forked from pool/audit
Compare commits
8 Commits
Author | SHA256 | Date | |
---|---|---|---|
|
a74a4e8524 | ||
|
239d018a6e | ||
|
757054e43f | ||
|
1878dbbb84 | ||
|
66d350687b | ||
90ef868a13 | |||
|
3f0a4c9486 | ||
|
42402f11b7 |
BIN
audit-3.1.1.tar.gz
(Stored with Git LFS)
BIN
audit-3.1.1.tar.gz
(Stored with Git LFS)
Binary file not shown.
3
audit-4.0.tar.gz
Normal file
3
audit-4.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bf422d4126ab77a92a4c3ac39de5473f278dc3de35724d2518a48c7be15d54d8
|
||||
size 1179876
|
@ -11,15 +11,13 @@ SUSE since we lack the ability to use a custom stop/restart
|
||||
init.d/auditd.service | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
Index: audit-3.0.9/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.service
|
||||
+++ audit-3.0.9/init.d/auditd.service
|
||||
@@ -11,7 +11,6 @@ After=local-fs.target systemd-tmpfiles-s
|
||||
--- a/init.d/auditd.service
|
||||
+++ b/init.d/auditd.service
|
||||
@@ -14,7 +14,6 @@ After=local-fs.target systemd-tmpfiles-s
|
||||
Before=sysinit.target shutdown.target
|
||||
##Before=shutdown.target
|
||||
Conflicts=shutdown.target
|
||||
-RefuseManualStop=yes
|
||||
ConditionKernelCommandLine=!audit=0
|
||||
ConditionKernelCommandLine=!audit=off
|
||||
|
||||
Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
|
||||
|
||||
|
@ -1,3 +1,89 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 4 16:06:06 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Update audit.spec (bsc#1231236):
|
||||
* add requirement for 'awk' package
|
||||
* move some %post logic from audit to audit-rules
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 2 11:15:07 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Readd audit-allow-manual-stop.patch (removed by mistake)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 1 14:43:13 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Fix plugin termination when using systemd service units (bsc#1215377)
|
||||
* add auditd.service-fix-plugin-termination.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 26 16:51:29 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Update audit-secondary.spec:
|
||||
* Add "Requires: audit-rules" for audit package
|
||||
* Remove preun/postun handling of audit-rules.service
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 17 18:23:15 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Update to 4.0
|
||||
- Drop python2 support
|
||||
- Drop auvirt and autrace programs
|
||||
- Drop SysVinit support
|
||||
- Require the use of the 5.0 or later kernel headers
|
||||
- New README.md file
|
||||
- Rewrite legacy service functions in terms of systemctl
|
||||
- Consolidate and update end of event detection to a common function
|
||||
- Split off rule loading from auditd.service into audit-rules.service
|
||||
- Refactor libaudit.h to split out logging functions and record numbers
|
||||
- Speed up aureport --summary reports
|
||||
- Limit libaudit python bindings to logging functions
|
||||
- Add a metrics function for auparse
|
||||
- Change auditctl to use pidfd_send_signal for signaling auditd
|
||||
- Adjust watches to optimize syscalls hooked when watch file access
|
||||
- Drop nispom rules
|
||||
- Add intepretations for fsconfig, fsopen, fsmount, & move_mount
|
||||
- Many code fixups (cgzones)
|
||||
- Update syscall and interpretation tables to the 6.8 kernel
|
||||
(from v3.1.2)
|
||||
- When processing a run level change, make auditd exit
|
||||
- In auditd, fix return code when rules added in immutable mode
|
||||
- In auparse, when files are given, also consider EUID for access
|
||||
- Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
|
||||
- Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
|
||||
- Update all lookup tables for the 6.5 kernel
|
||||
- Don't be as paranoid about auditctl -R file permissions
|
||||
- In ausearch, correct subject/object search to be an and if both are given
|
||||
- Adjust formats for 64 bit time_t
|
||||
- Fix segfault in python bindings around the feed API
|
||||
- Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
|
||||
|
||||
- Update spec:
|
||||
* Move rules-related files into new subpackage `audit-rules':
|
||||
* Files moved:
|
||||
- /sbin/auditctl, /sbin/augenrules,
|
||||
/etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules}
|
||||
- manpages for auditctl, augenrules, and audit.rules
|
||||
- /etc/audit is now owned by `audit-rules' as well
|
||||
* Add new file /usr/lib/systemd/system/audit-rules.service
|
||||
* Remove in-house create-augenrules-service.patch that generated
|
||||
augenrules.service systemd unit service
|
||||
* Remove ownership of /usr/share/audit
|
||||
* Create /usr/share/audit-rules directory on %install
|
||||
* Remove audit-userspace-517-compat.patch (fixed upstream)
|
||||
* Remove libev-werror.patch (fixed upstream)
|
||||
* Remove audit-allow-manual-stop.patch (fixed upstream)
|
||||
* Add fix-auparse-test.patch (downstream):
|
||||
Upstream tests uses a static value (42) for 'gdm' uid/gid (based
|
||||
on Fedora values, apparently). Replace these occurrences with
|
||||
'unknown(123456)'
|
||||
* Replace '--with-python' with '--with-python3' on %configure
|
||||
* Remove autrace and auvirt references (upstream)
|
||||
* Replace README with README.md
|
||||
- Drop `--enable-systemd' from %configure as SysV-style scripts
|
||||
aren't supported in upstream since
|
||||
113ae191758c ("Drop support for SysVinit")
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 5 08:50:50 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
||||
# The seperation is required to minimize unnecessary build cycles.
|
||||
%define _name audit
|
||||
Name: audit-secondary
|
||||
Version: 3.1.1
|
||||
Version: 4.0
|
||||
Release: 0
|
||||
Summary: Linux kernel audit subsystem utilities
|
||||
License: GPL-2.0-or-later
|
||||
@ -32,16 +32,15 @@ Source0: https://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.g
|
||||
Source1: system-group-audit.conf
|
||||
Patch1: audit-plugins-path.patch
|
||||
Patch2: audit-no-gss.patch
|
||||
Patch3: audit-allow-manual-stop.patch
|
||||
Patch4: audit-ausearch-do-not-require-tclass.patch
|
||||
Patch5: change-default-log_group.patch
|
||||
Patch6: libev-werror.patch
|
||||
Patch7: harden_auditd.service.patch
|
||||
Patch8: change-default-log_format.patch
|
||||
Patch9: fix-hardened-service.patch
|
||||
Patch10: enable-stop-rules.patch
|
||||
Patch11: create-augenrules-service.patch
|
||||
Patch12: audit-userspace-517-compat.patch
|
||||
Patch3: audit-ausearch-do-not-require-tclass.patch
|
||||
Patch4: change-default-log_group.patch
|
||||
Patch5: harden_auditd.service.patch
|
||||
Patch6: change-default-log_format.patch
|
||||
Patch7: fix-hardened-service.patch
|
||||
Patch8: enable-stop-rules.patch
|
||||
Patch9: fix-auparse-test.patch
|
||||
Patch10: auditd.service-fix-plugin-termination.patch
|
||||
Patch11: audit-allow-manual-stop.patch
|
||||
BuildRequires: audit-devel = %{version}
|
||||
BuildRequires: autoconf >= 2.12
|
||||
BuildRequires: kernel-headers >= 2.6.30
|
||||
@ -71,6 +70,7 @@ Summary: User Space Tools for Kernel Auditing
|
||||
License: LGPL-2.1-or-later
|
||||
Group: System/Monitoring
|
||||
Requires: %{_name}-libs = %{version}
|
||||
Requires: %{_name}-rules = %{version}
|
||||
Requires: coreutils
|
||||
Requires: group(audit)
|
||||
%{?systemd_ordering}
|
||||
@ -80,10 +80,20 @@ The audit package contains the user space utilities for storing and
|
||||
processing the audit records generated by the audit subsystem in the
|
||||
Linux kernel.
|
||||
|
||||
%package -n audit-rules
|
||||
Summary: Rules and utilities for audit
|
||||
License: LGPL-2.1-or-later
|
||||
Requires: gawk
|
||||
Recommends: audit = %{version}-%{release}
|
||||
|
||||
%description -n audit-rules
|
||||
The audit rules package contains the rules and utilities to load audit rules.
|
||||
|
||||
%package -n system-group-audit
|
||||
Summary: System group 'audit'
|
||||
License: LGPL-2.1-or-later
|
||||
Group: System/Fhs
|
||||
BuildArch: noarch
|
||||
%sysusers_requires
|
||||
|
||||
%description -n system-group-audit
|
||||
@ -148,7 +158,6 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
%ifarch arm
|
||||
--with-arm \
|
||||
%endif
|
||||
--enable-systemd \
|
||||
--libexecdir=%{_libexecdir}/%{_name} \
|
||||
--with-apparmor \
|
||||
--with-libwrap \
|
||||
@ -162,7 +171,8 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
%sysusers_generate_pre %{SOURCE1} audit system-group-audit.conf
|
||||
|
||||
%install
|
||||
%make_install
|
||||
# Set $PYTHON3 here so py-compile works correctly on distros that doesn't ship /usr/bin/python
|
||||
%make_install PYTHON3=$(realpath %__python3)
|
||||
|
||||
mkdir -p %{buildroot}%{_localstatedir}/log/audit/
|
||||
touch %{buildroot}%{_localstatedir}/log/audit/audit.log
|
||||
@ -173,7 +183,8 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/
|
||||
# post copy runs
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/rules.d/
|
||||
touch %{buildroot}%{_sysconfdir}/{auditd.conf,audit.rules} %{buildroot}%{_sysconfdir}/audit/auditd.conf
|
||||
mkdir -p %{buildroot}%{_datadir}/%{_name}-rules
|
||||
touch %{buildroot}%{_sysconfdir}/audit/{auditd.conf,audit.rules}
|
||||
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
||||
touch -r ./audit.spec %{buildroot}%{_sysconfdir}/libaudit.conf
|
||||
# Starting with audit 2.5 no config is installed so start with no rules
|
||||
@ -201,7 +212,7 @@ rm -rf %{buildroot}/%{_mandir}/man3
|
||||
#USR-MERGE
|
||||
%if 0%{?suse_version} < 1550
|
||||
mkdir %{buildroot}/sbin/
|
||||
for prog in auditctl auditd ausearch autrace aureport augenrules; do
|
||||
for prog in auditctl auditd ausearch aureport augenrules; do
|
||||
ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog
|
||||
done
|
||||
%endif
|
||||
@ -211,95 +222,119 @@ done
|
||||
ln -s service %{buildroot}%{_sbindir}/rcauditd
|
||||
%endif
|
||||
chmod 0644 %{buildroot}%{_unitdir}/auditd.service
|
||||
chmod 0644 %{buildroot}%{_unitdir}/augenrules.service
|
||||
|
||||
%check
|
||||
%make_build check
|
||||
|
||||
%post -n audit
|
||||
# Save existing audit files if any (from old locations)
|
||||
# Save existing auditd.conf if any (from old locations)
|
||||
if [ -f %{_sysconfdir}/auditd.conf ]; then
|
||||
mv %{_sysconfdir}/audit/auditd.conf %{_sysconfdir}/audit/auditd.conf.new
|
||||
mv %{_sysconfdir}/auditd.conf %{_sysconfdir}/audit/auditd.conf
|
||||
fi
|
||||
if [ -f %{_sysconfdir}/audit.rules ]; then
|
||||
mv %{_sysconfdir}/audit.rules %{_sysconfdir}/audit/audit.rules
|
||||
elif [ ! -f %{_sysconfdir}/audit/audit.rules ]; then
|
||||
cp %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules
|
||||
fi
|
||||
%service_add_post auditd.service
|
||||
%service_add_post augenrules.service
|
||||
|
||||
%post -n audit-rules
|
||||
if [ -f %{_sysconfdir}/audit.rules ]; then
|
||||
# If /etc/audit.rules exists, move into the expected default place /etc/audit/audit.rules.
|
||||
mv %{_sysconfdir}/audit.rules %{_sysconfdir}/%{_name}/audit.rules
|
||||
else
|
||||
# We only expect /etc/audit/audit.rules to exist. If it doesn't, augenrules --load will create
|
||||
# it with the rules in /etc/audit/rules.d.
|
||||
#
|
||||
# If /etc/audit/rules.d is empty, copy the default rules file (no-rules).
|
||||
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
|
||||
if [ "$files" -eq 0 ] ; then
|
||||
touch %{_sysconfdir}/%{_name}/audit.rules
|
||||
install -m 0600 %{_datadir}/audit-rules/10-no-audit.rules %{_sysconfdir}/%{_name}/rules.d/audit.rules
|
||||
# Make the new rules active
|
||||
fi
|
||||
augenrules --load
|
||||
fi
|
||||
%service_add_post audit-rules.service
|
||||
|
||||
%pre -n audit
|
||||
%service_add_pre auditd.service
|
||||
%service_add_pre augenrules.service
|
||||
|
||||
%pre -n audit-rules
|
||||
%service_add_pre audit-rules.service
|
||||
|
||||
%pre -n system-group-audit -f audit.pre
|
||||
|
||||
%preun -n audit
|
||||
%service_del_preun auditd.service
|
||||
%service_del_preun augenrules.service
|
||||
|
||||
%preun -n audit-rules
|
||||
# If uninstalling, delete the rules loaded in the kernel
|
||||
if [ $1 -eq 0 ]; then
|
||||
auditctl -D > /dev/null 2>&1
|
||||
fi
|
||||
%service_del_preun audit-rules.service
|
||||
|
||||
%postun -n audit
|
||||
%service_del_postun auditd.service
|
||||
%service_del_postun augenrules.service
|
||||
|
||||
%postun -n audit-rules
|
||||
%service_del_postun audit-rules.service
|
||||
|
||||
%files -n audit
|
||||
%license COPYING
|
||||
%doc README ChangeLog init.d/auditd.cron
|
||||
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
|
||||
%doc README.md ChangeLog init.d/auditd.cron
|
||||
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
|
||||
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
|
||||
%if 0%{?suse_version} < 1550
|
||||
/sbin/auditctl
|
||||
/sbin/auditd
|
||||
/sbin/ausearch
|
||||
/sbin/autrace
|
||||
/sbin/augenrules
|
||||
/sbin/aureport
|
||||
%endif
|
||||
%attr(750,root,root) %{_sbindir}/auditctl
|
||||
%attr(750,root,root) %{_sbindir}/auditd
|
||||
%attr(755,root,root) %{_sbindir}/ausearch
|
||||
%attr(750,root,root) %{_sbindir}/autrace
|
||||
%attr(750,root,root) %{_sbindir}/augenrules
|
||||
%attr(750,root,root) %{_sbindir}/audisp-syslog
|
||||
%attr(755,root,root) %{_bindir}/aulast
|
||||
%attr(755,root,root) %{_bindir}/aulastlog
|
||||
%attr(755,root,root) %{_bindir}/ausyscall
|
||||
%attr(755,root,root) %{_sbindir}/aureport
|
||||
%attr(755,root,root) %{_sbindir}/audisp-af_unix
|
||||
%attr(755,root,root) %{_bindir}/auvirt
|
||||
%dir %attr(750,root,root) %{_sysconfdir}/audit
|
||||
%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
|
||||
%dir %attr(750,root,root) %{_sysconfdir}/audit/plugins.d
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/af_unix.conf
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/syslog.conf
|
||||
%ghost %{_sysconfdir}/auditd.conf
|
||||
%ghost %{_sysconfdir}/audit.rules
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf
|
||||
%dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
|
||||
%dir %attr(750,root,audit) %{_localstatedir}/log/audit
|
||||
%ghost %config(noreplace) %attr(640,root,audit) %{_localstatedir}/log/audit/audit.log
|
||||
%dir %attr(700,root,root) %{_localstatedir}/spool/audit
|
||||
%{_unitdir}/auditd.service
|
||||
%{_unitdir}/augenrules.service
|
||||
%if 0%{?suse_version} < 1550
|
||||
%{_sbindir}/rcauditd
|
||||
%endif
|
||||
%{_datadir}/audit/
|
||||
|
||||
%files -n audit-rules
|
||||
%dir %attr(755,root,root) %{_datadir}/audit-rules
|
||||
%attr(644,root,root) %{_datadir}/audit-rules/*
|
||||
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
|
||||
%if 0%{?suse_version} < 1550
|
||||
/sbin/auditctl
|
||||
/sbin/augenrules
|
||||
%endif
|
||||
%attr(750,root,root) %{_sbindir}/auditctl
|
||||
%attr(750,root,root) %{_sbindir}/augenrules
|
||||
%attr(644,root,root) %{_unitdir}/audit-rules.service
|
||||
%dir %attr(750,root,root) %{_sysconfdir}/audit
|
||||
%ghost %{_sysconfdir}/audit.rules
|
||||
%dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d
|
||||
%ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
|
||||
%ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit.rules
|
||||
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
|
||||
|
||||
%files -n system-group-audit
|
||||
%{_sysusersdir}/system-group-audit.conf
|
||||
@ -308,12 +343,13 @@ fi
|
||||
%files -n python2-audit
|
||||
%attr(755,root,root) %{python2_sitearch}/_audit.so
|
||||
%attr(755,root,root) %{python2_sitearch}/auparse.so
|
||||
%{python2_sitearch}/audit.py*
|
||||
%attr(644,root,root) %{python2_sitearch}/audit.py*
|
||||
%endif
|
||||
|
||||
%if %{with python3}
|
||||
%files -n python3-audit
|
||||
%attr(755,root,root) %{python3_sitearch}/*
|
||||
%attr(644,root,root) %{python3_sitearch}/audit.py*
|
||||
%endif
|
||||
|
||||
%files -n audit-audispd-plugins
|
||||
|
@ -1,38 +0,0 @@
|
||||
From: Sergei Trofimovich <slyich@gmail.com>
|
||||
Date: Wed, 23 Mar 2022 07:27:05 +0000
|
||||
Subject: [PATCH] auditswig.i: avoid setter generation for audit_rule_data::buf
|
||||
References: https://github.com/linux-audit/audit-userspace/issues/252
|
||||
Git-commit: https://github.com/linux-audit/audit-userspace/pull/253/commits/beed138222421a2eb4212d83cb889404bd7efc49
|
||||
Git-repo: [if different from https://github.com/linux-audit/audit-userspace.git]
|
||||
Patch-mainline: submitted for review upstream
|
||||
|
||||
As it's a flexible array generated code was never safe to use.
|
||||
With kernel's https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed98ea2128b6fd83bce13716edf8f5fe6c47f574
|
||||
change it's a build failure now:
|
||||
|
||||
audit> audit_wrap.c:5010:15: error: invalid use of flexible array member
|
||||
audit> 5010 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
|
||||
audit> | ^
|
||||
|
||||
Let's avoid setter generation entirely.
|
||||
|
||||
Closes: https://github.com/linux-audit/audit-userspace/issues/252
|
||||
---
|
||||
bindings/swig/src/auditswig.i | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
|
||||
index 21aafca31..9a2c5661d 100644
|
||||
--- a/bindings/swig/src/auditswig.i
|
||||
+++ b/bindings/swig/src/auditswig.i
|
||||
@@ -39,6 +39,10 @@ signed
|
||||
#define __attribute(X) /*nothing*/
|
||||
typedef unsigned __u32;
|
||||
typedef unsigned uid_t;
|
||||
+/* Sidestep SWIG's limitation of handling c99 Flexible arrays by not:
|
||||
+ * generating setters against them: https://github.com/swig/swig/issues/1699
|
||||
+ */
|
||||
+%ignore audit_rule_data::buf;
|
||||
%include "/usr/include/linux/audit.h"
|
||||
#define __extension__ /*nothing*/
|
||||
%include <stdint.i>
|
@ -1,3 +1,52 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 4 16:04:56 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Update audit.spec: add requirement for 'awk' package (bsc#1231236)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 17 18:20:58 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
|
||||
|
||||
- Update to 4.0
|
||||
- Drop python2 support
|
||||
- Drop auvirt and autrace programs
|
||||
- Drop SysVinit support
|
||||
- Require the use of the 5.0 or later kernel headers
|
||||
- New README.md file
|
||||
- Rewrite legacy service functions in terms of systemctl
|
||||
- Consolidate and update end of event detection to a common function
|
||||
- Split off rule loading from auditd.service into audit-rules.service
|
||||
- Refactor libaudit.h to split out logging functions and record numbers
|
||||
- Speed up aureport --summary reports
|
||||
- Limit libaudit python bindings to logging functions
|
||||
- Add a metrics function for auparse
|
||||
- Change auditctl to use pidfd_send_signal for signaling auditd
|
||||
- Adjust watches to optimize syscalls hooked when watch file access
|
||||
- Drop nispom rules
|
||||
- Add intepretations for fsconfig, fsopen, fsmount, & move_mount
|
||||
- Many code fixups (cgzones)
|
||||
- Update syscall and interpretation tables to the 6.8 kernel
|
||||
(from v3.1.2)
|
||||
- When processing a run level change, make auditd exit
|
||||
- In auditd, fix return code when rules added in immutable mode
|
||||
- In auparse, when files are given, also consider EUID for access
|
||||
- Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
|
||||
- Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
|
||||
- Update all lookup tables for the 6.5 kernel
|
||||
- Don't be as paranoid about auditctl -R file permissions
|
||||
- In ausearch, correct subject/object search to be an and if both are given
|
||||
- Adjust formats for 64 bit time_t
|
||||
- Fix segfault in python bindings around the feed API
|
||||
- Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
|
||||
|
||||
- Update spec:
|
||||
* Add fix-auparse-test.patch (downstream):
|
||||
Upstream tests uses a static value (42) for 'gdm' uid/gid (based
|
||||
on Fedora values, apparently). Replace these occurrences with
|
||||
'unknown(123456)'
|
||||
* Replace '--with-python' with '--with-python3' on %configure
|
||||
* Add new headers 'audit_logging.h' and 'audit-records.h' for
|
||||
audit-devel
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 3 08:33:52 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
|
||||
|
||||
|
@ -23,7 +23,7 @@
|
||||
%endif
|
||||
|
||||
Name: audit
|
||||
Version: 3.1.1
|
||||
Version: 4.0
|
||||
Release: 0
|
||||
Summary: Linux kernel audit subsystem utilities
|
||||
License: GPL-2.0-or-later
|
||||
@ -33,11 +33,13 @@ Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
||||
Source1: baselibs.conf
|
||||
Source2: README-BEFORE-ADDING-PATCHES
|
||||
Patch0: change-default-log_group.patch
|
||||
Patch1: fix-auparse-test.patch
|
||||
BuildRequires: autoconf >= 2.12
|
||||
BuildRequires: kernel-headers >= 2.6.30
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: tcpd-devel
|
||||
Requires: gawk
|
||||
Requires: libaudit1 = %{version}
|
||||
Requires: libauparse0 = %{version}
|
||||
Provides: bundled(libev) = 4.33
|
||||
@ -98,12 +100,11 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
%ifarch arm
|
||||
--with-arm \
|
||||
%endif
|
||||
--enable-systemd \
|
||||
--libexecdir=%{_libexecdir}/%{name} \
|
||||
--with-apparmor \
|
||||
--with-libcap-ng=no \
|
||||
--disable-static \
|
||||
--with-python=no \
|
||||
--with-python3=no \
|
||||
--disable-zos-remote
|
||||
|
||||
%make_build -C common
|
||||
@ -178,6 +179,8 @@ find %{buildroot} -type f -name "*.la" -delete -print
|
||||
%{_libdir}/libaudit.so
|
||||
%{_libdir}/libauparse.so
|
||||
%{_includedir}/libaudit.h
|
||||
%{_includedir}/audit_logging.h
|
||||
%{_includedir}/audit-records.h
|
||||
%{_includedir}/auparse.h
|
||||
%{_includedir}/auparse-defs.h
|
||||
%{_mandir}/man3/*
|
||||
|
14
auditd.service-fix-plugin-termination.patch
Normal file
14
auditd.service-fix-plugin-termination.patch
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
init.d/auditd.service | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/init.d/auditd.service
|
||||
+++ b/init.d/auditd.service
|
||||
@@ -29,6 +29,7 @@ ExecStopPost=/sbin/auditctl -R /etc/audi
|
||||
Restart=on-failure
|
||||
# Do not restart for intentional exits. See EXIT CODES section in auditd(8).
|
||||
RestartPreventExitStatus=2 4 6
|
||||
+KillMode=mixed
|
||||
|
||||
### Security Settings ###
|
||||
MemoryDenyWriteExecute=true
|
@ -1,97 +0,0 @@
|
||||
Index: audit-3.1.1/init.d/augenrules.service
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ audit-3.1.1/init.d/augenrules.service
|
||||
@@ -0,0 +1,29 @@
|
||||
+[Unit]
|
||||
+Description=auditd rules generation
|
||||
+After=auditd.service
|
||||
+Documentation=man:augenrules(8)
|
||||
+
|
||||
+[Service]
|
||||
+Type=oneshot
|
||||
+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
||||
+ExecStart=/sbin/augenrules --load
|
||||
+# We need RemainAfterExit=true so augenrules is called again
|
||||
+# in case auditd.service is restarted.
|
||||
+RemainAfterExit=true
|
||||
+
|
||||
+### Security Settings ###
|
||||
+MemoryDenyWriteExecute=true
|
||||
+LockPersonality=true
|
||||
+ProtectControlGroups=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectHome=true
|
||||
+RestrictRealtime=true
|
||||
+# for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectSystem=full
|
||||
+PrivateDevices=true
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelLogs=true
|
||||
+ReadWritePaths=/etc/audit
|
||||
Index: audit-3.1.1/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.1.1.orig/init.d/auditd.service
|
||||
+++ audit-3.1.1/init.d/auditd.service
|
||||
@@ -15,15 +15,16 @@ ConditionKernelCommandLine=!audit=0
|
||||
ConditionKernelCommandLine=!audit=off
|
||||
|
||||
Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
|
||||
+Requires=augenrules.service
|
||||
+# This unit clears rules on stop, so make sure that augenrules runs again
|
||||
+PropagatesStopTo=augenrules.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/auditd.pid
|
||||
ExecStart=/sbin/auditd
|
||||
-## To not use augenrules, copy this file to /etc/systemd/system/auditd.service
|
||||
-## and comment/delete the next line and uncomment the auditctl line.
|
||||
-## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
||||
-ExecStartPost=-/sbin/augenrules --load
|
||||
+## To not use augenrules: copy this file to /etc/systemd/system/auditd.service,
|
||||
+## uncomment the next line, and comment the Requires=augenrules.service above.
|
||||
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
||||
# By default we clear the rules on exit. To disable this, comment
|
||||
# the next line after copying the file to /etc/systemd/system/auditd.service
|
||||
@@ -47,7 +48,6 @@ ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelLogs=true
|
||||
# end of automatic additions
|
||||
-ReadWritePaths=/etc/audit
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Index: audit-3.1.1/init.d/Makefile.am
|
||||
===================================================================
|
||||
--- audit-3.1.1.orig/init.d/Makefile.am
|
||||
+++ audit-3.1.1/init.d/Makefile.am
|
||||
@@ -26,7 +26,8 @@ EXTRA_DIST = auditd.init auditd.service
|
||||
auditd.cron libaudit.conf auditd.condrestart \
|
||||
auditd.reload auditd.restart auditd.resume \
|
||||
auditd.rotate auditd.state auditd.stop \
|
||||
- audit-stop.rules augenrules audit-functions
|
||||
+ audit-stop.rules augenrules audit-functions \
|
||||
+ augenrules.service
|
||||
libconfig = libaudit.conf
|
||||
if ENABLE_SYSTEMD
|
||||
initdir = /usr/lib/systemd/system
|
||||
@@ -54,6 +55,7 @@ if ENABLE_SYSTEMD
|
||||
mkdir -p ${DESTDIR}${legacydir}
|
||||
mkdir -p ${DESTDIR}${libexecdir}
|
||||
$(INSTALL_SCRIPT) -D -m 644 ${srcdir}/auditd.service ${DESTDIR}${initdir}
|
||||
+ $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/augenrules.service ${DESTDIR}${initdir}
|
||||
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate ${DESTDIR}${legacydir}/rotate
|
||||
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume ${DESTDIR}${legacydir}/resume
|
||||
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.reload ${DESTDIR}${legacydir}/reload
|
||||
@@ -72,6 +74,7 @@ uninstall-hook:
|
||||
rm ${DESTDIR}${sysconfdir}/${libconfig}
|
||||
if ENABLE_SYSTEMD
|
||||
rm ${DESTDIR}${initdir}/auditd.service
|
||||
+ rm ${DESTDIR}${initdir}/augenrules.service
|
||||
rm ${DESTDIR}${legacydir}/rotate
|
||||
rm ${DESTDIR}${legacydir}/resume
|
||||
rm ${DESTDIR}${legacydir}/reload
|
@ -11,18 +11,19 @@ Disable audit when auditd.service stops, so kauditd stops logging/running.
|
||||
|
||||
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
||||
|
||||
Index: audit-3.0.9/init.d/auditd.service
|
||||
===================================================================
|
||||
--- audit-3.0.9.orig/init.d/auditd.service
|
||||
+++ audit-3.0.9/init.d/auditd.service
|
||||
@@ -25,9 +25,9 @@ ExecStart=/sbin/auditd
|
||||
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
||||
ExecStartPost=-/sbin/augenrules --load
|
||||
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
||||
-# By default we don't clear the rules on exit. To enable this, uncomment
|
||||
---
|
||||
init.d/auditd.service | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
--- a/init.d/auditd.service
|
||||
+++ b/init.d/auditd.service
|
||||
@@ -22,6 +22,10 @@ Documentation=man:auditd(8) https://gith
|
||||
Type=forking
|
||||
PIDFile=/run/auditd.pid
|
||||
ExecStart=/sbin/auditd
|
||||
+ExecStartPost=-/sbin/augenrules --load
|
||||
+# By default we clear the rules on exit. To disable this, comment
|
||||
# the next line after copying the file to /etc/systemd/system/auditd.service
|
||||
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
||||
+# the next line after copying the file to /etc/systemd/system/auditd.service
|
||||
+ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
|
||||
Restart=on-failure
|
||||
# Do not restart for intentional exits. See EXIT CODES section in auditd(8).
|
||||
|
223
fix-auparse-test.patch
Normal file
223
fix-auparse-test.patch
Normal file
@ -0,0 +1,223 @@
|
||||
---
|
||||
auparse/test/auparse_test.c | 2 +-
|
||||
auparse/test/auparse_test.py | 2 +-
|
||||
auparse/test/auparse_test.ref | 18 +++++++++---------
|
||||
auparse/test/auparse_test.ref.py | 18 +++++++++---------
|
||||
auparse/test/test.log | 4 ++--
|
||||
auparse/test/test2.log | 4 ++--
|
||||
6 files changed, 24 insertions(+), 24 deletions(-)
|
||||
|
||||
--- a/auparse/test/auparse_test.c
|
||||
+++ b/auparse/test/auparse_test.c
|
||||
@@ -162,7 +162,7 @@ void compound_search(ausearch_rule_t how
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
- if (ausearch_add_item(au, "auid", "=", "42",
|
||||
+ if (ausearch_add_item(au, "auid", "=", "123456",
|
||||
AUSEARCH_RULE_CLEAR)){
|
||||
printf("ausearch_add_item 4 error - %s\n",
|
||||
strerror(errno));
|
||||
--- a/auparse/test/auparse_test.py
|
||||
+++ b/auparse/test/auparse_test.py
|
||||
@@ -112,7 +112,7 @@ def compound_search(au, how):
|
||||
au.search_add_item("pid", "=", "13015", how)
|
||||
au.search_add_item("type", "=", "USER_START", how)
|
||||
else:
|
||||
- au.search_add_item("auid", "=", "42", auparse.AUSEARCH_RULE_CLEAR)
|
||||
+ au.search_add_item("auid", "=", "123456", auparse.AUSEARCH_RULE_CLEAR)
|
||||
# should stop on this one
|
||||
au.search_add_item("auid", "=", "0", how)
|
||||
au.search_add_item("auid", "=", "500", how)
|
||||
--- a/auparse/test/auparse_test.ref
|
||||
+++ b/auparse/test/auparse_test.ref
|
||||
@@ -188,7 +188,7 @@ event 4 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -209,7 +209,7 @@ event 4 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
@@ -389,7 +389,7 @@ event 4 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -410,7 +410,7 @@ event 4 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
@@ -587,7 +587,7 @@ event 11 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -608,7 +608,7 @@ event 11 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
@@ -699,7 +699,7 @@ Test 6 Done
|
||||
|
||||
Starting Test 7, compound search...
|
||||
Found type = USER_START
|
||||
-Found auid = 42
|
||||
+Found auid = 123456
|
||||
Test 7 Done
|
||||
|
||||
Starting Test 8, regex search...
|
||||
@@ -874,7 +874,7 @@ event 4 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -895,7 +895,7 @@ event 4 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
--- a/auparse/test/auparse_test.ref.py
|
||||
+++ b/auparse/test/auparse_test.ref.py
|
||||
@@ -180,7 +180,7 @@ event 4 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -201,7 +201,7 @@ event 4 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
@@ -381,7 +381,7 @@ event 4 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -402,7 +402,7 @@ event 4 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
@@ -579,7 +579,7 @@ event 11 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -600,7 +600,7 @@ event 11 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
@@ -691,7 +691,7 @@ Test 6 Done
|
||||
|
||||
Starting Test 7, compound search...
|
||||
Found type = USER_START
|
||||
-Found auid = 42
|
||||
+Found auid = 123456
|
||||
Test 7 Done
|
||||
|
||||
Starting Test 8, regex search...
|
||||
@@ -864,7 +864,7 @@ event 4 has 3 records
|
||||
uid=0 (root)
|
||||
subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
|
||||
old-auid=4294967295 (unset)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
tty=(none) ((none))
|
||||
old-ses=4294967295 (4294967295)
|
||||
ses=1 (1)
|
||||
@@ -885,7 +885,7 @@ event 4 has 3 records
|
||||
items=0 (0)
|
||||
ppid=1 (1)
|
||||
pid=2288 (2288)
|
||||
- auid=42 (gdm)
|
||||
+ auid=123456 (unknown(123456))
|
||||
uid=0 (root)
|
||||
gid=0 (root)
|
||||
euid=0 (root)
|
||||
--- a/auparse/test/test2.log
|
||||
+++ b/auparse/test/test2.log
|
||||
@@ -4,8 +4,8 @@ type=CWD msg=audit(1170021493.977:283):
|
||||
type=PATH msg=audit(1170021493.977:283): item=0 name="maildrop" inode=14911367 dev=03:07 mode=040730 ouid=890 ogid=891 rdev=00:00 obj=system_u:object_r:postfix_spool_maildrop_t:s0
|
||||
type=USER_ACCT msg=audit(1170021601.340:284): user pid=13015 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
|
||||
type=CRED_ACQ msg=audit(1170021601.342:285): user pid=13015 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
|
||||
-type=LOGIN msg=audit(1170021601.343:286): pid=2288 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=42 tty=(none) old-ses=4294967295 ses=1 res=1
|
||||
-type=SYSCALL msg=audit(1170021601.343:286): arch=c000003e syscall=1 success=yes exit=2 a0=8 a1=7fffa7aede20 a2=2 a3=0 items=0 ppid=1 pid=2288 auid=42 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
|
||||
+type=LOGIN msg=audit(1170021601.343:286): pid=2288 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=123456 tty=(none) old-ses=4294967295 ses=1 res=1
|
||||
+type=SYSCALL msg=audit(1170021601.343:286): arch=c000003e syscall=1 success=yes exit=2 a0=8 a1=7fffa7aede20 a2=2 a3=0 items=0 ppid=1 pid=2288 auid=123456 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
|
||||
type=PROCTITLE msg=audit(1170021601.343:286): proctitle="(systemd)"
|
||||
type=USER_START msg=audit(1170021601.344:287): user pid=13015 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
|
||||
type=CRED_DISP msg=audit(1170021601.364:288): user pid=13015 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
|
||||
--- a/auparse/test/test.log
|
||||
+++ b/auparse/test/test.log
|
||||
@@ -4,8 +4,8 @@ type=CWD msg=audit(1170021493.977:293):
|
||||
type=PATH msg=audit(1170021493.977:293): item=0 name="maildrop" inode=14911367 dev=03:07 mode=040730 ouid=890 ogid=891 rdev=00:00 obj=system_u:object_r:postfix_spool_maildrop_t:s0
|
||||
type=USER_ACCT msg=audit(1170021601.340:294): user pid=13015 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
|
||||
type=CRED_ACQ msg=audit(1170021601.342:295): user pid=13015 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
|
||||
-type=LOGIN msg=audit(1170021601.343:296): pid=2288 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=42 tty=(none) old-ses=4294967295 ses=1 res=1
|
||||
-type=SYSCALL msg=audit(1170021601.343:296): arch=c000003e syscall=1 success=yes exit=2 a0=8 a1=7fffa7aede20 a2=2 a3=0 items=0 ppid=1 pid=2288 auid=42 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
|
||||
+type=LOGIN msg=audit(1170021601.343:296): pid=2288 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=123456 tty=(none) old-ses=4294967295 ses=1 res=1
|
||||
+type=SYSCALL msg=audit(1170021601.343:296): arch=c000003e syscall=1 success=yes exit=2 a0=8 a1=7fffa7aede20 a2=2 a3=0 items=0 ppid=1 pid=2288 auid=123456 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
|
||||
type=PROCTITLE msg=audit(1170021601.343:296): proctitle="(systemd)"
|
||||
type=USER_START msg=audit(1170021601.344:297): user pid=13015 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
|
||||
type=CRED_DISP msg=audit(1170021601.364:298): user pid=13015 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
|
@ -1,26 +0,0 @@
|
||||
From: Jan Engelhardt <jengelh@inai.de>
|
||||
Date: 2021-06-02 16:18:03.256597842 +0200
|
||||
|
||||
Cherry-pick http://cvs.schmorp.de/libev/ev_iouring.c?view=log&r1=1.25
|
||||
to fix some terrible code.
|
||||
|
||||
[ 50s] ev_iouring.c: In function 'iouring_sqe_submit':
|
||||
[ 50s] ev_iouring.c:300:1: error: no return statement in function returning non-void [-Werror=return-type]
|
||||
|
||||
---
|
||||
src/libev/ev_iouring.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: audit-3.0.1/src/libev/ev_iouring.c
|
||||
===================================================================
|
||||
--- audit-3.0.1.orig/src/libev/ev_iouring.c
|
||||
+++ audit-3.0.1/src/libev/ev_iouring.c
|
||||
@@ -287,7 +287,7 @@ iouring_sqe_get (EV_P)
|
||||
}
|
||||
|
||||
inline_size
|
||||
-struct io_uring_sqe *
|
||||
+void
|
||||
iouring_sqe_submit (EV_P_ struct io_uring_sqe *sqe)
|
||||
{
|
||||
unsigned idx = sqe - EV_SQES;
|
Loading…
Reference in New Issue
Block a user