forked from pool/audit
This commit is contained in:
parent
bc18d5818b
commit
d97b283bd7
@ -1,68 +0,0 @@
|
|||||||
From: Steve Grubb <sgrubb@redhat.com>
|
|
||||||
Subject: Patches for 1.6.2
|
|
||||||
Upsteam: yes (in 1.6.3)
|
|
||||||
|
|
||||||
Misc patches for 1.6.2 audit (from Steve Grubb)
|
|
||||||
|
|
||||||
diff -urp audit-1.6.2.orig/audisp/audispd.c audit-1.6.2/audisp/audispd.c
|
|
||||||
--- audit-1.6.2.orig/audisp/audispd.c 2007-10-17 13:56:22.000000000 -0400
|
|
||||||
+++ audit-1.6.2/audisp/audispd.c 2007-10-17 14:13:49.000000000 -0400
|
|
||||||
@@ -369,7 +369,6 @@ int main(int argc, char *argv[])
|
|
||||||
conf = plist_get_cur(&plugin_conf);
|
|
||||||
while (conf) {
|
|
||||||
free_pconfig(conf->p);
|
|
||||||
- free(conf->p);
|
|
||||||
conf = plist_next(&plugin_conf);
|
|
||||||
}
|
|
||||||
plist_clear(&plugin_conf);
|
|
||||||
diff -urp audit-1.6.2.orig/lib/lookup_table.c audit-1.6.2/lib/lookup_table.c
|
|
||||||
--- audit-1.6.2.orig/lib/lookup_table.c 2007-10-17 13:56:22.000000000 -0400
|
|
||||||
+++ audit-1.6.2/lib/lookup_table.c 2007-10-17 13:56:49.000000000 -0400
|
|
||||||
@@ -483,7 +483,7 @@ int audit_name_to_msg_type(const char *m
|
|
||||||
strncpy(buf, msg_type + 8, len);
|
|
||||||
errno = 0;
|
|
||||||
return strtol(buf, NULL, 10);
|
|
||||||
- } else if (isdigit(msg_type)) {
|
|
||||||
+ } else if (isdigit(*msg_type)) {
|
|
||||||
errno = 0;
|
|
||||||
return strtol(msg_type, NULL, 10);
|
|
||||||
}
|
|
||||||
diff -urp audit-1.6.2.orig/lib/msg_typetab.h audit-1.6.2/lib/msg_typetab.h
|
|
||||||
--- audit-1.6.2.orig/lib/msg_typetab.h 2007-10-17 13:56:22.000000000 -0400
|
|
||||||
+++ audit-1.6.2/lib/msg_typetab.h 2007-10-17 13:57:27.000000000 -0400
|
|
||||||
@@ -92,7 +92,7 @@ _S(AUDIT_KERNEL_OTHER, "KE
|
|
||||||
_S(AUDIT_FD_PAIR, "FD_PAIR" )
|
|
||||||
_S(AUDIT_OBJ_PID, "OBJ_PID" )
|
|
||||||
_S(AUDIT_TTY, "TTY" )
|
|
||||||
-//_S(AUDIT_EOE, "EOE" )
|
|
||||||
+_S(AUDIT_EOE, "EOE" )
|
|
||||||
_S(AUDIT_AVC, "AVC" )
|
|
||||||
_S(AUDIT_SELINUX_ERR, "SELINUX_ERR" )
|
|
||||||
_S(AUDIT_AVC_PATH, "AVC_PATH" )
|
|
||||||
diff -urp audit-1.6.2.orig/src/auditd.c audit-1.6.2/src/auditd.c
|
|
||||||
--- audit-1.6.2.orig/src/auditd.c 2007-10-17 13:56:22.000000000 -0400
|
|
||||||
+++ audit-1.6.2/src/auditd.c 2007-10-17 13:59:32.000000000 -0400
|
|
||||||
@@ -127,16 +127,18 @@ static void distribute_event(struct audi
|
|
||||||
|
|
||||||
/* End of Event is for realtime interface - skip local logging of it */
|
|
||||||
if (rep->reply.type != AUDIT_EOE) {
|
|
||||||
+ int yield = rep->reply.type <= AUDIT_LAST_DAEMON &&
|
|
||||||
+ rep->reply.type >= AUDIT_FIRST_DAEMON ? 1 : 0;
|
|
||||||
+
|
|
||||||
/* Write to local disk */
|
|
||||||
enqueue_event(rep);
|
|
||||||
- if (rep->reply.type <= AUDIT_LAST_DAEMON &&
|
|
||||||
- rep->reply.type >= AUDIT_FIRST_DAEMON)
|
|
||||||
+ if (yield)
|
|
||||||
pthread_yield(); /* Let other thread try to log it. */
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Last chance to send...maybe the pipe is empty now. */
|
|
||||||
- if (attempt)
|
|
||||||
- dispatch_event(&rep->reply, attempt);
|
|
||||||
+// if (attempt)
|
|
||||||
+// dispatch_event(&rep->reply, attempt);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:c8168604d14ccbd0db3f8972035fe7e4363925a4aa6b2998d973af659796de5c
|
|
||||||
size 776148
|
|
3
audit-1.6.8.tar.bz2
Normal file
3
audit-1.6.8.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:675f08a4e32a4ccc4581fefcac3918bb6d8af2e1e318b16d7bbe27c654c53b1f
|
||||||
|
size 594531
|
@ -1,92 +0,0 @@
|
|||||||
#
|
|
||||||
# spec file for package audit-libs-python (Version 1.6.2)
|
|
||||||
#
|
|
||||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
||||||
# This file and all modifications and additions to the pristine
|
|
||||||
# package are under the same license as the package itself.
|
|
||||||
#
|
|
||||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
||||||
#
|
|
||||||
|
|
||||||
# norootforbuild
|
|
||||||
|
|
||||||
|
|
||||||
Name: audit-libs-python
|
|
||||||
%define _name audit
|
|
||||||
BuildRequires: audit-devel gcc-c++ pkg-config python-devel swig
|
|
||||||
Summary: Python Bindings for libaudit
|
|
||||||
Version: 1.6.2
|
|
||||||
Release: 44
|
|
||||||
License: GPL v2 or later
|
|
||||||
Group: System/Monitoring
|
|
||||||
Url: http://people.redhat.com/sgrubb/audit/
|
|
||||||
Source0: audit-%{version}.tar.gz
|
|
||||||
Patch0: audit-no_sca.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
||||||
Requires: audit-libs = %( echo `rpm -q --queryformat '%{VERSION}-%{RELEASE}' audit-libs`)
|
|
||||||
PreReq: %insserv_prereq %fillup_prereq
|
|
||||||
|
|
||||||
%description
|
|
||||||
The audit-libs-python package contains the bindings for using libaudit
|
|
||||||
by python.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Authors:
|
|
||||||
--------
|
|
||||||
Steve Grubb <sgrubb@redhat.com>
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%setup -q -n audit-%{version}
|
|
||||||
%patch0 -p1
|
|
||||||
|
|
||||||
%build
|
|
||||||
autoreconf -fi
|
|
||||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
|
||||||
export CXXFLAGS="$CFLAGS"
|
|
||||||
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor
|
|
||||||
pushd src/mt
|
|
||||||
make libaudit.h
|
|
||||||
popd
|
|
||||||
make
|
|
||||||
|
|
||||||
%install
|
|
||||||
make DESTDIR=$RPM_BUILD_ROOT install -C swig
|
|
||||||
make DESTDIR=$RPM_BUILD_ROOT install -C bindings
|
|
||||||
ls -lR $RPM_BUILD_ROOT/
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py2.5.egg-info
|
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
%files
|
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%{_libdir}/python%{py_ver}/site-packages/_audit.so
|
|
||||||
%{_libdir}/python%{py_ver}/site-packages/auparse.so
|
|
||||||
%{_libdir}/python%{py_ver}/site-packages/audit.py*
|
|
||||||
|
|
||||||
%changelog
|
|
||||||
* Tue Mar 18 2008 schwab@suse.de
|
|
||||||
- Use autoreconf.
|
|
||||||
* Thu Oct 11 2007 tonyj@suse.de
|
|
||||||
- Upgrade to 1.6.2
|
|
||||||
* Wed Jul 25 2007 tonyj@suse.de
|
|
||||||
- Upgrade to 1.5.5
|
|
||||||
Drop audit-swig-attribute.patch (upstreamed)
|
|
||||||
* Fri Jul 13 2007 tonyj@suse.de
|
|
||||||
- Fix build errors on ppc
|
|
||||||
* Thu Jul 12 2007 tonyj@suse.de
|
|
||||||
- Upgrade to 1.5.4
|
|
||||||
* Wed May 02 2007 tonyj@suse.de
|
|
||||||
- Upgrade to 1.5.3.
|
|
||||||
* Wed Nov 29 2006 tonyj@suse.de
|
|
||||||
- Upgrade to 1.2.9 (drop several patches which are now upstream)
|
|
||||||
- /usr/sbin/audispd now packaged by audit-libs-python
|
|
||||||
* Sun Nov 05 2006 ro@suse.de
|
|
||||||
- fix requires
|
|
||||||
* Thu Aug 31 2006 tonyj@suse.de
|
|
||||||
- Upgrade to 1.2.6-1
|
|
||||||
* Wed Aug 16 2006 cthiel@suse.de
|
|
||||||
- split off package
|
|
28
audit-no_plugins.patch
Normal file
28
audit-no_plugins.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From: Tony Jones <tonyj@suse.de>
|
||||||
|
Subject: Disable automatic building of plugins
|
||||||
|
Upsteam: never
|
||||||
|
|
||||||
|
Non builtin plugins is build as part of phase2 by audit-secondary.spec.
|
||||||
|
Conf files for builtins are still installed
|
||||||
|
|
||||||
|
--- audit-1.6.8/docs/Makefile.am.orig 2008-03-21 00:13:00.085158000 +0100
|
||||||
|
+++ audit-1.6.8/docs/Makefile.am 2008-03-21 00:13:42.551650000 +0100
|
||||||
|
@@ -47,6 +47,5 @@
|
||||||
|
ausearch_add_timestamp_item.3 ausearch_add_regex.3 ausearch_clear.3 \
|
||||||
|
ausearch_next_event.3 ausearch_set_stop.3 \
|
||||||
|
autrace.8 get_auditfail_action.3 set_aumessage_mode.3 \
|
||||||
|
-audispd.8 audispd.conf.5 audispd-zos-remote.8 zos-remote.conf.5 \
|
||||||
|
-audisp-prelude.8
|
||||||
|
+audispd.8 audispd.conf.5
|
||||||
|
|
||||||
|
--- audit-1.6.8/audisp/plugins/Makefile.am.orig 2008-03-21 00:38:10.727001000 +0100
|
||||||
|
+++ audit-1.6.8/audisp/plugins/Makefile.am 2008-03-21 00:38:34.320391000 +0100
|
||||||
|
@@ -23,7 +23,7 @@
|
||||||
|
CONFIG_CLEAN_FILES = Makefile.in *.loT *.rej *.orig
|
||||||
|
|
||||||
|
#SUBDIRS = builtins zos-remote remote
|
||||||
|
-SUBDIRS = builtins zos-remote
|
||||||
|
+SUBDIRS = builtins
|
||||||
|
if HAVE_PRELUDE
|
||||||
|
SUBDIRS += prelude
|
||||||
|
endif
|
@ -6,35 +6,37 @@ Python code is disabled for audit.spec. Built manually by audit-libs-python.spe
|
|||||||
This is apparantly necessary due to the SuSE build system. Bit of a PITA but
|
This is apparantly necessary due to the SuSE build system. Bit of a PITA but
|
||||||
there you have it.
|
there you have it.
|
||||||
|
|
||||||
--- audit-1.6.1/configure.ac.orig 2007-03-01 01:54:19.977676000 +0100
|
--- audit-1.6.8/configure.ac.old 2008-02-29 22:20:13.248763000 +0100
|
||||||
+++ audit-1.6.1/configure.ac 2007-03-01 02:09:06.032928000 +0100
|
+++ audit-1.6.8/configure.ac 2008-02-29 22:23:10.703128000 +0100
|
||||||
@@ -39,7 +39,7 @@
|
@@ -39,7 +39,6 @@
|
||||||
AM_INIT_AUTOMAKE
|
AM_INIT_AUTOMAKE
|
||||||
AM_PROG_LIBTOOL
|
AM_PROG_LIBTOOL
|
||||||
AC_SUBST(LIBTOOL_DEPS)
|
AC_SUBST(LIBTOOL_DEPS)
|
||||||
-AM_PATH_PYTHON
|
-AM_PATH_PYTHON
|
||||||
+#AM_PATH_PYTHON
|
|
||||||
|
|
||||||
echo .
|
echo .
|
||||||
echo Checking for programs
|
echo Checking for programs
|
||||||
@@ -105,7 +105,8 @@
|
@@ -124,7 +124,8 @@
|
||||||
if test x$use_apparmor != xno ; then
|
fi
|
||||||
AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi
|
AM_CONDITIONAL(HAVE_PRELUDE, test x$have_prelude = xyes)
|
||||||
|
|
||||||
-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile bindings/Makefile bindings/python/Makefile)
|
-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile)
|
||||||
+#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile bindings/Makefile bindings/python/Makefile)
|
+# SuSE: remove swig/Makefile + bindings/Makefile + bindings/python/Makefile
|
||||||
+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile)
|
+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile tools/Makefile tools/aulastlog/Makefile)
|
||||||
|
|
||||||
echo .
|
echo .
|
||||||
echo "
|
echo "
|
||||||
--- audit-1.6.1/Makefile.am.orig 2007-04-05 23:31:18.152428000 +0200
|
|
||||||
+++ audit-1.6.1/Makefile.am 2007-04-05 23:37:52.670519000 +0200
|
--- audit-1.6.8/Makefile.am.old 2008-02-29 22:25:06.872840000 +0100
|
||||||
@@ -21,7 +21,7 @@
|
+++ audit-1.6.8/Makefile.am 2008-02-29 22:25:40.149532000 +0100
|
||||||
|
@@ -21,7 +21,8 @@
|
||||||
# Rickard E. (Rik) Faith <faith@redhat.com>
|
# Rickard E. (Rik) Faith <faith@redhat.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
-SUBDIRS = lib auparse src/mt src audisp swig bindings init.d docs
|
-SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d \
|
||||||
+SUBDIRS = lib auparse src/mt src audisp init.d docs
|
+# SuSE: remove swig + bindings
|
||||||
|
+SUBDIRS = lib auparse src/mt src audisp tools init.d \
|
||||||
|
docs
|
||||||
EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \
|
EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \
|
||||||
sample.rules contrib/capp.rules contrib/nispom.rules \
|
contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \
|
||||||
contrib/lspp.rules contrib/skeleton.c contrib/avc_snap \
|
|
||||||
|
@ -4,26 +4,26 @@ Upsteam: never
|
|||||||
|
|
||||||
Disable system-config-audit. A Yast equivalent would be useful though.
|
Disable system-config-audit. A Yast equivalent would be useful though.
|
||||||
|
|
||||||
--- audit-1.6.1/configure.ac.old 2007-07-25 02:13:48.399097000 +0200
|
--- audit-1.6.8/configure.ac.old 2007-07-25 02:13:48.399097000 +0200
|
||||||
+++ audit-1.6.1/configure.ac 2007-07-25 02:14:25.113347000 +0200
|
+++ audit-1.6.8/configure.ac 2007-07-25 02:14:25.113347000 +0200
|
||||||
@@ -108,7 +108,6 @@
|
@@ -108,7 +108,6 @@
|
||||||
if test x$use_apparmor != xno ; then
|
fi
|
||||||
AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi
|
AM_CONDITIONAL(HAVE_PRELUDE, test x$have_prelude = xyes)
|
||||||
|
|
||||||
-AC_CONFIG_SUBDIRS([system-config-audit])
|
-AC_CONFIG_SUBDIRS([system-config-audit])
|
||||||
AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile bindings/Makefile bindings/python/Makefile)
|
AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile)
|
||||||
|
|
||||||
echo .
|
echo .
|
||||||
|
|
||||||
--- audit-1.6.1/Makefile.am.orig 2007-09-18 02:58:06.195934000 +0200
|
--- audit-1.6.8/Makefile.am.old 2008-02-29 21:53:11.791067000 +0100
|
||||||
+++ audit-1.6.1/Makefile.am 2007-09-18 02:58:33.272829000 +0200
|
+++ audit-1.6.8/Makefile.am 2008-02-29 21:53:24.682161000 +0100
|
||||||
@@ -21,8 +21,7 @@
|
@@ -22,7 +22,7 @@
|
||||||
# Rickard E. (Rik) Faith <faith@redhat.com>
|
|
||||||
#
|
#
|
||||||
|
|
||||||
-SUBDIRS = lib auparse src/mt src audisp swig bindings init.d docs \
|
SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d \
|
||||||
- system-config-audit
|
- docs system-config-audit
|
||||||
+SUBDIRS = lib auparse src/mt src audisp swig bindings init.d docs
|
+ docs
|
||||||
EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \
|
EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \
|
||||||
sample.rules contrib/capp.rules contrib/nispom.rules \
|
contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \
|
||||||
contrib/lspp.rules contrib/skeleton.c contrib/avc_snap \
|
contrib/skeleton.c contrib/avc_snap contrib/avc_syslog \
|
||||||
|
|
||||||
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Mar 26 21:29:38 CET 2008 - tonyj@suse.de
|
||||||
|
|
||||||
|
- Update to version 1.6.8.
|
||||||
|
- Rename to audit-secondary and build audisp-plugins from here
|
||||||
|
to minimise bootstrap dependancies.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 18 14:43:11 CET 2008 - schwab@suse.de
|
Tue Mar 18 14:43:11 CET 2008 - schwab@suse.de
|
||||||
|
|
157
audit-secondary.spec
Normal file
157
audit-secondary.spec
Normal file
@ -0,0 +1,157 @@
|
|||||||
|
#
|
||||||
|
# spec file for package audit-secondary (Version 1.6.8)
|
||||||
|
#
|
||||||
|
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
|
# This file and all modifications and additions to the pristine
|
||||||
|
# package are under the same license as the package itself.
|
||||||
|
#
|
||||||
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
# norootforbuild
|
||||||
|
|
||||||
|
|
||||||
|
Name: audit-secondary
|
||||||
|
%define _name audit
|
||||||
|
BuildRequires: audit-devel gcc-c++ openldap2-devel pkg-config python-devel swig
|
||||||
|
Summary: Python Bindings for libaudit
|
||||||
|
License: GPL v2 or later
|
||||||
|
Group: System/Monitoring
|
||||||
|
Version: 1.6.8
|
||||||
|
Release: 1
|
||||||
|
Url: http://people.redhat.com/sgrubb/audit/
|
||||||
|
Source0: audit-%{version}.tar.bz2
|
||||||
|
Patch0: audit-no_sca.patch
|
||||||
|
Requires: audit = %{version}-%{release}
|
||||||
|
Requires: audit-libs = %{version}-%{release}
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
PreReq: %insserv_prereq %fillup_prereq
|
||||||
|
|
||||||
|
%description
|
||||||
|
The audit-libs-python package contains the bindings for using libaudit
|
||||||
|
by python.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Authors:
|
||||||
|
--------
|
||||||
|
Steve Grubb <sgrubb@redhat.com>
|
||||||
|
|
||||||
|
%package -n audit-libs-python
|
||||||
|
Summary: Python Bindings for libaudit
|
||||||
|
License: GPL v2 or later
|
||||||
|
Group: System/Monitoring
|
||||||
|
Requires: python = %{py_ver}
|
||||||
|
|
||||||
|
%description -n audit-libs-python
|
||||||
|
The audit-libs-python package contains the bindings for using libaudit
|
||||||
|
by python.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Authors:
|
||||||
|
--------
|
||||||
|
Steve Grubb <sgrubb@redhat.com>
|
||||||
|
|
||||||
|
%package -n audit-audispd-plugins
|
||||||
|
Summary: Default plugins for the audit dispatcher
|
||||||
|
License: GPL v2 or later
|
||||||
|
Group: System/Monitoring
|
||||||
|
Requires: openldap2
|
||||||
|
|
||||||
|
%description -n audit-audispd-plugins
|
||||||
|
The audit-audispd-plugins package contains plugin components for the
|
||||||
|
audit dispatcher (audispd).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Authors:
|
||||||
|
--------
|
||||||
|
Steve Grubb <sgrubb@redhat.com>
|
||||||
|
|
||||||
|
%prep
|
||||||
|
# remove selinux policy
|
||||||
|
rm -rf audisp/plugins/zos-remote/policy
|
||||||
|
# we don't build prelude
|
||||||
|
rm -rf audisp/plugins/prelude
|
||||||
|
%setup -q -n audit-%{version}
|
||||||
|
%patch0 -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
autoreconf -fi
|
||||||
|
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||||
|
export CXXFLAGS="$CFLAGS"
|
||||||
|
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor
|
||||||
|
pushd src/mt
|
||||||
|
make libaudit.h
|
||||||
|
popd
|
||||||
|
make
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/usr/sbin
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/_tmp
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
|
||||||
|
make DESTDIR=$RPM_BUILD_ROOT install -C swig
|
||||||
|
make DESTDIR=$RPM_BUILD_ROOT install -C bindings
|
||||||
|
make DESTDIR=$RPM_BUILD_ROOT install -C audisp/plugins
|
||||||
|
make DESTDIR=$RPM_BUILD_ROOT/_tmp install -C docs
|
||||||
|
# Clean up some unneeded library files
|
||||||
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a
|
||||||
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la
|
||||||
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py%{py_ver}.egg-info
|
||||||
|
# Cleanup plugins
|
||||||
|
# audispd-zos-remote uses ldap which is in /usr/lib so move to /usr/sbin
|
||||||
|
mv $RPM_BUILD_ROOT/sbin/audispd-zos-remote $RPM_BUILD_ROOT/usr/sbin/audispd-zos-remote
|
||||||
|
# af_unix/syslog (builtin) is packaged by main spec file
|
||||||
|
rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/{af_unix,syslog}.conf
|
||||||
|
# Just need selecteed man pages
|
||||||
|
mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man8/audispd-zos-remote.8 $RPM_BUILD_ROOT/%{_mandir}/man8
|
||||||
|
mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man5/zos-remote.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5
|
||||||
|
rm -rf $RPM_BUILD_ROOT/_tmp
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%files -n audit-libs-python
|
||||||
|
%defattr(-,root,root,-)
|
||||||
|
%{_libdir}/python%{py_ver}/site-packages/_audit.so
|
||||||
|
%{_libdir}/python%{py_ver}/site-packages/auparse.so
|
||||||
|
%{_libdir}/python%{py_ver}/site-packages/audit.py*
|
||||||
|
|
||||||
|
%files -n audit-audispd-plugins
|
||||||
|
%defattr(-,root,root,-)
|
||||||
|
%dir /etc/audisp
|
||||||
|
%dir /etc/audisp/plugins.d
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
|
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
|
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
|
||||||
|
%attr(750,root,root) /usr/sbin/audispd-zos-remote
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Wed Mar 26 2008 tonyj@suse.de
|
||||||
|
- Update to version 1.6.8.
|
||||||
|
- Rename to audit-secondary and build audisp-plugins from here
|
||||||
|
to minimise bootstrap dependancies.
|
||||||
|
* Tue Mar 18 2008 schwab@suse.de
|
||||||
|
- Use autoreconf.
|
||||||
|
* Thu Oct 11 2007 tonyj@suse.de
|
||||||
|
- Upgrade to 1.6.2
|
||||||
|
* Wed Jul 25 2007 tonyj@suse.de
|
||||||
|
- Upgrade to 1.5.5
|
||||||
|
Drop audit-swig-attribute.patch (upstreamed)
|
||||||
|
* Fri Jul 13 2007 tonyj@suse.de
|
||||||
|
- Fix build errors on ppc
|
||||||
|
* Thu Jul 12 2007 tonyj@suse.de
|
||||||
|
- Upgrade to 1.5.4
|
||||||
|
* Wed May 02 2007 tonyj@suse.de
|
||||||
|
- Upgrade to 1.5.3.
|
||||||
|
* Wed Nov 29 2006 tonyj@suse.de
|
||||||
|
- Upgrade to 1.2.9 (drop several patches which are now upstream)
|
||||||
|
- /usr/sbin/audispd now packaged by audit-libs-python
|
||||||
|
* Sun Nov 05 2006 ro@suse.de
|
||||||
|
- fix requires
|
||||||
|
* Thu Aug 31 2006 tonyj@suse.de
|
||||||
|
- Upgrade to 1.2.6-1
|
||||||
|
* Wed Aug 16 2006 cthiel@suse.de
|
||||||
|
- split off package
|
@ -1,167 +0,0 @@
|
|||||||
--- audit-1.6.2.orig/docs/auditd.8
|
|
||||||
+++ audit-1.6.2/docs/auditd.8
|
|
||||||
@@ -3,7 +3,7 @@
|
|
||||||
auditd \- The Linux Audit daemon
|
|
||||||
.SH SYNOPSIS
|
|
||||||
.B auditd
|
|
||||||
-.RB [ \-f ]\ [ \-l ]\ [ \-n ]
|
|
||||||
+.RB [ \-f ]\ [ \-l ]\ [ \-n ]\ [ \-s\ disable|enable|nochange ]
|
|
||||||
.SH DESCRIPTION
|
|
||||||
\fBauditd\fP is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
|
|
||||||
.B ausearch
|
|
||||||
@@ -24,6 +24,9 @@
|
|
||||||
.TP
|
|
||||||
.B \-n
|
|
||||||
no fork. This is useful for running off of inittab
|
|
||||||
+.TP
|
|
||||||
+.B \-s=\fIENABLE_STATE\fR
|
|
||||||
+specify when starting if auditd should change the current value for the kernel enabled flag. Valid values for ENABLE_STATE are "disable", "enable" or "nochange". The default is to enable (and disable when auditd terminates). The value of the enabled flag may be changed during the lifetime of auditd using 'auditctl -e'.
|
|
||||||
.SH SIGNALS
|
|
||||||
.TP
|
|
||||||
SIGHUP
|
|
||||||
--- audit-1.6.2.orig/src/auditd.c
|
|
||||||
+++ audit-1.6.2/src/auditd.c
|
|
||||||
@@ -36,6 +36,7 @@
|
|
||||||
#include <sys/wait.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
+#include <getopt.h>
|
|
||||||
|
|
||||||
#include "libaudit.h"
|
|
||||||
#include "auditd-config.h"
|
|
||||||
@@ -65,13 +66,19 @@
|
|
||||||
static void clean_exit(void);
|
|
||||||
static int get_reply(int fd, struct audit_reply *rep, int seq);
|
|
||||||
|
|
||||||
+enum startup_state {startup_disable=0, startup_enable, startup_nochange, startup_INVALID};
|
|
||||||
+static const char *startup_states[] = {"disable", "enable", "nochange"};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Output a usage message
|
|
||||||
*/
|
|
||||||
static void usage(void)
|
|
||||||
{
|
|
||||||
- puts("Usage: auditd [ -f -l -n ]");
|
|
||||||
+ fprintf(stderr, "Usage: auditd [-f] [-l] [-n] [-s %s|%s|%s]\n",
|
|
||||||
+ startup_states[startup_disable],
|
|
||||||
+ startup_states[startup_enable],
|
|
||||||
+ startup_states[startup_nochange]);
|
|
||||||
+
|
|
||||||
exit(2);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -308,26 +315,56 @@
|
|
||||||
struct rlimit limit;
|
|
||||||
int hup_info_requested = 0, usr1_info_requested = 0;
|
|
||||||
int i;
|
|
||||||
+ int opt_foreground = 0, opt_allow_links = 0;
|
|
||||||
+ enum startup_state opt_startup = startup_enable;
|
|
||||||
+ int c;
|
|
||||||
+ extern char *optarg;
|
|
||||||
+ extern int optind;
|
|
||||||
|
|
||||||
/* Get params && set mode */
|
|
||||||
- config.daemonize = D_BACKGROUND;
|
|
||||||
- if (argc > 1) {
|
|
||||||
- for (i=1; i<argc; i++) {
|
|
||||||
- if (strcmp(argv[i], "-f") == 0)
|
|
||||||
- config.daemonize = D_FOREGROUND;
|
|
||||||
- else if (strcmp(argv[i], "-l") == 0)
|
|
||||||
- set_allow_links(1);
|
|
||||||
- else if (strcmp(argv[i], "-n") == 0)
|
|
||||||
- do_fork = 0;
|
|
||||||
- else
|
|
||||||
+ while ((c = getopt(argc, argv, "flns:")) != -1) {
|
|
||||||
+ switch (c) {
|
|
||||||
+ case 'f':
|
|
||||||
+ opt_foreground = 1;
|
|
||||||
+ break;
|
|
||||||
+ case 'l':
|
|
||||||
+ opt_allow_links=1;
|
|
||||||
+ break;
|
|
||||||
+ case 'n':
|
|
||||||
+ do_fork = 0;
|
|
||||||
+ break;
|
|
||||||
+ case 's':
|
|
||||||
+ for (i=0; i<startup_INVALID; i++) {
|
|
||||||
+ if (strncmp(optarg, startup_states[i],
|
|
||||||
+ strlen(optarg)) == 0) {
|
|
||||||
+ opt_startup = i;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (i == startup_INVALID) {
|
|
||||||
+ fprintf(stderr, "unknown startup mode '%s'\n",
|
|
||||||
+ optarg);
|
|
||||||
usage();
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
+ usage();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- // Make paramemters take effect
|
|
||||||
- if (config.daemonize == D_FOREGROUND)
|
|
||||||
+ /* check for trailing command line following options */
|
|
||||||
+ if (optind < argc) {
|
|
||||||
+ usage();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (opt_allow_links)
|
|
||||||
+ set_allow_links(1);
|
|
||||||
+
|
|
||||||
+ if (opt_foreground) {
|
|
||||||
+ config.daemonize = D_FOREGROUND;
|
|
||||||
set_aumessage_mode(MSG_STDERR, DBG_YES);
|
|
||||||
- else {
|
|
||||||
+ } else {
|
|
||||||
+ config.daemonize = D_BACKGROUND;
|
|
||||||
set_aumessage_mode(MSG_SYSLOG, DBG_NO);
|
|
||||||
(void) umask( umask( 077 ) | 022 );
|
|
||||||
}
|
|
||||||
@@ -472,8 +509,9 @@
|
|
||||||
/* Now tell parent that everything went OK */
|
|
||||||
tell_parent(SUCCESS);
|
|
||||||
|
|
||||||
- /* Enable auditing just in case it was off */
|
|
||||||
- if (audit_set_enabled(fd, 1) < 0) {
|
|
||||||
+ /* Depending on value of opt_startup (-s) set initial audit state */
|
|
||||||
+ if (opt_startup != startup_nochange &&
|
|
||||||
+ audit_set_enabled(fd, (int)opt_startup) < 0) {
|
|
||||||
char emsg[DEFAULT_BUF_SZ];
|
|
||||||
snprintf(emsg, sizeof(emsg),
|
|
||||||
"auditd error halt, auid=%u pid=%d res=failed",
|
|
||||||
@@ -481,15 +519,19 @@
|
|
||||||
stop = 1;
|
|
||||||
//FIXME add subj
|
|
||||||
send_audit_event(AUDIT_DAEMON_ABORT, emsg);
|
|
||||||
- audit_msg(LOG_ERR, "Unable to enable auditing, exiting");
|
|
||||||
+ audit_msg(LOG_ERR,
|
|
||||||
+ "Unable to set intitial audit startup state to '%s', exiting",
|
|
||||||
+ startup_states[opt_startup]);
|
|
||||||
close_down();
|
|
||||||
if (pidfile)
|
|
||||||
unlink(pidfile);
|
|
||||||
shutdown_dispatcher();
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
- audit_msg(LOG_NOTICE, "Init complete, auditd %s listening for events",
|
|
||||||
- VERSION);
|
|
||||||
+ audit_msg(LOG_NOTICE,
|
|
||||||
+ "Init complete, auditd %s listening for events (startup state %s)",
|
|
||||||
+ VERSION,
|
|
||||||
+ startup_states[opt_startup]);
|
|
||||||
|
|
||||||
/* Parent should be gone by now... */
|
|
||||||
if (do_fork)
|
|
||||||
@@ -603,6 +645,9 @@
|
|
||||||
/* Write message to log that we are going down */
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
+ if (opt_startup == startup_enable) {
|
|
||||||
+ audit_set_enabled(fd, (int)startup_disable);
|
|
||||||
+ }
|
|
||||||
rc = audit_request_signal_info(fd);
|
|
||||||
if (rc > 0) {
|
|
||||||
struct audit_reply trep;
|
|
@ -1,3 +1,57 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Mar 26 21:29:38 CET 2008 - tonyj@suse.de
|
||||||
|
|
||||||
|
- Update from 1.6.2 to 1.6.8.
|
||||||
|
- Move audisp-plugins to new secondary spec (along with existing
|
||||||
|
python libs).
|
||||||
|
- Redhat changelog follows:
|
||||||
|
|
||||||
|
* Thu Feb 14 2008 Steve Grubb <sgrubb@redhat.com> 1.6.8-1
|
||||||
|
- Update for gcc 4.3
|
||||||
|
- Cleanup descriptors in audispd before running plugin
|
||||||
|
- Fix 'recent' keyword for aureport/search
|
||||||
|
- Fix SE Linux policy for zos_remote plugin
|
||||||
|
- Add event type for group password authentication attempts
|
||||||
|
- Couple of updates to the translation tables
|
||||||
|
- Add detection of failed group authentication to audisp-prelude
|
||||||
|
|
||||||
|
* Thu Jan 31 2008 Steve Grubb <sgrubb@redhat.com> 1.6.7-1
|
||||||
|
- In ausearch/report, prefer -if to stdin
|
||||||
|
- In ausearch/report, add new command line option --input-logs (#428860)
|
||||||
|
- Updated audisp-prelude based on feedback from prelude-devel
|
||||||
|
- Added prelude alert for promiscuous socket being opened
|
||||||
|
- Added prelude alert for SE Linux policy enforcement changes
|
||||||
|
- Added prelude alerts for Forbidden Login Locations and Time
|
||||||
|
- Applied patch to auparse fixing error handling of searching by
|
||||||
|
interpreted value (Miloslav Trmac)
|
||||||
|
|
||||||
|
* Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1
|
||||||
|
- Add prelude IDS plugin for IDMEF alerts
|
||||||
|
- Add --user option to aulastlog command
|
||||||
|
- Use desktop-file-install for system-config-audit
|
||||||
|
|
||||||
|
* Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1
|
||||||
|
- Add more errno strings for exit codes in auditctl
|
||||||
|
- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
|
||||||
|
- Check for audit log being writable by owner in auditd
|
||||||
|
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
|
||||||
|
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
|
||||||
|
- Added aulastlog utility
|
||||||
|
|
||||||
|
* Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1
|
||||||
|
- fchmod of log file was on wrong variable (#426934)
|
||||||
|
- Allow use of errno strings for exit codes in audit rules
|
||||||
|
|
||||||
|
* Thu Dec 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6.3-1
|
||||||
|
- Add kernel release string to DEAMON_START events
|
||||||
|
- Fix keep_logs when num_logs option disabled (#325561)
|
||||||
|
- Fix auparse to handle node fields for syscall records
|
||||||
|
- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
|
||||||
|
- Add keyword week-ago to aureport & ausearch start/end times
|
||||||
|
- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
|
||||||
|
- Add RACF zos remote audispd plugin (Klaus Kiwi)
|
||||||
|
- Add event queue overflow action to audispd
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 18 14:43:11 CET 2008 - schwab@suse.de
|
Tue Mar 18 14:43:11 CET 2008 - schwab@suse.de
|
||||||
|
|
||||||
|
88
audit.spec
88
audit.spec
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package audit (Version 1.6.2)
|
# spec file for package audit (Version 1.6.8)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
# This file and all modifications and additions to the pristine
|
# This file and all modifications and additions to the pristine
|
||||||
@ -14,18 +14,17 @@
|
|||||||
Name: audit
|
Name: audit
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
Summary: User Space Tools for 2.6 Kernel Auditing
|
Summary: User Space Tools for 2.6 Kernel Auditing
|
||||||
Version: 1.6.2
|
Version: 1.6.8
|
||||||
Release: 27
|
Release: 4
|
||||||
License: GPL v2 or later
|
License: GPL v2 or later
|
||||||
Group: System/Monitoring
|
Group: System/Monitoring
|
||||||
Url: http://people.redhat.com/sgrubb/audit/
|
Url: http://people.redhat.com/sgrubb/audit/
|
||||||
Source0: %{name}-%{version}.tar.gz
|
Source0: %{name}-%{version}.tar.bz2
|
||||||
Source1: auditd.init
|
Source1: auditd.init
|
||||||
Source2: auditd.sysconfig
|
Source2: auditd.sysconfig
|
||||||
Patch0: audit-no_sca.patch
|
Patch0: audit-no_sca.patch
|
||||||
Patch1: audit-no_python.patch
|
Patch1: audit-no_python.patch
|
||||||
Patch2: audit-1.6.2-bugs.patch
|
Patch2: audit-no_plugins.patch
|
||||||
Patch3: audit-startup.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
Requires: %{name}-libs = %{version}-%{release}
|
Requires: %{name}-libs = %{version}-%{release}
|
||||||
PreReq: %insserv_prereq %fillup_prereq
|
PreReq: %insserv_prereq %fillup_prereq
|
||||||
@ -59,7 +58,7 @@ Authors:
|
|||||||
%package devel
|
%package devel
|
||||||
Summary: Header files and static library for libaudit
|
Summary: Header files and static library for libaudit
|
||||||
License: LGPL v2.1 or later
|
License: LGPL v2.1 or later
|
||||||
Group: System/Monitoring
|
Group: Development/Libraries/C and C++
|
||||||
Requires: %{name}-libs = %{version}-%{release}
|
Requires: %{name}-libs = %{version}-%{release}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
@ -78,14 +77,12 @@ Authors:
|
|||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -fi
|
autoreconf -fi
|
||||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||||
export CXXFLAGS="$CFLAGS"
|
export CXXFLAGS="$CFLAGS"
|
||||||
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor
|
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor
|
||||||
#./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_libexecdir}
|
|
||||||
pushd src/mt
|
pushd src/mt
|
||||||
make libaudit.h
|
make libaudit.h
|
||||||
popd
|
popd
|
||||||
@ -94,7 +91,7 @@ make
|
|||||||
%install
|
%install
|
||||||
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
|
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/sbin
|
mkdir -p $RPM_BUILD_ROOT/usr/sbin
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8
|
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
|
mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
|
||||||
make DESTDIR=$RPM_BUILD_ROOT install
|
make DESTDIR=$RPM_BUILD_ROOT install
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_includedir}
|
mkdir -p $RPM_BUILD_ROOT/%{_includedir}
|
||||||
@ -117,15 +114,11 @@ install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/auditd
|
|||||||
ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/sbin/rcauditd
|
ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/sbin/rcauditd
|
||||||
mkdir -p $RPM_BUILD_ROOT/var/log/audit/
|
mkdir -p $RPM_BUILD_ROOT/var/log/audit/
|
||||||
touch $RPM_BUILD_ROOT/var/log/audit/audit.log
|
touch $RPM_BUILD_ROOT/var/log/audit/audit.log
|
||||||
# for %ghost below, so that old location files will still be there when
|
# For %ghost below, so that old location files will still be there when
|
||||||
# %post copy runs
|
# %post copy runs
|
||||||
touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
|
touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
|
||||||
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
||||||
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
||||||
# Remove the plugin stuff for now
|
|
||||||
rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/au-ids.conf
|
|
||||||
rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/remote.conf
|
|
||||||
rm -f $RPM_BUILD_ROOT/sbin/audisp-ids
|
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
@ -161,32 +154,40 @@ fi
|
|||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
|
%doc contrib/skeleton.c contrib/plugin
|
||||||
%{_libdir}/libaudit.*
|
%{_libdir}/libaudit.*
|
||||||
%{_libdir}/libauparse.*
|
%{_libdir}/libauparse.*
|
||||||
%{_includedir}/libaudit.h
|
%{_includedir}/libaudit.h
|
||||||
%{_includedir}/auparse.h
|
%{_includedir}/auparse.h
|
||||||
%{_includedir}/auparse-defs.h
|
%{_includedir}/auparse-defs.h
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
%doc contrib/skeleton.c contrib/plugin
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron
|
%doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron
|
||||||
%{_mandir}/man8/*
|
%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
|
||||||
%{_mandir}/man5/*
|
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
|
||||||
%attr(750,root,root) /sbin/auditctl
|
%attr(750,root,root) /sbin/auditctl
|
||||||
%attr(750,root,root) /sbin/auditd
|
%attr(750,root,root) /sbin/auditd
|
||||||
%attr(755,root,root) /sbin/ausearch
|
%attr(755,root,root) /sbin/ausearch
|
||||||
%attr(750,root,root) /sbin/rcauditd
|
%attr(750,root,root) /sbin/rcauditd
|
||||||
%attr(750,root,root) /sbin/autrace
|
%attr(750,root,root) /sbin/autrace
|
||||||
%attr(750,root,root) /sbin/audispd
|
%attr(750,root,root) /sbin/audispd
|
||||||
|
%attr(750,root,root) /sbin/aulastlog
|
||||||
%attr(755,root,root) /sbin/aureport
|
%attr(755,root,root) /sbin/aureport
|
||||||
/etc/init.d/auditd
|
/etc/init.d/auditd
|
||||||
%dir %attr(750,root,root) /etc/audit
|
%dir %attr(750,root,root) /etc/audit
|
||||||
%attr(750,root,root) %dir /etc/audisp
|
%attr(750,root,root) %dir /etc/audisp
|
||||||
%attr(750,root,root) %dir /etc/audisp/plugins.d
|
%attr(750,root,root) %dir /etc/audisp/plugins.d
|
||||||
%attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
|
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
|
||||||
%attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
|
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
|
||||||
%ghost /etc/auditd.conf
|
%ghost /etc/auditd.conf
|
||||||
%ghost /etc/audit.rules
|
%ghost /etc/audit.rules
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
|
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
|
||||||
@ -197,6 +198,51 @@ fi
|
|||||||
%ghost %config(noreplace) /var/log/audit/audit.log
|
%ghost %config(noreplace) /var/log/audit/audit.log
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 26 2008 tonyj@suse.de
|
||||||
|
- Update from 1.6.2 to 1.6.8.
|
||||||
|
- Move audisp-plugins to new secondary spec (along with existing
|
||||||
|
python libs).
|
||||||
|
- Redhat changelog follows:
|
||||||
|
* Thu Feb 14 2008 Steve Grubb <sgrubb@redhat.com> 1.6.8-1
|
||||||
|
- Update for gcc 4.3
|
||||||
|
- Cleanup descriptors in audispd before running plugin
|
||||||
|
- Fix 'recent' keyword for aureport/search
|
||||||
|
- Fix SE Linux policy for zos_remote plugin
|
||||||
|
- Add event type for group password authentication attempts
|
||||||
|
- Couple of updates to the translation tables
|
||||||
|
- Add detection of failed group authentication to audisp-prelude
|
||||||
|
* Thu Jan 31 2008 Steve Grubb <sgrubb@redhat.com> 1.6.7-1
|
||||||
|
- In ausearch/report, prefer -if to stdin
|
||||||
|
- In ausearch/report, add new command line option --input-logs (#428860)
|
||||||
|
- Updated audisp-prelude based on feedback from prelude-devel
|
||||||
|
- Added prelude alert for promiscuous socket being opened
|
||||||
|
- Added prelude alert for SE Linux policy enforcement changes
|
||||||
|
- Added prelude alerts for Forbidden Login Locations and Time
|
||||||
|
- Applied patch to auparse fixing error handling of searching by
|
||||||
|
interpreted value (Miloslav Trmac)
|
||||||
|
* Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1
|
||||||
|
- Add prelude IDS plugin for IDMEF alerts
|
||||||
|
- Add --user option to aulastlog command
|
||||||
|
- Use desktop-file-install for system-config-audit
|
||||||
|
* Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1
|
||||||
|
- Add more errno strings for exit codes in auditctl
|
||||||
|
- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
|
||||||
|
- Check for audit log being writable by owner in auditd
|
||||||
|
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
|
||||||
|
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
|
||||||
|
- Added aulastlog utility
|
||||||
|
* Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1
|
||||||
|
- fchmod of log file was on wrong variable (#426934)
|
||||||
|
- Allow use of errno strings for exit codes in audit rules
|
||||||
|
* Thu Dec 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6.3-1
|
||||||
|
- Add kernel release string to DEAMON_START events
|
||||||
|
- Fix keep_logs when num_logs option disabled (#325561)
|
||||||
|
- Fix auparse to handle node fields for syscall records
|
||||||
|
- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
|
||||||
|
- Add keyword week-ago to aureport & ausearch start/end times
|
||||||
|
- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
|
||||||
|
- Add RACF zos remote audispd plugin (Klaus Kiwi)
|
||||||
|
- Add event queue overflow action to audispd
|
||||||
* Tue Mar 18 2008 schwab@suse.de
|
* Tue Mar 18 2008 schwab@suse.de
|
||||||
- Use autoreconf.
|
- Use autoreconf.
|
||||||
* Wed Oct 31 2007 tonyj@suse.de
|
* Wed Oct 31 2007 tonyj@suse.de
|
||||||
|
Loading…
Reference in New Issue
Block a user