From 65a7a4955f842812d2c004af98efa995a3c629ff663cf91ac80fbfbafbea02db Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sun, 6 May 2007 15:10:42 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=2 --- audit-1.2.9.tar.bz2 | 3 - audit-1.5.3.tar.gz | 3 + audit-auparse_missing_return.patch | 49 ------------- audit-change-paths.patch | 20 ------ audit-disable-syscall-contexts.patch | 102 --------------------------- audit-libs-python.changes | 5 ++ audit-libs-python.spec | 43 ++++------- audit-no_python.patch | 37 ++++------ audit.changes | 5 ++ audit.spec | 79 ++++++++++++--------- auditd.init | 3 - auditd.sysconfig | 4 -- 12 files changed, 87 insertions(+), 266 deletions(-) delete mode 100644 audit-1.2.9.tar.bz2 create mode 100644 audit-1.5.3.tar.gz delete mode 100644 audit-auparse_missing_return.patch delete mode 100644 audit-change-paths.patch delete mode 100644 audit-disable-syscall-contexts.patch diff --git a/audit-1.2.9.tar.bz2 b/audit-1.2.9.tar.bz2 deleted file mode 100644 index 4b12d34..0000000 --- a/audit-1.2.9.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0995cdda8aeb4cd1126427d78fcc44aa6bf84e578f15fad0074ffbb9ac609339 -size 193190 diff --git a/audit-1.5.3.tar.gz b/audit-1.5.3.tar.gz new file mode 100644 index 0000000..39856da --- /dev/null +++ b/audit-1.5.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4ca6888582823cdd1cc946f682450ba05a704d1baa3596350525708ce68d24c8 +size 293566 diff --git a/audit-auparse_missing_return.patch b/audit-auparse_missing_return.patch deleted file mode 100644 index 31dcc22..0000000 --- a/audit-auparse_missing_return.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: tonyj@suse.de -References: none -Patch-upstream: no - -Disable unused functions which are tripping the abuild garbage return code -detection. - ---- audit-1.2.6/auparse/auparse.c.xx 2006-08-31 21:24:46.000000000 +0200 -+++ audit-1.2.6/auparse/auparse.c 2006-08-31 21:30:48.000000000 +0200 -@@ -177,6 +177,7 @@ - } - - -+#if 0 - time_t auparse_get_time(auparse_state_t *au) - { - } -@@ -190,6 +191,7 @@ - unsigned long auparse_get_serial(auparse_state_t *au) - { - } -+#endif /* not used, disable to avoid abuild garbage return error */ - - - const char *auparse_get_node(auparse_state_t *au) -@@ -198,9 +200,11 @@ - } - - -+#if 0 - int auparse_timestamp_compare(event_t *e1, event_t *e2) - { - } -+#endif /* not used, disable to avoid abuild garbage return error */ - - - /* Functions that traverse records in the same event */ -@@ -260,9 +264,11 @@ - } - - -+#if 0 - int auparse_get_field_int(auparse_state_t *au) - { - } -+#endif /* not used, disable to avoid abuild garbage return error */ - - - const char *auparse_interpret_field(auparse_state_t *au) diff --git a/audit-change-paths.patch b/audit-change-paths.patch deleted file mode 100644 index 4373e1f..0000000 --- a/audit-change-paths.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: tonyj@suse.de -References: unknown -Upstream: no - -Change paths. -1) Since libstdc++ is in /usr, audispd must move also -2) Change location of audit config file to /etc - ---- audit-1.2.6/init.d/auditd.conf.xx 2006-08-31 18:18:11.000000000 +0200 -+++ audit-1.2.6/init.d/auditd.conf 2006-08-31 18:19:00.000000000 +0200 -@@ -8,7 +8,7 @@ - flush = INCREMENTAL - freq = 20 - num_logs = 4 --dispatcher = /sbin/audispd -+#dispatcher = /usr/sbin/audispd - disp_qos = lossy - max_log_file = 5 - max_log_file_action = ROTATE - diff --git a/audit-disable-syscall-contexts.patch b/audit-disable-syscall-contexts.patch deleted file mode 100644 index 8c66fbb..0000000 --- a/audit-disable-syscall-contexts.patch +++ /dev/null @@ -1,102 +0,0 @@ -From: sbeattie@suse.de -References: 172154 -Upstream: no - -Disable syscall audit context creation by default. -This patch needs to be reevaluated in light of kernel performance improvements -to audit comitted around ~2.6.18 - ---- audit-1.2.6/src/auditd.c.xx 2006-07-27 19:06:08.000000000 +0200 -+++ audit-1.2.6/src/auditd.c 2006-08-31 20:02:57.000000000 +0200 -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - - #include "libaudit.h" - #include "auditd-config.h" -@@ -69,7 +70,7 @@ - */ - static void usage(void) - { -- puts("Usage: auditd [ -f ]"); -+ puts("Usage: auditd [ -f ] [ -n ]"); - exit(2); - } - -@@ -281,18 +282,28 @@ - struct rlimit limit; - int hup_info_requested = 0, usr1_info_requested = 0; - int i; -+ int opt_foreground = 0; -+ int opt_enabled = 1; -+ int c; - - /* Get params && set mode */ -- if (argc > 2) -- usage(); -- if (argc == 2) { -- if (strcmp(argv[1], "-f") == 0) { -- config.daemonize = D_FOREGROUND; -- set_aumessage_mode(MSG_STDERR, DBG_YES); -- } else -+ while ((c = getopt(argc, argv, "fn")) != -1) { -+ switch (c) { -+ case 'f': -+ opt_foreground = 1; -+ break; -+ case 'n': -+ opt_enabled = 0; -+ break; -+ default: - usage(); -+ } - } -- else { -+ -+ if (opt_foreground) { -+ config.daemonize = D_FOREGROUND; -+ set_aumessage_mode(MSG_STDERR, DBG_YES); -+ } else { - config.daemonize = D_BACKGROUND; - set_aumessage_mode(MSG_SYSLOG, DBG_NO); - (void) umask( umask( 077 ) | 022 ); -@@ -429,7 +440,7 @@ - tell_parent(SUCCESS); - - /* Enable auditing just in case it was off */ -- if (audit_set_enabled(fd, 1) < 0) { -+ if (audit_set_enabled(fd, opt_enabled) < 0) { - char emsg[DEFAULT_BUF_SZ]; - snprintf(emsg, sizeof(emsg), - "auditd error halt, auid=%u pid=%d res=failed", -@@ -558,6 +569,7 @@ - /* Write message to log that we are going down */ - int rc; - -+ audit_set_enabled(fd, 0); - rc = audit_request_signal_info(fd); - if (rc > 0) { - struct audit_reply trep; ---- audit-1.2.6/docs/auditd.8.xx 2006-04-06 23:21:14.000000000 +0200 -+++ audit-1.2.6/docs/auditd.8 2006-08-31 20:02:47.000000000 +0200 -@@ -4,6 +4,7 @@ - .SH SYNOPSIS - .B auditd - [ \fI-f \fR] -+[ \fI-n \fR] - .SH DESCRIPTION - auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the - .B ausearch -@@ -18,6 +19,10 @@ - .TP - \fB\-f\fR - leave the audit daemon in the foreground for debugging. Messages also go to stderr rather than the audit log. -+.TP -+\fB-n\fR -+start the audit daemon, but do not enabled system call auditing in the kernel. -+This can be done separately by using \fBauditctl -e\fR. - .SH SIGNALS - \fB\SIGHUP\fR - causes auditd to reconfigure. This means that auditd re-reads the configuration file. If there are no syntax errors, it will proceed to implement the requested changes. If the reconfigure is successful, a DAEMON_CONFIG event is recorded in the logs. If not successful, error handling is controlled by space_left_action, admin_space_left_action, disk_full_action, and disk_error_action parameters in auditd.conf. diff --git a/audit-libs-python.changes b/audit-libs-python.changes index 6cc4dfe..e5422e4 100644 --- a/audit-libs-python.changes +++ b/audit-libs-python.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 2 19:08:53 CEST 2007 - tonyj@suse.de + +- Upgrade to 1.5.3. + ------------------------------------------------------------------- Wed Nov 29 02:47:22 CET 2006 - tonyj@suse.de diff --git a/audit-libs-python.spec b/audit-libs-python.spec index ce84486..cb69071 100644 --- a/audit-libs-python.spec +++ b/audit-libs-python.spec @@ -1,7 +1,7 @@ # -# spec file for package audit-libs-python (Version 1.2.9) +# spec file for package audit-libs-python (Version 1.5.3) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -12,17 +12,14 @@ Name: audit-libs-python %define _name audit -BuildRequires: audit-devel gcc-c++ python-devel swig +BuildRequires: audit-devel gcc-c++ pkg-config python-devel swig Summary: Python bindings for libaudit -Version: 1.2.9 -Release: 2 +Version: 1.5.3 +Release: 1 License: GNU General Public License (GPL) Group: System/Monitoring URL: http://people.redhat.com/sgrubb/audit/ -Source0: audit-%{version}.tar.bz2 -Patch0: audit-change-paths.patch -Patch1: audit-disable-syscall-contexts.patch -Patch2: audit-auparse_missing_return.patch +Source0: audit-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: audit-libs = %( echo `rpm -q --queryformat '%{VERSION}-%{RELEASE}' audit-libs`) PreReq: %insserv_prereq %fillup_prereq @@ -39,12 +36,9 @@ Authors: %prep %setup -q -n audit-%{version} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build -autoreconf -fv --install +autoreconf -iv --install export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" ./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor @@ -55,33 +49,24 @@ make %install make DESTDIR=$RPM_BUILD_ROOT install -C swig -make DESTDIR=$RPM_BUILD_ROOT install -C audisp LIBDIR=$RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages -mkdir $RPM_BUILD_ROOT/usr/sbin -mv $RPM_BUILD_ROOT/sbin/audispd $RPM_BUILD_ROOT/usr/sbin/audispd +make DESTDIR=$RPM_BUILD_ROOT install -C bindings +ls -lR $RPM_BUILD_ROOT/ rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py2.5.egg-info %clean rm -rf $RPM_BUILD_ROOT -%post -if [ -f /etc/audit/auditd.conf ]; then - tmp=`mktemp /etc/audit/auditd-post.$$` - if [ -n $tmp ]; then - sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \ - cat $tmp > /etc/audit/auditd.conf - rm -f $tmp - fi -fi - %files %defattr(-,root,root,-) -%attr(750,root,root) /usr/sbin/audispd %{_libdir}/python%{py_ver}/site-packages/_audit.so +%{_libdir}/python%{py_ver}/site-packages/auparse.so %{_libdir}/python%{py_ver}/site-packages/audit.py* -%{_libdir}/python%{py_ver}/site-packages/AuditMsg.py* -%changelog -n audit-libs-python +%changelog +* Wed May 02 2007 - tonyj@suse.de +- Upgrade to 1.5.3. * Wed Nov 29 2006 - tonyj@suse.de - Upgrade to 1.2.9 (drop several patches which are now upstream) - /usr/sbin/audispd now packaged by audit-libs-python diff --git a/audit-no_python.patch b/audit-no_python.patch index 81c5314..9a5fe71 100644 --- a/audit-no_python.patch +++ b/audit-no_python.patch @@ -1,19 +1,11 @@ -From: tonyj@suse.de -Date: unknown -Upstream: no - -This patch is used by audit.spec to disable use of Python. -Necessary Python files are built seperately by audit-libs-python.spec -(make -C swig ; make -C auditsp) - ---- audit-1.2.6/configure.ac.xx 2006-07-13 23:02:17.000000000 +0200 -+++ audit-1.2.6/configure.ac 2006-08-31 20:52:49.000000000 +0200 +--- audit-1.5.1/configure.ac.orig 2007-03-01 01:54:19.977676000 +0100 ++++ audit-1.5.1/configure.ac 2007-03-01 02:09:06.032928000 +0100 @@ -39,7 +39,7 @@ AM_INIT_AUTOMAKE AM_PROG_LIBTOOL AC_SUBST(LIBTOOL_DEPS) --AM_PATH_PYTHON(2.4) -+#AM_PATH_PYTHON(2.4) +-AM_PATH_PYTHON ++#AM_PATH_PYTHON echo . echo Checking for programs @@ -21,21 +13,20 @@ Necessary Python files are built seperately by audit-libs-python.spec if test x$use_apparmor != xno ; then AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi --AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile) -+#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile) -+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile) +-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile) ++#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile) ++AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile audisp/Makefile) echo . echo " ---- audit-1.2.6/Makefile.am.xx 2006-07-13 22:24:35.000000000 +0200 -+++ audit-1.2.6/Makefile.am 2006-08-31 20:52:49.000000000 +0200 -@@ -22,7 +22,8 @@ +--- audit-1.5.1/Makefile.am.orig 2007-04-05 23:31:18.152428000 +0200 ++++ audit-1.5.1/Makefile.am 2007-04-05 23:37:52.670519000 +0200 +@@ -21,7 +21,7 @@ + # Rickard E. (Rik) Faith # - #SUBDIRS = lib auparse src/mt src audisp audisp/tests swig init.d docs --SUBDIRS = lib src/mt src audisp swig init.d docs -+#SUBDIRS = lib src/mt src audisp swig init.d docs -+SUBDIRS = lib src/mt src init.d docs - EXTRA_DIST = ChangeLog AUTHORS NEWS README sample.rules contrib/capp.rules contrib/lspp.rules contrib/skeleton.c README-install audit.spec +-SUBDIRS = lib auparse src/mt src audisp swig bindings init.d docs ++SUBDIRS = lib auparse src/mt src audisp init.d docs + EXTRA_DIST = ChangeLog AUTHORS NEWS README sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c README-install audit.spec CONFIG_CLEAN_FILES = Makefile.in aclocal.m4* config.h.* configure debug*.list config/* diff --git a/audit.changes b/audit.changes index d0fe3ce..cc41101 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 2 19:08:53 CEST 2007 - tonyj@suse.de + +- Upgrade to 1.5.3. Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig + ------------------------------------------------------------------- Wed Nov 29 02:46:08 CET 2006 - tonyj@suse.de diff --git a/audit.spec b/audit.spec index 60c3816..7773d23 100644 --- a/audit.spec +++ b/audit.spec @@ -1,7 +1,7 @@ # -# spec file for package audit (Version 1.2.9) +# spec file for package audit (Version 1.5.3) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -11,20 +11,17 @@ # norootforbuild Name: audit -BuildRequires: gcc-c++ +BuildRequires: gcc-c++ pkg-config Summary: User Space Tools for 2.6 Kernel Auditing -Version: 1.2.9 -Release: 2 +Version: 1.5.3 +Release: 1 License: GNU General Public License (GPL) Group: System/Monitoring URL: http://people.redhat.com/sgrubb/audit/ -Source0: %{name}-%{version}.tar.bz2 +Source0: %{name}-%{version}.tar.gz Source1: auditd.init Source2: auditd.sysconfig -Patch0: audit-change-paths.patch -Patch1: audit-no_python.patch -Patch2: audit-disable-syscall-contexts.patch -Patch3: audit-auparse_missing_return.patch +Patch0: audit-no_python.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-libs = %{version}-%{release} PreReq: %insserv_prereq %fillup_prereq @@ -68,6 +65,21 @@ libraries. +Authors: +-------- + Steve Grubb + +%package audispd-plugins +Summary: Default plugins for the audit dispatcher +License: GNU General Public License (GPL) +Group: System/Monitoring + +%description audispd-plugins +The audit-audispd-plugins package contains plugin components for the +audit dispatcher (audispd). + + + Authors: -------- Steve Grubb @@ -75,22 +87,20 @@ Authors: %prep %setup -q %patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build -autoreconf -fv --install +autoreconf -iv --install export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" -./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor +./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor +#./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_libexecdir} pushd src/mt make libaudit.h popd make %install -mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,init.d}} +mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}} mkdir -p $RPM_BUILD_ROOT/usr/sbin mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 mkdir -p $RPM_BUILD_ROOT/%{_lib}/security @@ -100,18 +110,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir} # We manually install this since Makefile doesn't install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir} # This winds up in the wrong place when libtool is involved -# -- 11/06 -- temp disable libauparse -#rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so -#ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so -#ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so -#mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir} -#rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la -# -- -rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so -# Link points to real /lib not buildroot /lib +rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so -mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir} -rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la +ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so +mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir} +rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd # delete redhat script, use ours @@ -125,6 +128,8 @@ touch $RPM_BUILD_ROOT/var/log/audit/audit.log # for %ghost below, so that old location files will still be there when # %post copy runs touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules} +# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp +touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf %clean rm -rf $RPM_BUILD_ROOT @@ -155,28 +160,34 @@ fi %files libs %defattr(-,root,root) /%{_lib}/libaudit.* -#/%{_lib}/libauparse.* +/%{_lib}/libauparse.* %config(noreplace) %attr(640,root,root) /etc/libaudit.conf %files devel %defattr(-,root,root) %{_libdir}/libaudit.* -#%{_libdir}/libauparse.* +%{_libdir}/libauparse.* %{_includedir}/libaudit.h +%{_includedir}/auparse.h +%{_includedir}/auparse-defs.h %{_mandir}/man3/* %files %defattr(-,root,root,-) -%doc README COPYING ChangeLog sample.rules +%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron %{_mandir}/man8/* +%{_mandir}/man5/* %attr(750,root,root) /sbin/auditctl %attr(750,root,root) /sbin/auditd -%attr(750,root,root) /sbin/ausearch +%attr(755,root,root) /sbin/ausearch %attr(750,root,root) /sbin/rcauditd %attr(750,root,root) /sbin/autrace -%attr(750,root,root) /sbin/aureport +%attr(750,root,root) /sbin/audispd +%attr(755,root,root) /sbin/aureport /etc/init.d/auditd %dir %attr(750,root,root) /etc/audit +%attr(750,root,root) %dir /etc/audispd +%attr(750,root,root) %dir /etc/audispd/plugins.d %ghost /etc/auditd.conf %ghost /etc/audit.rules %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf @@ -185,7 +196,9 @@ fi %dir %attr(700,root,root) /var/log/audit %ghost /var/log/audit/audit.log -%changelog -n audit +%changelog +* Wed May 02 2007 - tonyj@suse.de +- Upgrade to 1.5.3. Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig * Wed Nov 29 2006 - tonyj@suse.de - Upgrade to 1.2.9 (drop several patches which are now upstream) - Move to using /etc/audit directory for config files diff --git a/auditd.init b/auditd.init index ea25658..0da8ba8 100644 --- a/auditd.init +++ b/auditd.init @@ -98,9 +98,6 @@ rc_reset case "$1" in start) echo -n "Starting auditd " - if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then - EXTRAOPTIONS="$EXTRAOPTIONS -n" - fi ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. startproc $AUDITD_BIN $EXTRAOPTIONS diff --git a/auditd.sysconfig b/auditd.sysconfig index 9fdd65b..83ec8f7 100644 --- a/auditd.sysconfig +++ b/auditd.sysconfig @@ -29,7 +29,3 @@ AUDITD_CLEAN_STOP="yes" # ## Type: yesno ## Default: yes -# -# This option disables syscall auditing by default. This can also be -# accomplished by auditctl -e. -AUDITD_DISABLE_CONTEXTS="yes"