OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=2

2007-05-06 15:10:42 +00:00 · 2007-05-06 15:10:42 +00:00 · 65a7a4955f
commit 65a7a4955f
parent ea9f17caea
12 changed files with 87 additions and 266 deletions
--- a/audit-1.2.9.tar.bz2
+++ b/audit-1.2.9.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:0995cdda8aeb4cd1126427d78fcc44aa6bf84e578f15fad0074ffbb9ac609339
 size 193190
--- a/audit-1.5.3.tar.gz
+++ b/audit-1.5.3.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4ca6888582823cdd1cc946f682450ba05a704d1baa3596350525708ce68d24c8
 size 293566
--- a/audit-auparse_missing_return.patch
+++ b/audit-auparse_missing_return.patch
@ -1,49 +0,0 @@
 From: tonyj@suse.de
 References: none
 Patch-upstream: no
 Disable unused functions which are tripping the abuild garbage return code
 detection.
 --- audit-1.2.6/auparse/auparse.c.xx	2006-08-31 21:24:46.000000000 +0200
 +++ audit-1.2.6/auparse/auparse.c	2006-08-31 21:30:48.000000000 +0200
@@ -177,6 +177,7 @@
 }
 +#if 0
 time_t auparse_get_time(auparse_state_t *au)
 {
 }
@@ -190,6 +191,7 @@
 unsigned long auparse_get_serial(auparse_state_t *au)
 {
 }
 +#endif	/* not used, disable to avoid abuild garbage return error */
 const char *auparse_get_node(auparse_state_t *au)
@@ -198,9 +200,11 @@
 }
 +#if 0
 int auparse_timestamp_compare(event_t *e1, event_t *e2)
 {
 }
 +#endif	/* not used, disable to avoid abuild garbage return error */
 /* Functions that traverse records in the same event */
@@ -260,9 +264,11 @@
 }
 +#if 0
 int auparse_get_field_int(auparse_state_t *au)
 {
 }
 +#endif	/* not used, disable to avoid abuild garbage return error */
 const char *auparse_interpret_field(auparse_state_t *au)
--- a/audit-change-paths.patch
+++ b/audit-change-paths.patch
@ -1,20 +0,0 @@
 From: tonyj@suse.de
 References: unknown
 Upstream: no
 Change paths.
 1) Since libstdc++ is in /usr, audispd must move also
 2) Change location of audit config file to /etc
 --- audit-1.2.6/init.d/auditd.conf.xx	2006-08-31 18:18:11.000000000 +0200
 +++ audit-1.2.6/init.d/auditd.conf	2006-08-31 18:19:00.000000000 +0200
@@ -8,7 +8,7 @@
 flush = INCREMENTAL
 freq = 20
 num_logs = 4
 -dispatcher = /sbin/audispd
 +#dispatcher = /usr/sbin/audispd
 disp_qos = lossy
 max_log_file = 5 
 max_log_file_action = ROTATE
--- a/audit-disable-syscall-contexts.patch
+++ b/audit-disable-syscall-contexts.patch
@ -1,102 +0,0 @@
 From: sbeattie@suse.de
 References: 172154
 Upstream: no
 Disable syscall audit context creation by default.
 This patch needs to be reevaluated in light of kernel performance improvements
 to audit comitted around ~2.6.18
 --- audit-1.2.6/src/auditd.c.xx	2006-07-27 19:06:08.000000000 +0200
 +++ audit-1.2.6/src/auditd.c	2006-08-31 20:02:57.000000000 +0200
@@ -36,6 +36,7 @@
 #include <sys/wait.h>
 #include <fcntl.h>
 #include <pthread.h>
 +#include <getopt.h>
 #include "libaudit.h"
 #include "auditd-config.h"
@@ -69,7 +70,7 @@
  */
 static void usage(void)
 {
 -	puts("Usage: auditd [ -f ]");
 +	puts("Usage: auditd [ -f ] [ -n ]");
 	exit(2);
 }
@@ -281,18 +282,28 @@
 	struct rlimit limit;
 	int hup_info_requested = 0, usr1_info_requested = 0;
 	int i;
 +	int opt_foreground = 0;
 +	int opt_enabled = 1;
 +	int c;
 	/* Get params && set mode */
 -	if (argc > 2)
 -		usage();
 -	if (argc == 2) {
 -		if (strcmp(argv[1], "-f") == 0) {
 -			config.daemonize = D_FOREGROUND;
 -			set_aumessage_mode(MSG_STDERR, DBG_YES);
 -		} else
 +	while ((c = getopt(argc, argv, "fn")) != -1) {
 +		switch (c) {
 +		case 'f':
 +			opt_foreground = 1;
 +			break;
 +		case 'n':
 +			opt_enabled = 0;
 +			break;
 +		default:
 			usage();
 +		}
 	}
 -	else {
 +
 +	if (opt_foreground) {
 +		config.daemonize = D_FOREGROUND;
 +		set_aumessage_mode(MSG_STDERR, DBG_YES);
 +	} else {
 		config.daemonize = D_BACKGROUND;
 		set_aumessage_mode(MSG_SYSLOG, DBG_NO);
 		(void) umask( umask( 077 ) | 022 );
@@ -429,7 +440,7 @@
 	tell_parent(SUCCESS);
 	/* Enable auditing just in case it was off */
 -	if (audit_set_enabled(fd, 1) < 0) {
 +	if (audit_set_enabled(fd, opt_enabled) < 0) {
 		char emsg[DEFAULT_BUF_SZ];
 		snprintf(emsg, sizeof(emsg),
 			"auditd error halt, auid=%u pid=%d res=failed",
@@ -558,6 +569,7 @@
 			/* Write message to log that we are going down */
 			int rc;
 +			audit_set_enabled(fd, 0);
 			rc = audit_request_signal_info(fd);
 			if (rc > 0) {
 				struct audit_reply trep;
 --- audit-1.2.6/docs/auditd.8.xx	2006-04-06 23:21:14.000000000 +0200
 +++ audit-1.2.6/docs/auditd.8	2006-08-31 20:02:47.000000000 +0200
@@ -4,6 +4,7 @@
 .SH SYNOPSIS
 .B auditd
 [ \fI-f \fR]
 +[ \fI-n \fR]
 .SH DESCRIPTION
 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
 .B ausearch
@@ -18,6 +19,10 @@
 .TP
 \fB\-f\fR
 leave the audit daemon in the foreground for debugging. Messages also go to stderr rather than the audit log.
 +.TP
 +\fB-n\fR
 +start the audit daemon, but do not enabled system call auditing in the kernel.
 +This can be done separately by using \fBauditctl -e\fR.
 .SH SIGNALS
 \fB\SIGHUP\fR
 causes auditd to reconfigure. This means that auditd re-reads the configuration file. If there are no syntax errors, it will proceed to implement the requested changes. If the reconfigure is successful, a DAEMON_CONFIG event is recorded in the logs. If not successful, error handling is controlled by space_left_action, admin_space_left_action, disk_full_action, and disk_error_action parameters in auditd.conf.
--- a/audit-libs-python.changes
+++ b/audit-libs-python.changes
@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Wed May  2 19:08:53 CEST 2007 - tonyj@suse.de
 - Upgrade to 1.5.3.
 -------------------------------------------------------------------
 Wed Nov 29 02:47:22 CET 2006 - tonyj@suse.de
--- a/audit-libs-python.spec
+++ b/audit-libs-python.spec
@ -1,7 +1,7 @@
 #
-# spec file for package audit-libs-python (Version 1.2.9)
+# spec file for package audit-libs-python (Version 1.5.3)
 #
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -12,17 +12,14 @@
 Name:           audit-libs-python
 %define _name audit
-BuildRequires:  audit-devel gcc-c++ python-devel swig
+BuildRequires:  audit-devel gcc-c++ pkg-config python-devel swig
 Summary:        Python bindings for libaudit
-Version:        1.2.9
+Version:        1.5.3
-Release:        2
+Release:        1
 License:        GNU General Public License (GPL)
 Group:          System/Monitoring
 URL:            http://people.redhat.com/sgrubb/audit/
-Source0:        audit-%{version}.tar.bz2
+Source0:        audit-%{version}.tar.gz
 Patch0:         audit-change-paths.patch
 Patch1:         audit-disable-syscall-contexts.patch
 Patch2:         audit-auparse_missing_return.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       audit-libs = %( echo `rpm -q --queryformat '%{VERSION}-%{RELEASE}' audit-libs`)
 PreReq:         %insserv_prereq %fillup_prereq
@ -39,12 +36,9 @@ Authors:
 %prep
 %setup -q -n audit-%{version}
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %build
-autoreconf -fv --install
+autoreconf -iv --install
 export CFLAGS="%{optflags} -fno-strict-aliasing"
 export CXXFLAGS="$CFLAGS"
 ./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor
@ -55,33 +49,24 @@ make
 %install
 make DESTDIR=$RPM_BUILD_ROOT install -C swig
-make DESTDIR=$RPM_BUILD_ROOT install -C audisp LIBDIR=$RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages
+make DESTDIR=$RPM_BUILD_ROOT install -C bindings
-mkdir $RPM_BUILD_ROOT/usr/sbin
+ls -lR $RPM_BUILD_ROOT/
 mv $RPM_BUILD_ROOT/sbin/audispd $RPM_BUILD_ROOT/usr/sbin/audispd
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py2.5.egg-info
 %clean
 rm -rf $RPM_BUILD_ROOT
 %post
 if [ -f /etc/audit/auditd.conf ]; then
   tmp=`mktemp /etc/audit/auditd-post.$$`
   if [ -n $tmp ]; then
      sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
         cat $tmp > /etc/audit/auditd.conf
      rm -f $tmp
   fi
 fi
 %files
 %defattr(-,root,root,-)
 %attr(750,root,root) /usr/sbin/audispd
 %{_libdir}/python%{py_ver}/site-packages/_audit.so
 %{_libdir}/python%{py_ver}/site-packages/auparse.so
 %{_libdir}/python%{py_ver}/site-packages/audit.py*
 %{_libdir}/python%{py_ver}/site-packages/AuditMsg.py*
-%changelog -n audit-libs-python
+%changelog
 * Wed May 02 2007 - tonyj@suse.de
 - Upgrade to 1.5.3.
 * Wed Nov 29 2006 - tonyj@suse.de
 - Upgrade to 1.2.9 (drop several patches which are now upstream)
 - /usr/sbin/audispd now packaged by audit-libs-python
--- a/audit-no_python.patch
+++ b/audit-no_python.patch
@ -1,19 +1,11 @@
-From: tonyj@suse.de
+--- audit-1.5.1/configure.ac.orig	2007-03-01 01:54:19.977676000 +0100
-Date: unknown
+++ audit-1.5.1/configure.ac	2007-03-01 02:09:06.032928000 +0100
 Upstream: no
 This patch is used by audit.spec to disable use of Python.
 Necessary Python files are built seperately by audit-libs-python.spec
 (make -C swig ; make -C auditsp)
 --- audit-1.2.6/configure.ac.xx	2006-07-13 23:02:17.000000000 +0200
 +++ audit-1.2.6/configure.ac	2006-08-31 20:52:49.000000000 +0200
@@ -39,7 +39,7 @@
 AM_INIT_AUTOMAKE
 AM_PROG_LIBTOOL
 AC_SUBST(LIBTOOL_DEPS)
-AM_PATH_PYTHON(2.4)
+-AM_PATH_PYTHON
-+#AM_PATH_PYTHON(2.4)
+#AM_PATH_PYTHON
 echo .
 echo Checking for programs
@ -21,21 +13,20 @@ Necessary Python files are built seperately by audit-libs-python.spec
 if test x$use_apparmor != xno ; then
       AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi
-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile)
+-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile)
-+#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile)
+#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile)
-+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile)
+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile audisp/Makefile)
 echo .
 echo "
--- audit-1.2.6/Makefile.am.xx	2006-07-13 22:24:35.000000000 +0200
+--- audit-1.5.1/Makefile.am.orig	2007-04-05 23:31:18.152428000 +0200
-+++ audit-1.2.6/Makefile.am	2006-08-31 20:52:49.000000000 +0200
+++ audit-1.5.1/Makefile.am	2007-04-05 23:37:52.670519000 +0200
-@@ -22,7 +22,8 @@
+@@ -21,7 +21,7 @@
 #   Rickard E. (Rik) Faith <faith@redhat.com>
 #
- #SUBDIRS = lib auparse src/mt src audisp audisp/tests swig init.d docs
+-SUBDIRS = lib auparse src/mt src audisp swig bindings init.d docs
-SUBDIRS = lib src/mt src audisp swig init.d docs
+SUBDIRS = lib auparse src/mt src audisp init.d docs
-+#SUBDIRS = lib src/mt src audisp swig init.d docs
+ EXTRA_DIST = ChangeLog AUTHORS NEWS README sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c README-install audit.spec
 +SUBDIRS = lib src/mt src init.d docs
 EXTRA_DIST = ChangeLog AUTHORS NEWS README sample.rules contrib/capp.rules contrib/lspp.rules contrib/skeleton.c README-install audit.spec
 CONFIG_CLEAN_FILES = Makefile.in aclocal.m4* config.h.* configure debug*.list config/*
--- a/audit.changes
+++ b/audit.changes
@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Wed May  2 19:08:53 CEST 2007 - tonyj@suse.de
 - Upgrade to 1.5.3.  Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig
 -------------------------------------------------------------------
 Wed Nov 29 02:46:08 CET 2006 - tonyj@suse.de
--- a/audit.spec
+++ b/audit.spec
@ -1,7 +1,7 @@
 #
-# spec file for package audit (Version 1.2.9)
+# spec file for package audit (Version 1.5.3)
 #
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -11,20 +11,17 @@
 # norootforbuild
 Name:           audit
-BuildRequires:  gcc-c++
+BuildRequires:  gcc-c++ pkg-config
 Summary:        User Space Tools for 2.6 Kernel Auditing
-Version:        1.2.9
+Version:        1.5.3
-Release:        2
+Release:        1
 License:        GNU General Public License (GPL)
 Group:          System/Monitoring
 URL:            http://people.redhat.com/sgrubb/audit/
-Source0:        %{name}-%{version}.tar.bz2
+Source0:        %{name}-%{version}.tar.gz
 Source1:        auditd.init
 Source2:        auditd.sysconfig
-Patch0:         audit-change-paths.patch
+Patch0:         audit-no_python.patch
 Patch1:         audit-no_python.patch
 Patch2:         audit-disable-syscall-contexts.patch
 Patch3:         audit-auparse_missing_return.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       %{name}-libs = %{version}-%{release}
 PreReq:         %insserv_prereq %fillup_prereq
@ -68,6 +65,21 @@ libraries.
 Authors:
 --------
    Steve Grubb <sgrubb@redhat.com>
 %package audispd-plugins
 Summary:        Default plugins for the audit dispatcher
 License:        GNU General Public License (GPL)
 Group:          System/Monitoring
 %description audispd-plugins
 The audit-audispd-plugins package contains plugin components for the
 audit dispatcher (audispd).
 Authors:
 --------
    Steve Grubb <sgrubb@redhat.com>
@ -75,22 +87,20 @@ Authors:
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %build
-autoreconf -fv --install
+autoreconf -iv --install
 export CFLAGS="%{optflags} -fno-strict-aliasing"
 export CXXFLAGS="$CFLAGS"
-./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor
+./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor
 #./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_libexecdir}
 pushd src/mt
 	make libaudit.h
 popd
 make
 %install
-mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,init.d}}
+mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
 mkdir -p $RPM_BUILD_ROOT/usr/sbin
 mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8
 mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
@ -100,18 +110,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}
 # We manually install this since Makefile doesn't
 install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir}
 # This winds up in the wrong place when libtool is involved
-# -- 11/06 -- temp disable libauparse
+rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so
 #rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so
 #ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
 #ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
 #mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
 #rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la
 # -- 
 rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so
 # Link points to real /lib not buildroot /lib
 ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
-mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir}
+ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
-rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la
+mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
 rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la
 mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
 cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd
 # delete redhat script, use ours
@ -125,6 +128,8 @@ touch $RPM_BUILD_ROOT/var/log/audit/audit.log
 # for %ghost below, so that old location files will still be there when
 # %post copy runs
 touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
 # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
 touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
 %clean
 rm -rf $RPM_BUILD_ROOT
@ -155,28 +160,34 @@ fi
 %files libs
 %defattr(-,root,root)
 /%{_lib}/libaudit.*
-#/%{_lib}/libauparse.*
+/%{_lib}/libauparse.*
 %config(noreplace) %attr(640,root,root) /etc/libaudit.conf
 %files devel
 %defattr(-,root,root)
 %{_libdir}/libaudit.*
-#%{_libdir}/libauparse.*
+%{_libdir}/libauparse.*
 %{_includedir}/libaudit.h
 %{_includedir}/auparse.h
 %{_includedir}/auparse-defs.h
 %{_mandir}/man3/*
 %files
 %defattr(-,root,root,-)
-%doc README COPYING ChangeLog sample.rules
+%doc  README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron
 %{_mandir}/man8/*
 %{_mandir}/man5/*
 %attr(750,root,root) /sbin/auditctl
 %attr(750,root,root) /sbin/auditd
-%attr(750,root,root) /sbin/ausearch
+%attr(755,root,root) /sbin/ausearch
 %attr(750,root,root) /sbin/rcauditd
 %attr(750,root,root) /sbin/autrace
-%attr(750,root,root) /sbin/aureport
+%attr(750,root,root) /sbin/audispd
 %attr(755,root,root) /sbin/aureport
 /etc/init.d/auditd
 %dir %attr(750,root,root) /etc/audit
 %attr(750,root,root) %dir /etc/audispd
 %attr(750,root,root) %dir /etc/audispd/plugins.d
 %ghost /etc/auditd.conf
 %ghost /etc/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
@ -185,7 +196,9 @@ fi
 %dir %attr(700,root,root) /var/log/audit
 %ghost /var/log/audit/audit.log
-%changelog -n audit
+%changelog
 * Wed May 02 2007 - tonyj@suse.de
 - Upgrade to 1.5.3.  Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig
 * Wed Nov 29 2006 - tonyj@suse.de
 - Upgrade to 1.2.9 (drop several patches which are now upstream)
 - Move to using /etc/audit directory for config files
--- a/auditd.init
+++ b/auditd.init
@ -98,9 +98,6 @@ rc_reset
 case "$1" in
    start)
 	echo -n "Starting auditd "
 	if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then 
 		EXTRAOPTIONS="$EXTRAOPTIONS -n"
 	fi
 	## Start daemon with startproc(8). If this fails
 	## the return value is set appropriately by startproc.
 	startproc $AUDITD_BIN $EXTRAOPTIONS
--- a/auditd.sysconfig
+++ b/auditd.sysconfig
@ -29,7 +29,3 @@ AUDITD_CLEAN_STOP="yes"
 #
 ## Type: yesno
 ## Default: yes
 #
 # This option disables syscall auditing by default. This can also be
 # accomplished by auditctl -e.
 AUDITD_DISABLE_CONTEXTS="yes"