# # spec file for package audit (Version 1.6.2) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: audit BuildRequires: gcc-c++ Summary: User Space Tools for 2.6 Kernel Auditing Version: 1.6.2 Release: 1 License: GPL v2 or later Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: %{name}-%{version}.tar.gz Source1: auditd.init Source2: auditd.sysconfig Patch0: audit-no_sca.patch Patch1: audit-no_python.patch Patch2: audit-1.6.2-bugs.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-libs = %{version}-%{release} PreReq: %insserv_prereq %fillup_prereq %description The audit package contains the user space utilities for storing and processing the audit records generated by the audit subsystem in the Linux 2.6 kernel. Authors: -------- Steve Grubb %package libs Summary: Dynamic library for libaudit License: GPL v2 or later Group: System/Monitoring %description libs The audit-libs package contains the dynamic libraries needed for applications to use the audit framework. Authors: -------- Steve Grubb %package devel Summary: Header files and static library for libaudit License: LGPL v2 or later Group: System/Monitoring Requires: %{name}-libs = %{version}-%{release} %description devel The audit-devel package contains the static libraries and header files needed for developing applications that need to use the audit framework libraries. Authors: -------- Steve Grubb %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %build #autoreconf -iv --install aclocal && autoconf && autoheader && automake export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" ./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor #./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_libexecdir} pushd src/mt make libaudit.h popd make %install mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}} mkdir -p $RPM_BUILD_ROOT/usr/sbin mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 mkdir -p $RPM_BUILD_ROOT/%{_lib}/security make DESTDIR=$RPM_BUILD_ROOT install mkdir -p $RPM_BUILD_ROOT/%{_includedir} mkdir -p $RPM_BUILD_ROOT/%{_libdir} # We manually install this since Makefile doesn't install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir} # This winds up in the wrong place when libtool is involved rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir} rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd # delete redhat script, use ours rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/auditd ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/sbin/rcauditd mkdir -p $RPM_BUILD_ROOT/var/log/audit/ touch $RPM_BUILD_ROOT/var/log/audit/audit.log # for %ghost below, so that old location files will still be there when # %post copy runs touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules} # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf # Remove the plugin stuff for now rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/au-ids.conf rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/remote.conf rm -f $RPM_BUILD_ROOT/sbin/audisp-ids %clean rm -rf $RPM_BUILD_ROOT %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig %post %{fillup_and_insserv -yn auditd auditd} # Save existing audit files if any (from old location) if [ -f /etc/auditd.conf ]; then mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new mv /etc/auditd.conf /etc/audit/auditd.conf fi if [ -f /etc/audit.rules ]; then mv /etc/audit/audit.rules /etc/audit/audit.rules.new mv /etc/audit.rules /etc/audit/audit.rules fi %preun %stop_on_removal auditd %postun %restart_on_update auditd %{insserv_cleanup} %files libs %defattr(-,root,root) /%{_lib}/libaudit.* /%{_lib}/libauparse.* %config(noreplace) %attr(640,root,root) /etc/libaudit.conf %files devel %defattr(-,root,root) %{_libdir}/libaudit.* %{_libdir}/libauparse.* %{_includedir}/libaudit.h %{_includedir}/auparse.h %{_includedir}/auparse-defs.h %{_mandir}/man3/* %doc contrib/skeleton.c contrib/plugin %files %defattr(-,root,root,-) %doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron %{_mandir}/man8/* %{_mandir}/man5/* %attr(750,root,root) /sbin/auditctl %attr(750,root,root) /sbin/auditd %attr(755,root,root) /sbin/ausearch %attr(750,root,root) /sbin/rcauditd %attr(750,root,root) /sbin/autrace %attr(750,root,root) /sbin/audispd %attr(755,root,root) /sbin/aureport /etc/init.d/auditd %dir %attr(750,root,root) /etc/audit %attr(750,root,root) %dir /etc/audisp %attr(750,root,root) %dir /etc/audisp/plugins.d %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf %ghost /etc/auditd.conf %ghost /etc/audit.rules %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf /var/adm/fillup-templates/sysconfig.auditd %dir %attr(700,root,root) /var/log/audit %ghost %config(noreplace) /var/log/audit/audit.log %changelog * Wed Oct 10 2007 - tonyj@suse.de - Upgrade to 1.6.2 Plus two bugs discovered in Fedora, will be fixed in 1.6.3 * Wed Jul 25 2007 - tonyj@suse.de - Upgrade to 1.5.5 Correct bug in audit_make_equivalent function (Al Viro) Local: add AppArmor audit ID (upstream in 1.5.6) don't build RedHat system-config-audit * Thu Jul 12 2007 - tonyj@suse.de - Upgrade to 1.5.4 Add feed interface to auparse library (John Dennis) Apply patch to libauparse for unresolved symbols (#241178) Apply patch to add line numbers for file events in libauparse (John Dennis) Change seresults to seresult in libauparse (John Dennis) Add unit32_t definition to swig (#244210) Add support for directory auditing Update acct field to be escaped - Fix for #280487 "%%ghost /var/log/audit/audit.log will remove the logfile" * Mon May 07 2007 - rguenther@suse.de - Drop pkg-config BuildRequires introduced by last change. * Wed May 02 2007 - tonyj@suse.de - Upgrade to 1.5.3. Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig * Wed Nov 29 2006 - tonyj@suse.de - Upgrade to 1.2.9 (drop several patches which are now upstream) - Move to using /etc/audit directory for config files * Thu Aug 31 2006 - tonyj@suse.de - Upgrade to 1.2.6-1 * Sat Aug 26 2006 - olh@suse.de - do not define __KERNEL__ in userland apps - remove unused sys/syscall.h include * Wed Aug 16 2006 - cthiel@suse.de - split audit into audit and audit-libs-python * Fri May 05 2006 - sbeattie@suse.de - disable syscall audit context creation by default #172154 * Mon Mar 20 2006 - meissner@suse.de - Do not print a misleading errormessage when audit is not compiled into the kernel. #152733 * Mon Mar 06 2006 - meissner@suse.de - On kernels without auditing, which report ECONNREFUSED, do not output stuff to stderr on startup. #152733 * Sat Feb 25 2006 - kukuk@suse.de - Fix moving of devel libraries, don't install .la file * Wed Feb 22 2006 - meissner@suse.de - moved libaudit.so symlink to /usr/lib and to -devel package, as requested by Thorsten. * Fri Feb 17 2006 - meissner@suse.de - check sendto() return against -1 (error with errno set). * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Wed Jan 25 2006 - ro@suse.de - fix fillup call since filename != packagename * Tue Jan 24 2006 - ro@suse.de - do not skip fillup in postinstall * Mon Jan 23 2006 - dreynolds@suse.de - Modified inssrv macro args to enable on boot * Wed Jan 18 2006 - tonyj@suse.de - Add support for AppArmor (submitted upstream for 1.1.4) * Fri Jan 13 2006 - meissner@suse.de - Updated to 1.1.3. - Moved audispd to /usr/sbin since it uses /usr/lib/libstdc++ - Updated sysconfig snippet. * Tue Nov 08 2005 - meissner@suse.de - upgraded to 1.0.12. * Fri Nov 04 2005 - kukuk@suse.de - Update to 1.0.9. * Wed Oct 12 2005 - meissner@suse.de - upgraded to 1.0.6. ptrdift patch now solved upstream. * Wed Oct 05 2005 - meissner@suse.de - Upgraded to 1.0.5 * Wed Oct 05 2005 - dmueller@suse.de - add norootforbuild * Mon Sep 26 2005 - meissner@suse.de - Upgraded to 1.0.4. - Make rate & backlog 32 bit unsigned int in auditctl - In auditctl, if -F arch is given with -t option, don't require list - Update auditd man page - Add size check to audit_send - Update message for audit_open failure when kernel doesn't support audit * Tue Aug 23 2005 - meissner@suse.de - Upgraded to 1.0.3 bugfix release: - adjust file perms of newly created log file in auditd - fix 2 memory leaks and an out of bounds access in auditd - fix case where auditd was closing netlink descriptor too early - fix watch rules not to take field arguments in auditctl - fix bug where inode, devmajor, devminor, exit, and success fields in auditctl rules were not getting the correct value stored * Wed Aug 17 2005 - meissner@suse.de - Added /var/log/audit directory and ghost audit.log #105131 * Wed Aug 10 2005 - meissner@suse.de - Upgraded to 1.0.2 * Thu Aug 04 2005 - meissner@suse.de - Upgraded to 1.0.1. * Mon Jul 11 2005 - meissner@suse.de - Update to version 0.9.16. * Tue Jun 21 2005 - meissner@suse.de - Update to version 0.9.10. * Fri Jun 17 2005 - meissner@suse.de - Update to version 0.9.7. * Thu Jun 16 2005 - kukuk@suse.de - Update to version 0.9.5 * Tue Jun 14 2005 - ro@suse.de - make it build with current includes * Tue May 31 2005 - meissner@suse.de - Upgraded to 0.9. * Fri May 13 2005 - meissner@suse.de - upgraded to 0.6.8 * Tue Apr 19 2005 - meissner@suse.de - Upgraded to 0.6.11. * Fri Apr 15 2005 - pth@suse.de - Make libaudit.h define pgoff_t by itself. - Fix a minor warning. * Wed Mar 30 2005 - meissner@suse.de - Upgraded to 0.6.9. * Fri Mar 04 2005 - meissner@suse.de - Upgraded to 0.6.5. * Thu Mar 03 2005 - meissner@suse.de - initial package of auditd for new kernel auditing system.