testing/audit
SHA256
3
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=2

Browse Source
This commit is contained in:
OBS User unknown 2007-05-06 15:10:42 +00:00 committed by Git OBS Bridge
parent ea9f17caea
commit 65a7a4955f
12 changed files with 87 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
audit-1.2.9.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0995cdda8aeb4cd1126427d78fcc44aa6bf84e578f15fad0074ffbb9ac609339
size 193190

3
audit-1.5.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4ca6888582823cdd1cc946f682450ba05a704d1baa3596350525708ce68d24c8
size 293566

49
audit-auparse_missing_return.patch
View File

@ -1,49 +0,0 @@
From: tonyj@suse.de
References: none
Patch-upstream: no
Disable unused functions which are tripping the abuild garbage return code
detection.
--- audit-1.2.6/auparse/auparse.c.xx 2006-08-31 21:24:46.000000000 +0200
+++ audit-1.2.6/auparse/auparse.c 2006-08-31 21:30:48.000000000 +0200
@@ -177,6 +177,7 @@
}
+#if 0
time_t auparse_get_time(auparse_state_t *au)
{
}
@@ -190,6 +191,7 @@
unsigned long auparse_get_serial(auparse_state_t *au)
{
}
+#endif /* not used, disable to avoid abuild garbage return error */
const char *auparse_get_node(auparse_state_t *au)
@@ -198,9 +200,11 @@
}
+#if 0
int auparse_timestamp_compare(event_t *e1, event_t *e2)
{
}
+#endif /* not used, disable to avoid abuild garbage return error */
/* Functions that traverse records in the same event */
@@ -260,9 +264,11 @@
}
+#if 0
int auparse_get_field_int(auparse_state_t *au)
{
}
+#endif /* not used, disable to avoid abuild garbage return error */
const char *auparse_interpret_field(auparse_state_t *au)

20
audit-change-paths.patch
View File

@ -1,20 +0,0 @@
From: tonyj@suse.de
References: unknown
Upstream: no
Change paths.
1) Since libstdc++ is in /usr, audispd must move also
2) Change location of audit config file to /etc
--- audit-1.2.6/init.d/auditd.conf.xx 2006-08-31 18:18:11.000000000 +0200
+++ audit-1.2.6/init.d/auditd.conf 2006-08-31 18:19:00.000000000 +0200
@@ -8,7 +8,7 @@
flush = INCREMENTAL
freq = 20
num_logs = 4
-dispatcher = /sbin/audispd
+#dispatcher = /usr/sbin/audispd
disp_qos = lossy
max_log_file = 5
max_log_file_action = ROTATE

102
audit-disable-syscall-contexts.patch
View File

@ -1,102 +0,0 @@
From: sbeattie@suse.de
References: 172154
Upstream: no
Disable syscall audit context creation by default.
This patch needs to be reevaluated in light of kernel performance improvements
to audit comitted around ~2.6.18
--- audit-1.2.6/src/auditd.c.xx 2006-07-27 19:06:08.000000000 +0200
+++ audit-1.2.6/src/auditd.c 2006-08-31 20:02:57.000000000 +0200
@@ -36,6 +36,7 @@
#include <sys/wait.h>
#include <fcntl.h>
#include <pthread.h>
+#include <getopt.h>
#include "libaudit.h"
#include "auditd-config.h"
@@ -69,7 +70,7 @@
*/
static void usage(void)
{
- puts("Usage: auditd [ -f ]");
+ puts("Usage: auditd [ -f ] [ -n ]");
exit(2);
}
@@ -281,18 +282,28 @@
struct rlimit limit;
int hup_info_requested = 0, usr1_info_requested = 0;
int i;
+ int opt_foreground = 0;
+ int opt_enabled = 1;
+ int c;
/* Get params && set mode */
- if (argc > 2)
- usage();
- if (argc == 2) {
- if (strcmp(argv[1], "-f") == 0) {
- config.daemonize = D_FOREGROUND;
- set_aumessage_mode(MSG_STDERR, DBG_YES);
- } else
+ while ((c = getopt(argc, argv, "fn")) != -1) {
+ switch (c) {
+ case 'f':
+ opt_foreground = 1;
+ break;
+ case 'n':
+ opt_enabled = 0;
+ break;
+ default:
usage();
+ }
}
- else {
+
+ if (opt_foreground) {
+ config.daemonize = D_FOREGROUND;
+ set_aumessage_mode(MSG_STDERR, DBG_YES);
+ } else {
config.daemonize = D_BACKGROUND;
set_aumessage_mode(MSG_SYSLOG, DBG_NO);
(void) umask( umask( 077 ) | 022 );
@@ -429,7 +440,7 @@
tell_parent(SUCCESS);
/* Enable auditing just in case it was off */
- if (audit_set_enabled(fd, 1) < 0) {
+ if (audit_set_enabled(fd, opt_enabled) < 0) {
char emsg[DEFAULT_BUF_SZ];
snprintf(emsg, sizeof(emsg),
"auditd error halt, auid=%u pid=%d res=failed",
@@ -558,6 +569,7 @@
/* Write message to log that we are going down */
int rc;
+ audit_set_enabled(fd, 0);
rc = audit_request_signal_info(fd);
if (rc > 0) {
struct audit_reply trep;
--- audit-1.2.6/docs/auditd.8.xx 2006-04-06 23:21:14.000000000 +0200
+++ audit-1.2.6/docs/auditd.8 2006-08-31 20:02:47.000000000 +0200
@@ -4,6 +4,7 @@
.SH SYNOPSIS
.B auditd
[ \fI-f \fR]
+[ \fI-n \fR]
.SH DESCRIPTION
auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
.B ausearch
@@ -18,6 +19,10 @@
.TP
\fB\-f\fR
leave the audit daemon in the foreground for debugging. Messages also go to stderr rather than the audit log.
+.TP
+\fB-n\fR
+start the audit daemon, but do not enabled system call auditing in the kernel.
+This can be done separately by using \fBauditctl -e\fR.
.SH SIGNALS
\fB\SIGHUP\fR
causes auditd to reconfigure. This means that auditd re-reads the configuration file. If there are no syntax errors, it will proceed to implement the requested changes. If the reconfigure is successful, a DAEMON_CONFIG event is recorded in the logs. If not successful, error handling is controlled by space_left_action, admin_space_left_action, disk_full_action, and disk_error_action parameters in auditd.conf.

5
audit-libs-python.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed May 2 19:08:53 CEST 2007 - tonyj@suse.de
- Upgrade to 1.5.3.
-------------------------------------------------------------------
Wed Nov 29 02:47:22 CET 2006 - tonyj@suse.de

43
audit-libs-python.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package audit-libs-python (Version 1.2.9)
# spec file for package audit-libs-python (Version 1.5.3)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@ -12,17 +12,14 @@
Name: audit-libs-python
%define _name audit
BuildRequires: audit-devel gcc-c++ python-devel swig
BuildRequires: audit-devel gcc-c++ pkg-config python-devel swig
Summary: Python bindings for libaudit
Version: 1.2.9
Release: 2
Version: 1.5.3
Release: 1
License: GNU General Public License (GPL)
Group: System/Monitoring
URL: http://people.redhat.com/sgrubb/audit/
Source0: audit-%{version}.tar.bz2
Patch0: audit-change-paths.patch
Patch1: audit-disable-syscall-contexts.patch
Patch2: audit-auparse_missing_return.patch
Source0: audit-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: audit-libs = %( echo `rpm -q --queryformat '%{VERSION}-%{RELEASE}' audit-libs`)
PreReq: %insserv_prereq %fillup_prereq
@ -39,12 +36,9 @@ Authors:
%prep
%setup -q -n audit-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%build
autoreconf -fv --install
autoreconf -iv --install
export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS"
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor
@ -55,33 +49,24 @@ make
%install
make DESTDIR=$RPM_BUILD_ROOT install -C swig
make DESTDIR=$RPM_BUILD_ROOT install -C audisp LIBDIR=$RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages
mkdir $RPM_BUILD_ROOT/usr/sbin
mv $RPM_BUILD_ROOT/sbin/audispd $RPM_BUILD_ROOT/usr/sbin/audispd
make DESTDIR=$RPM_BUILD_ROOT install -C bindings
ls -lR $RPM_BUILD_ROOT/
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la
rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py2.5.egg-info
%clean
rm -rf $RPM_BUILD_ROOT
%post
if [ -f /etc/audit/auditd.conf ]; then
tmp=`mktemp /etc/audit/auditd-post.$$`
if [ -n $tmp ]; then
sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
cat $tmp > /etc/audit/auditd.conf
rm -f $tmp
fi
fi
%files
%defattr(-,root,root,-)
%attr(750,root,root) /usr/sbin/audispd
%{_libdir}/python%{py_ver}/site-packages/_audit.so
%{_libdir}/python%{py_ver}/site-packages/auparse.so
%{_libdir}/python%{py_ver}/site-packages/audit.py*
%{_libdir}/python%{py_ver}/site-packages/AuditMsg.py*
%changelog -n audit-libs-python
%changelog
* Wed May 02 2007 - tonyj@suse.de
- Upgrade to 1.5.3.
* Wed Nov 29 2006 - tonyj@suse.de
- Upgrade to 1.2.9 (drop several patches which are now upstream)
- /usr/sbin/audispd now packaged by audit-libs-python

37
audit-no_python.patch
View File

@ -1,19 +1,11 @@
From: tonyj@suse.de
Date: unknown
Upstream: no
This patch is used by audit.spec to disable use of Python.
Necessary Python files are built seperately by audit-libs-python.spec
(make -C swig ; make -C auditsp)
--- audit-1.2.6/configure.ac.xx 2006-07-13 23:02:17.000000000 +0200
+++ audit-1.2.6/configure.ac 2006-08-31 20:52:49.000000000 +0200
--- audit-1.5.1/configure.ac.orig 2007-03-01 01:54:19.977676000 +0100
+++ audit-1.5.1/configure.ac 2007-03-01 02:09:06.032928000 +0100
@@ -39,7 +39,7 @@
AM_INIT_AUTOMAKE
AM_PROG_LIBTOOL
AC_SUBST(LIBTOOL_DEPS)
-AM_PATH_PYTHON(2.4)
+#AM_PATH_PYTHON(2.4)
-AM_PATH_PYTHON
+#AM_PATH_PYTHON
echo .
echo Checking for programs
@ -21,21 +13,20 @@ Necessary Python files are built seperately by audit-libs-python.spec
if test x$use_apparmor != xno ; then
AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi
-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile)
+#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile)
+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile)
-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile)
+#AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile)
+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile audisp/Makefile)
echo .
echo "
--- audit-1.2.6/Makefile.am.xx 2006-07-13 22:24:35.000000000 +0200
+++ audit-1.2.6/Makefile.am 2006-08-31 20:52:49.000000000 +0200
@@ -22,7 +22,8 @@
--- audit-1.5.1/Makefile.am.orig 2007-04-05 23:31:18.152428000 +0200
+++ audit-1.5.1/Makefile.am 2007-04-05 23:37:52.670519000 +0200
@@ -21,7 +21,7 @@
# Rickard E. (Rik) Faith <faith@redhat.com>
#
#SUBDIRS = lib auparse src/mt src audisp audisp/tests swig init.d docs
-SUBDIRS = lib src/mt src audisp swig init.d docs
+#SUBDIRS = lib src/mt src audisp swig init.d docs
+SUBDIRS = lib src/mt src init.d docs
EXTRA_DIST = ChangeLog AUTHORS NEWS README sample.rules contrib/capp.rules contrib/lspp.rules contrib/skeleton.c README-install audit.spec
-SUBDIRS = lib auparse src/mt src audisp swig bindings init.d docs
+SUBDIRS = lib auparse src/mt src audisp init.d docs
EXTRA_DIST = ChangeLog AUTHORS NEWS README sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c README-install audit.spec
CONFIG_CLEAN_FILES = Makefile.in aclocal.m4* config.h.* configure debug*.list config/*

5
audit.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed May 2 19:08:53 CEST 2007 - tonyj@suse.de
- Upgrade to 1.5.3. Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig
-------------------------------------------------------------------
Wed Nov 29 02:46:08 CET 2006 - tonyj@suse.de

79
audit.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package audit (Version 1.2.9)
# spec file for package audit (Version 1.5.3)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@ -11,20 +11,17 @@
# norootforbuild
Name: audit
BuildRequires: gcc-c++
BuildRequires: gcc-c++ pkg-config
Summary: User Space Tools for 2.6 Kernel Auditing
Version: 1.2.9
Release: 2
Version: 1.5.3
Release: 1
License: GNU General Public License (GPL)
Group: System/Monitoring
URL: http://people.redhat.com/sgrubb/audit/
Source0: %{name}-%{version}.tar.bz2
Source0: %{name}-%{version}.tar.gz
Source1: auditd.init
Source2: auditd.sysconfig
Patch0: audit-change-paths.patch
Patch1: audit-no_python.patch
Patch2: audit-disable-syscall-contexts.patch
Patch3: audit-auparse_missing_return.patch
Patch0: audit-no_python.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version}-%{release}
PreReq: %insserv_prereq %fillup_prereq
@ -68,6 +65,21 @@ libraries.
Authors:
--------
Steve Grubb <sgrubb@redhat.com>
%package audispd-plugins
Summary: Default plugins for the audit dispatcher
License: GNU General Public License (GPL)
Group: System/Monitoring
%description audispd-plugins
The audit-audispd-plugins package contains plugin components for the
audit dispatcher (audispd).
Authors:
--------
Steve Grubb <sgrubb@redhat.com>
@ -75,22 +87,20 @@ Authors:
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
autoreconf -fv --install
autoreconf -iv --install
export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS"
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor
#./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_libexecdir}
pushd src/mt
make libaudit.h
popd
make
%install
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,init.d}}
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
mkdir -p $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
@ -100,18 +110,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}
# We manually install this since Makefile doesn't
install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir}
# This winds up in the wrong place when libtool is involved
# -- 11/06 -- temp disable libauparse
#rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so
#ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
#ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
#mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
#rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la
# --
rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so
# Link points to real /lib not buildroot /lib
rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so
ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir}
rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la
ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd
# delete redhat script, use ours
@ -125,6 +128,8 @@ touch $RPM_BUILD_ROOT/var/log/audit/audit.log
# for %ghost below, so that old location files will still be there when
# %post copy runs
touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
%clean
rm -rf $RPM_BUILD_ROOT
@ -155,28 +160,34 @@ fi
%files libs
%defattr(-,root,root)
/%{_lib}/libaudit.*
#/%{_lib}/libauparse.*
/%{_lib}/libauparse.*
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
%files devel
%defattr(-,root,root)
%{_libdir}/libaudit.*
#%{_libdir}/libauparse.*
%{_libdir}/libauparse.*
%{_includedir}/libaudit.h
%{_includedir}/auparse.h
%{_includedir}/auparse-defs.h
%{_mandir}/man3/*
%files
%defattr(-,root,root,-)
%doc README COPYING ChangeLog sample.rules
%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron
%{_mandir}/man8/*
%{_mandir}/man5/*
%attr(750,root,root) /sbin/auditctl
%attr(750,root,root) /sbin/auditd
%attr(750,root,root) /sbin/ausearch
%attr(755,root,root) /sbin/ausearch
%attr(750,root,root) /sbin/rcauditd
%attr(750,root,root) /sbin/autrace
%attr(750,root,root) /sbin/aureport
%attr(750,root,root) /sbin/audispd
%attr(755,root,root) /sbin/aureport
/etc/init.d/auditd
%dir %attr(750,root,root) /etc/audit
%attr(750,root,root) %dir /etc/audispd
%attr(750,root,root) %dir /etc/audispd/plugins.d
%ghost /etc/auditd.conf
%ghost /etc/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
@ -185,7 +196,9 @@ fi
%dir %attr(700,root,root) /var/log/audit
%ghost /var/log/audit/audit.log
%changelog -n audit
%changelog
* Wed May 02 2007 - tonyj@suse.de
- Upgrade to 1.5.3. Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig
* Wed Nov 29 2006 - tonyj@suse.de
- Upgrade to 1.2.9 (drop several patches which are now upstream)
- Move to using /etc/audit directory for config files

3
auditd.init
View File

@ -98,9 +98,6 @@ rc_reset
case "$1" in
start)
echo -n "Starting auditd "
if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then
EXTRAOPTIONS="$EXTRAOPTIONS -n"
fi
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
startproc $AUDITD_BIN $EXTRAOPTIONS

4
auditd.sysconfig
View File

@ -29,7 +29,3 @@ AUDITD_CLEAN_STOP="yes"
#
## Type: yesno
## Default: yes
#
# This option disables syscall auditing by default. This can also be
# accomplished by auditctl -e.
AUDITD_DISABLE_CONTEXTS="yes"