ ConditionKernelCommandLine=!audit=0 ConditionKernelCommandLine=!audit=off @@ -57,7 +57,7 @@ Index: audit-3.0.9/init.d/auditd.service #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules # By default we clear the rules on exit. To disable this, comment # the next line after copying the file to /etc/systemd/system/auditd.service -@@ -46,7 +47,6 @@ ProtectClock=true +@@ -47,7 +48,6 @@ ProtectClock=true ProtectKernelTunables=true ProtectKernelLogs=true # end of automatic additions @@ -65,10 +65,10 @@ Index: audit-3.0.9/init.d/auditd.service [Install] WantedBy=multi-user.target -Index: audit-3.0.9/init.d/Makefile.am +Index: audit-3.1.1/init.d/Makefile.am =================================================================== ---- audit-3.0.9.orig/init.d/Makefile.am -+++ audit-3.0.9/init.d/Makefile.am +--- audit-3.1.1.orig/init.d/Makefile.am ++++ audit-3.1.1/init.d/Makefile.am @@ -26,7 +26,8 @@ EXTRA_DIST = auditd.init auditd.service auditd.cron libaudit.conf auditd.condrestart \ auditd.reload auditd.restart auditd.resume \ diff --git a/fix-hardened-service.patch b/fix-hardened-service.patch index 0fe1648..c7325be 100644 --- a/fix-hardened-service.patch +++ b/fix-hardened-service.patch @@ -12,11 +12,11 @@ Also remove PrivateDevices=true so /dev/* are exposed to auditd. Signed-off-by: Enzo Matsumiya -Index: audit-3.0.9/init.d/auditd.service +Index: audit-3.1.1/init.d/auditd.service =================================================================== ---- audit-3.0.9.orig/init.d/auditd.service -+++ audit-3.0.9/init.d/auditd.service -@@ -41,12 +41,12 @@ RestrictRealtime=true +--- audit-3.1.1.orig/init.d/auditd.service ++++ audit-3.1.1/init.d/auditd.service +@@ -42,12 +42,12 @@ RestrictRealtime=true # added automatically, for details please see # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full diff --git a/harden_auditd.service.patch b/harden_auditd.service.patch index 3e3ad0f..4eff294 100644 --- a/harden_auditd.service.patch +++ b/harden_auditd.service.patch @@ -1,9 +1,9 @@ -Index: audit-3.0.9/init.d/auditd.service +Index: audit-3.1.1/init.d/auditd.service =================================================================== ---- audit-3.0.9.orig/init.d/auditd.service -+++ audit-3.0.9/init.d/auditd.service -@@ -38,6 +38,15 @@ LockPersonality=true - ProtectControlGroups=true +--- audit-3.1.1.orig/init.d/auditd.service ++++ audit-3.1.1/init.d/auditd.service +@@ -39,6 +39,15 @@ LockPersonality=true + #ProtectControlGroups=true ProtectKernelModules=true RestrictRealtime=true +# added automatically, for details please see