SHA256
3
0
forked from pool/audit
OBS User unknown 2007-10-31 11:24:11 +00:00 committed by Git OBS Bridge
parent 1a1d70706a
commit d1fe1b9cec
7 changed files with 234 additions and 10 deletions

View File

@ -2,10 +2,22 @@ From: Steve Grubb <sgrubb@redhat.com>
Subject: Patches for 1.6.2
Upsteam: yes (in 1.6.3)
Misc patches for 1.6.2 audit
Misc patches for 1.6.2 audit (from Steve Grubb)
--- audit-1.6.2.orig/lib/lookup_table.c 2007-10-05 10:30:25.000000000 -0400
+++ audit-1.6.2/lib/lookup_table.c 2007-10-05 10:32:01.000000000 -0400
diff -urp audit-1.6.2.orig/audisp/audispd.c audit-1.6.2/audisp/audispd.c
--- audit-1.6.2.orig/audisp/audispd.c 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/audisp/audispd.c 2007-10-17 14:13:49.000000000 -0400
@@ -369,7 +369,6 @@ int main(int argc, char *argv[])
conf = plist_get_cur(&plugin_conf);
while (conf) {
free_pconfig(conf->p);
- free(conf->p);
conf = plist_next(&plugin_conf);
}
plist_clear(&plugin_conf);
diff -urp audit-1.6.2.orig/lib/lookup_table.c audit-1.6.2/lib/lookup_table.c
--- audit-1.6.2.orig/lib/lookup_table.c 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/lib/lookup_table.c 2007-10-17 13:56:49.000000000 -0400
@@ -483,7 +483,7 @@ int audit_name_to_msg_type(const char *m
strncpy(buf, msg_type + 8, len);
errno = 0;
@ -15,10 +27,34 @@ Misc patches for 1.6.2 audit
errno = 0;
return strtol(msg_type, NULL, 10);
}
--- audit-1.6.2.orig/src/auditd.c 2007-10-05 10:31:35.000000000 -0400
+++ audit-1.6.2/src/auditd.c 2007-10-05 10:30:04.000000000 -0400
@@ -135,8 +135,8 @@ static void distribute_event(struct audi
diff -urp audit-1.6.2.orig/lib/msg_typetab.h audit-1.6.2/lib/msg_typetab.h
--- audit-1.6.2.orig/lib/msg_typetab.h 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/lib/msg_typetab.h 2007-10-17 13:57:27.000000000 -0400
@@ -92,7 +92,7 @@ _S(AUDIT_KERNEL_OTHER, "KE
_S(AUDIT_FD_PAIR, "FD_PAIR" )
_S(AUDIT_OBJ_PID, "OBJ_PID" )
_S(AUDIT_TTY, "TTY" )
-//_S(AUDIT_EOE, "EOE" )
+_S(AUDIT_EOE, "EOE" )
_S(AUDIT_AVC, "AVC" )
_S(AUDIT_SELINUX_ERR, "SELINUX_ERR" )
_S(AUDIT_AVC_PATH, "AVC_PATH" )
diff -urp audit-1.6.2.orig/src/auditd.c audit-1.6.2/src/auditd.c
--- audit-1.6.2.orig/src/auditd.c 2007-10-17 13:56:22.000000000 -0400
+++ audit-1.6.2/src/auditd.c 2007-10-17 13:59:32.000000000 -0400
@@ -127,16 +127,18 @@ static void distribute_event(struct audi
/* End of Event is for realtime interface - skip local logging of it */
if (rep->reply.type != AUDIT_EOE) {
+ int yield = rep->reply.type <= AUDIT_LAST_DAEMON &&
+ rep->reply.type >= AUDIT_FIRST_DAEMON ? 1 : 0;
+
/* Write to local disk */
enqueue_event(rep);
- if (rep->reply.type <= AUDIT_LAST_DAEMON &&
- rep->reply.type >= AUDIT_FIRST_DAEMON)
+ if (yield)
pthread_yield(); /* Let other thread try to log it. */
}
/* Last chance to send...maybe the pipe is empty now. */

View File

@ -15,7 +15,7 @@ Name: audit-libs-python
BuildRequires: audit-devel gcc-c++ pkg-config python-devel swig
Summary: Python Bindings for libaudit
Version: 1.6.2
Release: 1
Release: 10
License: GPL v2 or later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/

167
audit-startup.patch Normal file
View File

@ -0,0 +1,167 @@
--- audit-1.6.2.orig/docs/auditd.8
+++ audit-1.6.2/docs/auditd.8
@@ -3,7 +3,7 @@
auditd \- The Linux Audit daemon
.SH SYNOPSIS
.B auditd
-.RB [ \-f ]\ [ \-l ]\ [ \-n ]
+.RB [ \-f ]\ [ \-l ]\ [ \-n ]\ [ \-s\ disable|enable|nochange ]
.SH DESCRIPTION
\fBauditd\fP is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
.B ausearch
@@ -24,6 +24,9 @@
.TP
.B \-n
no fork. This is useful for running off of inittab
+.TP
+.B \-s=\fIENABLE_STATE\fR
+specify when starting if auditd should change the current value for the kernel enabled flag. Valid values for ENABLE_STATE are "disable", "enable" or "nochange". The default is to enable (and disable when auditd terminates). The value of the enabled flag may be changed during the lifetime of auditd using 'auditctl -e'.
.SH SIGNALS
.TP
SIGHUP
--- audit-1.6.2.orig/src/auditd.c
+++ audit-1.6.2/src/auditd.c
@@ -36,6 +36,7 @@
#include <sys/wait.h>
#include <fcntl.h>
#include <pthread.h>
+#include <getopt.h>
#include "libaudit.h"
#include "auditd-config.h"
@@ -65,13 +66,19 @@
static void clean_exit(void);
static int get_reply(int fd, struct audit_reply *rep, int seq);
+enum startup_state {startup_disable=0, startup_enable, startup_nochange, startup_INVALID};
+static const char *startup_states[] = {"disable", "enable", "nochange"};
/*
* Output a usage message
*/
static void usage(void)
{
- puts("Usage: auditd [ -f -l -n ]");
+ fprintf(stderr, "Usage: auditd [-f] [-l] [-n] [-s %s|%s|%s]\n",
+ startup_states[startup_disable],
+ startup_states[startup_enable],
+ startup_states[startup_nochange]);
+
exit(2);
}
@@ -308,26 +315,56 @@
struct rlimit limit;
int hup_info_requested = 0, usr1_info_requested = 0;
int i;
+ int opt_foreground = 0, opt_allow_links = 0;
+ enum startup_state opt_startup = startup_enable;
+ int c;
+ extern char *optarg;
+ extern int optind;
/* Get params && set mode */
- config.daemonize = D_BACKGROUND;
- if (argc > 1) {
- for (i=1; i<argc; i++) {
- if (strcmp(argv[i], "-f") == 0)
- config.daemonize = D_FOREGROUND;
- else if (strcmp(argv[i], "-l") == 0)
- set_allow_links(1);
- else if (strcmp(argv[i], "-n") == 0)
- do_fork = 0;
- else
+ while ((c = getopt(argc, argv, "flns:")) != -1) {
+ switch (c) {
+ case 'f':
+ opt_foreground = 1;
+ break;
+ case 'l':
+ opt_allow_links=1;
+ break;
+ case 'n':
+ do_fork = 0;
+ break;
+ case 's':
+ for (i=0; i<startup_INVALID; i++) {
+ if (strncmp(optarg, startup_states[i],
+ strlen(optarg)) == 0) {
+ opt_startup = i;
+ break;
+ }
+ }
+ if (i == startup_INVALID) {
+ fprintf(stderr, "unknown startup mode '%s'\n",
+ optarg);
usage();
+ }
+ break;
+ default:
+ usage();
}
}
- // Make paramemters take effect
- if (config.daemonize == D_FOREGROUND)
+ /* check for trailing command line following options */
+ if (optind < argc) {
+ usage();
+ }
+
+ if (opt_allow_links)
+ set_allow_links(1);
+
+ if (opt_foreground) {
+ config.daemonize = D_FOREGROUND;
set_aumessage_mode(MSG_STDERR, DBG_YES);
- else {
+ } else {
+ config.daemonize = D_BACKGROUND;
set_aumessage_mode(MSG_SYSLOG, DBG_NO);
(void) umask( umask( 077 ) | 022 );
}
@@ -472,8 +509,9 @@
/* Now tell parent that everything went OK */
tell_parent(SUCCESS);
- /* Enable auditing just in case it was off */
- if (audit_set_enabled(fd, 1) < 0) {
+ /* Depending on value of opt_startup (-s) set initial audit state */
+ if (opt_startup != startup_nochange &&
+ audit_set_enabled(fd, (int)opt_startup) < 0) {
char emsg[DEFAULT_BUF_SZ];
snprintf(emsg, sizeof(emsg),
"auditd error halt, auid=%u pid=%d res=failed",
@@ -481,15 +519,19 @@
stop = 1;
//FIXME add subj
send_audit_event(AUDIT_DAEMON_ABORT, emsg);
- audit_msg(LOG_ERR, "Unable to enable auditing, exiting");
+ audit_msg(LOG_ERR,
+ "Unable to set intitial audit startup state to '%s', exiting",
+ startup_states[opt_startup]);
close_down();
if (pidfile)
unlink(pidfile);
shutdown_dispatcher();
return 1;
}
- audit_msg(LOG_NOTICE, "Init complete, auditd %s listening for events",
- VERSION);
+ audit_msg(LOG_NOTICE,
+ "Init complete, auditd %s listening for events (startup state %s)",
+ VERSION,
+ startup_states[opt_startup]);
/* Parent should be gone by now... */
if (do_fork)
@@ -603,6 +645,9 @@
/* Write message to log that we are going down */
int rc;
+ if (opt_startup == startup_enable) {
+ audit_set_enabled(fd, (int)startup_disable);
+ }
rc = audit_request_signal_info(fd);
if (rc > 0) {
struct audit_reply trep;

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Oct 31 07:08:38 CET 2007 - tonyj@suse.de
- Incorporate 1 more Redhat fixe post 1.6.2
- Go back to 10.2 behaviour wrt to starting in disabled state.
This time using patch submitted upstream, fix for #Bug 333739
-------------------------------------------------------------------
Wed Oct 10 23:18:24 CEST 2007 - tonyj@suse.de

View File

@ -14,7 +14,7 @@ Name: audit
BuildRequires: gcc-c++
Summary: User Space Tools for 2.6 Kernel Auditing
Version: 1.6.2
Release: 1
Release: 4
License: GPL v2 or later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
@ -24,6 +24,7 @@ Source2: auditd.sysconfig
Patch0: audit-no_sca.patch
Patch1: audit-no_python.patch
Patch2: audit-1.6.2-bugs.patch
Patch3: audit-startup.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version}-%{release}
PreReq: %insserv_prereq %fillup_prereq
@ -56,7 +57,7 @@ Authors:
%package devel
Summary: Header files and static library for libaudit
License: LGPL v2 or later
License: LGPL v2.1 or later
Group: System/Monitoring
Requires: %{name}-libs = %{version}-%{release}
@ -76,6 +77,7 @@ Authors:
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
#autoreconf -iv --install
@ -194,6 +196,10 @@ fi
%dir %attr(700,root,root) /var/log/audit
%ghost %config(noreplace) /var/log/audit/audit.log
%changelog
* Wed Oct 31 2007 - tonyj@suse.de
- Incorporate 1 more Redhat fixe post 1.6.2
- Go back to 10.2 behaviour wrt to starting in disabled state.
This time using patch submitted upstream, fix for #Bug 333739
* Wed Oct 10 2007 - tonyj@suse.de
- Upgrade to 1.6.2
Plus two bugs discovered in Fedora, will be fixed in 1.6.3

View File

@ -98,6 +98,10 @@ rc_reset
case "$1" in
start)
echo -n "Starting auditd "
if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then
EXTRAOPTIONS="$EXTRAOPTIONS -s disable"
fi
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
startproc $AUDITD_BIN $EXTRAOPTIONS

View File

@ -29,3 +29,7 @@ AUDITD_CLEAN_STOP="yes"
#
## Type: yesno
## Default: yes
#
# This option disables syscall auditing by default. This can also be
# accomplished by auditctl -e.
AUDITD_DISABLE_CONTEXTS="yes"