rpm/audit
SHA256
1
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=8

Browse Source
This commit is contained in:
OBS User unknown 2007-10-31 11:24:11 +00:00 committed by Git OBS Bridge
parent 1a1d70706a
commit d1fe1b9cec
7 changed files with 234 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
audit-1.6.2-bugs.patch
View File

@ -2,10 +2,22 @@ From: Steve Grubb <sgrubb@redhat.com>
Subject: Patches for 1.6.2
Upsteam: yes (in 1.6.3)
Misc patches for 1.6.2 audit
Misc patches for 1.6.2 audit (from Steve Grubb)
--- audit-1.6.2.orig/lib/lookup_table.c 2007-10-05 10:30:25.000000000 -0400
+++ audit-1.6.2/lib/lookup_table.c 2007-10-05 10:32:01.000000000 -0400
diff -urp audit-1.6.2.orig/audisp/audispd.c audit-1.6.2/audisp/audispd.c
--- audit-1.6.2.orig/audisp/audispd.c 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/audisp/audispd.c 2007-10-17 14:13:49.000000000 -0400
@@ -369,7 +369,6 @@ int main(int argc, char *argv[])
conf = plist_get_cur(&plugin_conf);
while (conf) {
free_pconfig(conf->p);
- free(conf->p);
conf = plist_next(&plugin_conf);
}
plist_clear(&plugin_conf);
diff -urp audit-1.6.2.orig/lib/lookup_table.c audit-1.6.2/lib/lookup_table.c
--- audit-1.6.2.orig/lib/lookup_table.c 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/lib/lookup_table.c 2007-10-17 13:56:49.000000000 -0400
@@ -483,7 +483,7 @@ int audit_name_to_msg_type(const char *m
strncpy(buf, msg_type + 8, len);
errno = 0;
@ -15,10 +27,34 @@ Misc patches for 1.6.2 audit
errno = 0;
return strtol(msg_type, NULL, 10);
}
diff -urp audit-1.6.2.orig/lib/msg_typetab.h audit-1.6.2/lib/msg_typetab.h
--- audit-1.6.2.orig/lib/msg_typetab.h 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/lib/msg_typetab.h 2007-10-17 13:57:27.000000000 -0400
@@ -92,7 +92,7 @@ _S(AUDIT_KERNEL_OTHER, "KE
_S(AUDIT_FD_PAIR, "FD_PAIR" )
_S(AUDIT_OBJ_PID, "OBJ_PID" )
_S(AUDIT_TTY, "TTY" )
-//_S(AUDIT_EOE, "EOE" )
+_S(AUDIT_EOE, "EOE" )
_S(AUDIT_AVC, "AVC" )
_S(AUDIT_SELINUX_ERR, "SELINUX_ERR" )
_S(AUDIT_AVC_PATH, "AVC_PATH" )
diff -urp audit-1.6.2.orig/src/auditd.c audit-1.6.2/src/auditd.c
--- audit-1.6.2.orig/src/auditd.c 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/src/auditd.c 2007-10-17 13:59:32.000000000 -0400
@@ -127,16 +127,18 @@ static void distribute_event(struct audi
--- audit-1.6.2.orig/src/auditd.c 2007-10-05 10:31:35.000000000 -0400
+++ audit-1.6.2/src/auditd.c 2007-10-05 10:30:04.000000000 -0400
@@ -135,8 +135,8 @@ static void distribute_event(struct audi
/* End of Event is for realtime interface - skip local logging of it */
if (rep->reply.type != AUDIT_EOE) {
+ int yield = rep->reply.type <= AUDIT_LAST_DAEMON &&
+ rep->reply.type >= AUDIT_FIRST_DAEMON ? 1 : 0;
+
/* Write to local disk */
enqueue_event(rep);
- if (rep->reply.type <= AUDIT_LAST_DAEMON &&
- rep->reply.type >= AUDIT_FIRST_DAEMON)
+ if (yield)
pthread_yield(); /* Let other thread try to log it. */
}
/* Last chance to send...maybe the pipe is empty now. */

2
audit-libs-python.spec
View File

@ -15,7 +15,7 @@ Name: audit-libs-python
BuildRequires: audit-devel gcc-c++ pkg-config python-devel swig
Summary: Python Bindings for libaudit
Version: 1.6.2
Release: 1
Release: 10
License: GPL v2 or later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/

167
audit-startup.patch Normal file
View File

@ -0,0 +1,167 @@
--- audit-1.6.2.orig/docs/auditd.8
+++ audit-1.6.2/docs/auditd.8
@@ -3,7 +3,7 @@
auditd \- The Linux Audit daemon
.SH SYNOPSIS
.B auditd
-.RB [ \-f ]\ [ \-l ]\ [ \-n ]
+.RB [ \-f ]\ [ \-l ]\ [ \-n ]\ [ \-s\ disable|enable|nochange ]
.SH DESCRIPTION
\fBauditd\fP is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
.B ausearch
@@ -24,6 +24,9 @@
.TP
.B \-n
no fork. This is useful for running off of inittab
+.TP
+.B \-s=\fIENABLE_STATE\fR
+specify when starting if auditd should change the current value for the kernel enabled flag. Valid values for ENABLE_STATE are "disable", "enable" or "nochange". The default is to enable (and disable when auditd terminates). The value of the enabled flag may be changed during the lifetime of auditd using 'auditctl -e'.
.SH SIGNALS
.TP
SIGHUP
--- audit-1.6.2.orig/src/auditd.c
+++ audit-1.6.2/src/auditd.c
@@ -36,6 +36,7 @@
#include <sys/wait.h>
#include <fcntl.h>
#include <pthread.h>
+#include <getopt.h>
#include "libaudit.h"
#include "auditd-config.h"
@@ -65,13 +66,19 @@
static void clean_exit(void);
static int get_reply(int fd, struct audit_reply *rep, int seq);
+enum startup_state {startup_disable=0, startup_enable, startup_nochange, startup_INVALID};
+static const char *startup_states[] = {"disable", "enable", "nochange"};
/*
* Output a usage message
*/
static void usage(void)
{
- puts("Usage: auditd [ -f -l -n ]");
+ fprintf(stderr, "Usage: auditd [-f] [-l] [-n] [-s %s|%s|%s]\n",
+ startup_states[startup_disable],
+ startup_states[startup_enable],
+ startup_states[startup_nochange]);
+
exit(2);
}
@@ -308,26 +315,56 @@
struct rlimit limit;
int hup_info_requested = 0, usr1_info_requested = 0;
int i;
+ int opt_foreground = 0, opt_allow_links = 0;
+ enum startup_state opt_startup = startup_enable;
+ int c;
+ extern char *optarg;
+ extern int optind;
/* Get params && set mode */
- config.daemonize = D_BACKGROUND;
- if (argc > 1) {
- for (i=1; i<argc; i++) {
- if (strcmp(argv[i], "-f") == 0)
- config.daemonize = D_FOREGROUND;
- else if (strcmp(argv[i], "-l") == 0)
- set_allow_links(1);
- else if (strcmp(argv[i], "-n") == 0)
- do_fork = 0;
- else
+ while ((c = getopt(argc, argv, "flns:")) != -1) {
+ switch (c) {
+ case 'f':
+ opt_foreground = 1;
+ break;
+ case 'l':
+ opt_allow_links=1;
+ break;
+ case 'n':
+ do_fork = 0;
+ break;
+ case 's':
+ for (i=0; i<startup_INVALID; i++) {
+ if (strncmp(optarg, startup_states[i],
+ strlen(optarg)) == 0) {
+ opt_startup = i;
+ break;
+ }
+ }
+ if (i == startup_INVALID) {
+ fprintf(stderr, "unknown startup mode '%s'\n",
+ optarg);
usage();
+ }
+ break;
+ default:
+ usage();
}
}
- // Make paramemters take effect
- if (config.daemonize == D_FOREGROUND)
+ /* check for trailing command line following options */
+ if (optind < argc) {
+ usage();
+ }
+
+ if (opt_allow_links)
+ set_allow_links(1);
+
+ if (opt_foreground) {
+ config.daemonize = D_FOREGROUND;
set_aumessage_mode(MSG_STDERR, DBG_YES);
- else {
+ } else {
+ config.daemonize = D_BACKGROUND;
set_aumessage_mode(MSG_SYSLOG, DBG_NO);
(void) umask( umask( 077 ) | 022 );
}
@@ -472,8 +509,9 @@
/* Now tell parent that everything went OK */
tell_parent(SUCCESS);
- /* Enable auditing just in case it was off */
- if (audit_set_enabled(fd, 1) < 0) {
+ /* Depending on value of opt_startup (-s) set initial audit state */
+ if (opt_startup != startup_nochange &&
+ audit_set_enabled(fd, (int)opt_startup) < 0) {
char emsg[DEFAULT_BUF_SZ];
snprintf(emsg, sizeof(emsg),
"auditd error halt, auid=%u pid=%d res=failed",
@@ -481,15 +519,19 @@
stop = 1;
//FIXME add subj
send_audit_event(AUDIT_DAEMON_ABORT, emsg);
- audit_msg(LOG_ERR, "Unable to enable auditing, exiting");
+ audit_msg(LOG_ERR,
+ "Unable to set intitial audit startup state to '%s', exiting",
+ startup_states[opt_startup]);
close_down();
if (pidfile)
unlink(pidfile);
shutdown_dispatcher();
return 1;
}
- audit_msg(LOG_NOTICE, "Init complete, auditd %s listening for events",
- VERSION);
+ audit_msg(LOG_NOTICE,
+ "Init complete, auditd %s listening for events (startup state %s)",
+ VERSION,
+ startup_states[opt_startup]);
/* Parent should be gone by now... */
if (do_fork)
@@ -603,6 +645,9 @@
/* Write message to log that we are going down */
int rc;
+ if (opt_startup == startup_enable) {
+ audit_set_enabled(fd, (int)startup_disable);
+ }
rc = audit_request_signal_info(fd);
if (rc > 0) {
struct audit_reply trep;

7
audit.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Oct 31 07:08:38 CET 2007 - tonyj@suse.de
- Incorporate 1 more Redhat fixe post 1.6.2
- Go back to 10.2 behaviour wrt to starting in disabled state.
This time using patch submitted upstream, fix for #Bug 333739
-------------------------------------------------------------------
Wed Oct 10 23:18:24 CEST 2007 - tonyj@suse.de

10
audit.spec
View File

@ -14,7 +14,7 @@ Name: audit
BuildRequires: gcc-c++
Summary: User Space Tools for 2.6 Kernel Auditing
Version: 1.6.2
Release: 1
Release: 4
License: GPL v2 or later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
@ -24,6 +24,7 @@ Source2: auditd.sysconfig
Patch0: audit-no_sca.patch
Patch1: audit-no_python.patch
Patch2: audit-1.6.2-bugs.patch
Patch3: audit-startup.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version}-%{release}
PreReq: %insserv_prereq %fillup_prereq
@ -56,7 +57,7 @@ Authors:
%package devel
Summary: Header files and static library for libaudit
License: LGPL v2 or later
License: LGPL v2.1 or later
Group: System/Monitoring
Requires: %{name}-libs = %{version}-%{release}
@ -76,6 +77,7 @@ Authors:
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
#autoreconf -iv --install
@ -194,6 +196,10 @@ fi
%dir %attr(700,root,root) /var/log/audit
%ghost %config(noreplace) /var/log/audit/audit.log
%changelog
* Wed Oct 31 2007 - tonyj@suse.de
- Incorporate 1 more Redhat fixe post 1.6.2
- Go back to 10.2 behaviour wrt to starting in disabled state.
This time using patch submitted upstream, fix for #Bug 333739
* Wed Oct 10 2007 - tonyj@suse.de
- Upgrade to 1.6.2
Plus two bugs discovered in Fedora, will be fixed in 1.6.3

4
auditd.init
View File

@ -98,6 +98,10 @@ rc_reset
case "$1" in
start)
echo -n "Starting auditd "
if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then
EXTRAOPTIONS="$EXTRAOPTIONS -s disable"
fi
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
startproc $AUDITD_BIN $EXTRAOPTIONS

4
auditd.sysconfig
View File

@ -29,3 +29,7 @@ AUDITD_CLEAN_STOP="yes"
#
## Type: yesno
## Default: yes
#
# This option disables syscall auditing by default. This can also be
# accomplished by auditctl -e.
AUDITD_DISABLE_CONTEXTS="yes"