SHA256
1
0
forked from pool/audit
audit/fix-hardened-service.patch
Enzo Matsumiya 09b88829e8 Accepting request 920348 from home:ematsumiya:branches:security
- Fix hardened auditd.service (bsc#1181400)
  * add fix-hardened-service.patch
    Make /etc/audit read-write from the service.
    Remove PrivateDevices=true to expose /dev/* to auditd.service.
- Enable stop rules for audit.service (cf. bsc#1190227)
  * add enable-stop-rules.patch
- Change default log_format from ENRICHED to RAW (bsc#1190500):
  * add change-default-log_format.patch (SUSE-specific patch)
- Update to version 3.0.5:
  * In auditd, flush uid/gid caches when user/group added/deleted/modified
  * Fixed various issues when dealing with corrupted logs
  * In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
  * Apply performance speedups to auparse library
  * Optimize rule loading in auditctl
  * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
  * Update syscall table to the 5.14 kernel
  * Fixed various issues when dealing with corrupted logs
- Update to version 3.0.5:
  * In auditd, flush uid/gid caches when user/group added/deleted/modified
  * Fixed various issues when dealing with corrupted logs
  * In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
  * Apply performance speedups to auparse library
  * Optimize rule loading in auditctl
  * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
  * Update syscall table to the 5.14 kernel
  * Fixed various issues when dealing with corrupted logs

OBS-URL: https://build.opensuse.org/request/show/920348
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=129
2021-09-20 16:14:05 +00:00

31 lines
923 B
Diff

From: Enzo Matsumiya <ematsumiya@suse.de>
Subject: init.d/auditd.service: make /etc/audit writable
References: bsc#1181400
systemd hardening effort (bsc#1181400) broke auditd.service when starting/
restarting it. This was because auditd couldn't save/create audit.rules from
/etc/audit/rules.d/* files.
Make /etc/audit writable for the service.
Also remove PrivateDevices=true so /dev/* are exposed to auditd.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
--- a/init.d/auditd.service
+++ b/init.d/auditd.service
@@ -37,12 +37,12 @@ RestrictRealtime=true
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
-PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelLogs=true
# end of automatic additions
+ReadWritePaths=/etc/audit
[Install]
WantedBy=multi-user.target