Browse Source

audit package update

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64bebuilder0 7 years ago
parent
commit
05b4cd2089
  1. 21
      SOURCES/audit-2.7.1-rhel7-fixup.patch
  2. 38
      SOURCES/audit-2.7.5-no-backlog-wait-time.patch
  3. 12
      SOURCES/audit-2.8.2-auparse-numeric_field.patch
  4. 141
      SOURCES/audit-2.8.2-fix-reset-lost-return.patch
  5. 76
      SOURCES/audit-2.8.2-ipv6-bind.patch
  6. 578
      SOURCES/audit-2.8.2-style-fix.patch
  7. 483
      SPECS/audit.spec

21
SOURCES/audit-2.7.1-rhel7-fixup.patch

@ -0,0 +1,21 @@ @@ -0,0 +1,21 @@
diff -urp audit-2.7.1.orig/auparse/classify.c audit-2.7.1/auparse/classify.c
--- audit-2.7.1.orig/auparse/normalize.c 2016-12-21 19:00:51.000000000 -0500
+++ audit-2.7.1/auparse/normalize.c 2016-12-22 12:22:21.259800153 -0500
@@ -241,7 +241,7 @@ static void simple_file_attr(auparse_sta
switch (type)
{
case AUDIT_PATH:
- f = auparse_find_field(au, "nametype");
+ f = auparse_find_field(au, "objtype");
if (f && strcmp(f, "PARENT") == 0) {
if (parent == 0)
parent = auparse_get_record_num(au);
@@ -280,7 +280,7 @@ static void set_file_object(auparse_stat
// Now double check that we picked the right one.
do {
- f = auparse_find_field(au, "nametype");
+ f = auparse_find_field(au, "objtype");
if (f) {
if (strcmp(f, "PARENT"))
break;

38
SOURCES/audit-2.7.5-no-backlog-wait-time.patch

@ -0,0 +1,38 @@ @@ -0,0 +1,38 @@
diff -ur audit-2.7.5.orig/docs/auditctl.8 audit-2.7.5/docs/auditctl.8
--- audit-2.7.5.orig/docs/auditctl.8 2017-04-10 10:22:22.000000000 -0400
+++ audit-2.7.5/docs/auditctl.8 2017-04-10 10:46:51.704436241 -0400
@@ -10,9 +10,6 @@
.BI \-b\ backlog
Set max number of outstanding audit buffers allowed (Kernel Default=64) If all buffers are full, the failure flag is consulted by the kernel for action.
.TP
-.BI \-\-backlog_wait_time \ \fIwait_time\fP
-Set the time for the kernel to wait (Kernel Default 60*HZ) when the backlog_limit is reached before queuing more audit events to be transferred to auditd. The number must be greater than or equal to zero and less that 10 times the default value.
-.TP
.B \-c
Continue loading rules in spite of an error. This summarizes the results of loading the rules. The exit code will not be success if any rule fails to load.
.TP
diff -ur audit-2.7.5.orig/docs/Makefile.in audit-2.7.5/docs/Makefile.in
--- audit-2.7.5.orig/docs/Makefile.in 2017-04-10 10:31:52.000000000 -0400
+++ audit-2.7.5/docs/Makefile.in 2017-04-10 10:49:12.389447484 -0400
@@ -373,7 +373,7 @@
ausearch_next_event.3 ausearch_set_stop.3 \
autrace.8 get_auditfail_action.3 set_aumessage_mode.3 \
audispd.8 audispd.conf.5 audispd-zos-remote.8 libaudit.conf.5 \
-augenrules.8 audit_set_backlog_wait_time.3 \
+augenrules.8 \
zos-remote.conf.5
all: all-am
diff -ur audit-2.7.5.orig/rules/10-base-config.rules audit-2.7.5/rules/10-base-config.rules
--- audit-2.7.5.orig/rules/10-base-config.rules 2017-04-10 10:22:22.000000000 -0400
+++ audit-2.7.5/rules/10-base-config.rules 2017-04-10 10:47:56.555441424 -0400
@@ -5,9 +5,6 @@
## Make this bigger for busy systems
-b 8192
-## This determine how long to wait in burst of events
---backlog_wait_time 0
-
## Set failure mode to syslog
-f 1

12
SOURCES/audit-2.8.2-auparse-numeric_field.patch

@ -0,0 +1,12 @@ @@ -0,0 +1,12 @@
diff --git a/auparse/expression.c b/auparse/expression.c
index 17213eb..1e8876e 100644
--- a/auparse/expression.c
+++ b/auparse/expression.c
@@ -854,6 +854,7 @@ expr_create_timestamp_comparison_ex(unsigned op, time_t sec, unsigned milli,
|| op == EO_VALUE_LE || op == EO_VALUE_GT || op == EO_VALUE_GE);
res->op = op;
res->virtual_field = 1;
+ res->numeric_field = 1;
res->v.p.field.id = EF_TIMESTAMP_EX;
res->precomputed_value = 1;
res->v.p.value.timestamp_ex.sec = sec;

141
SOURCES/audit-2.8.2-fix-reset-lost-return.patch

@ -0,0 +1,141 @@ @@ -0,0 +1,141 @@
Subject: [PATCH 2/2] lost_reset: return value rather than sequence number when zero
Date: Wed, 22 Nov 2017 19:00:57 -0500

The kernel always returns negative values on error, so zero and anything
positive is valid success. Lost_reset returned a positive value at the
time of reset, including zero that got interpreted as success and
replaced with the packet sequence number "2".

Rename audit_send() to __audit_send() and pass the sequence number back
via a parameter rather than return value.

Have a new stub audit_send() call __audit_send() and mimic the previous
behaviour of audit_send().

There are legacy functions that actually use a sequence number:
audit_request_rules_list_data()
delete_all_rules()
audit_request_signal_info()
src/auditd.c:get_reply()
A number of others don't appear to need it, but expose it in libaudit:
audit_send_user_message()
audit_log_user_comm_message()
audit_log_acct_message()
audit_log_user_avc_message()
audit_log_semanage_message()
audit_log_user_command()
audit_request_status()
audit_set_enabled()
audit_set_failure()
audit_set_rate_limit()
audit_set_backlog_limit()
audit_set_backlog_wait_time()
audit_add_rule_data()
audit_delete_rule_data()

Passes all audit-testsuite tests.

See: https://github.com/linux-audit/audit-userspace/issues/31

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
lib/libaudit.c | 3 ++-
lib/netlink.c | 28 ++++++++++++++++++++--------
lib/private.h | 1 +
3 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/lib/libaudit.c b/lib/libaudit.c
index a9ba575..aa8258c 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -519,6 +519,7 @@ int audit_set_backlog_wait_time(int fd, uint32_t bwt)
int audit_reset_lost(int fd)
{
int rc;
+ int seq;
struct audit_status s;
if ((audit_get_features() & AUDIT_FEATURE_BITMAP_LOST_RESET) == 0)
@@ -527,7 +528,7 @@ int audit_reset_lost(int fd)
memset(&s, 0, sizeof(s));
s.mask = AUDIT_STATUS_LOST;
s.lost = 0;
- rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
+ rc = __audit_send(fd, AUDIT_SET, &s, sizeof(s), &seq);
if (rc < 0)
audit_msg(audit_priority(errno),
"Error sending lost reset request (%s)",
diff --git a/lib/netlink.c b/lib/netlink.c
index 6e23883..5b2028f 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -203,7 +203,7 @@ static int adjust_reply(struct audit_reply *rep, int len)
* error: -errno
* short: 0
*/
-int audit_send(int fd, int type, const void *data, unsigned int size)
+int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq)
{
static int sequence = 0;
struct audit_message req;
@@ -224,6 +224,7 @@ int audit_send(int fd, int type, const void *data, unsigned int size)
if (++sequence < 0)
sequence = 1;
+ *seq = sequence;
memset(&req, 0, sizeof(req));
req.nlh.nlmsg_len = NLMSG_SPACE(size);
@@ -241,18 +242,29 @@ int audit_send(int fd, int type, const void *data, unsigned int size)
retval = sendto(fd, &req, req.nlh.nlmsg_len, 0,
(struct sockaddr*)&addr, sizeof(addr));
} while (retval < 0 && errno == EINTR);
- if (retval == (int)req.nlh.nlmsg_len) {
- if ((retval = check_ack(fd)) == 0)
- return sequence;
- else
- return retval;
- }
- if (retval < 0)
+ if (retval == (int)req.nlh.nlmsg_len)
+ return check_ack(fd);
+ if (retval < 0) {
return -errno;
+ } else if (retval > 0) {
+ errno = EINVAL;
+ return -errno;
+ }
return 0;
}
+int audit_send(int fd, int type, const void *data, unsigned int size)
+{
+ int rc;
+ int seq;
+
+ rc = __audit_send(fd, type, data, size, &seq);
+ if (rc == 0)
+ rc = seq;
+ return rc;
+}
+
/*
* This function will take a peek into the next packet and see if there's
* an error. If so, the error is returned and its non-zero. Otherwise a
diff --git a/lib/private.h b/lib/private.h
index dbe0f74..560740f 100644
--- a/lib/private.h
+++ b/lib/private.h
@@ -121,6 +121,7 @@ void audit_msg(int priority, const char *fmt, ...)
#endif
extern int audit_send(int fd, int type, const void *data, unsigned int size);
+extern int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq);
AUDIT_HIDDEN_START
--
1.8.3.1


76
SOURCES/audit-2.8.2-ipv6-bind.patch

@ -0,0 +1,76 @@ @@ -0,0 +1,76 @@
From 659bfd369dc6810ac5349c433455c0d317482354 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 17 Oct 2017 14:31:46 -0400
Subject: [PATCH] Fixup ipv6 server side binding

---
src/auditd-listen.c | 32 ++++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+)

diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index 7a5c2c6..0d1717f 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -914,6 +914,7 @@ int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
struct addrinfo hints;
char local[16];
int one = 1, rc;
+ int prefer_ipv6 = 0;
ev_periodic_init(&periodic_watcher, periodic_handler,
0, config->tcp_client_max_idle, NULL);
@@ -929,6 +930,7 @@ int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
memset(&hints, '\0', sizeof(hints));
hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
hints.ai_socktype = SOCK_STREAM;
+ hints.ai_family = AF_UNSPEC;
snprintf(local, sizeof(local), "%ld", config->tcp_listen_port);
rc = getaddrinfo(NULL, local, &hints, &ai);
@@ -937,9 +939,32 @@ int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
return 1;
}
+ {
+ int ipv4 = 0, ipv6 = 0;
nlsocks = 0;
runp = ai;
while (runp && nlsocks < N_SOCKS) {
+ // Let's take a pass through and see what we got.
+ if (runp->ai_family == AF_INET)
+ ipv4++;
+ else if (runp->ai_family == AF_INET6)
+ ipv6++;
+ runp = runp->ai_next;
+ nlsocks++;
+ }
+
+ if (nlsocks == 2 && ipv4 && ipv6)
+ prefer_ipv6 = 1;
+ }
+
+ nlsocks = 0;
+ runp = ai;
+ while (runp && nlsocks < N_SOCKS) {
+ // On linux, ipv6 sockets by default include ipv4 so
+ // we only need one.
+ if (runp->ai_family == AF_INET && prefer_ipv6)
+ goto next_try;
+
listen_socket[nlsocks] = socket(runp->ai_family,
runp->ai_socktype, runp->ai_protocol);
if (listen_socket[nlsocks] < 0) {
@@ -950,6 +975,13 @@ int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
/* This avoids problems if auditd needs to be restarted. */
setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR,
(char *)&one, sizeof (int));
+
+ // If we had more than 2 addresses suggested we'll
+ // separate the sockets.
+ if (!prefer_ipv6 && runp->ai_family == AF_INET6)
+ setsockopt(listen_socket[nlsocks], IPPROTO_IPV6,
+ IPV6_V6ONLY, &one, sizeof(int));
+
set_close_on_exec(listen_socket[nlsocks]);
if (bind(listen_socket[nlsocks], runp->ai_addr,

578
SOURCES/audit-2.8.2-style-fix.patch

@ -0,0 +1,578 @@ @@ -0,0 +1,578 @@
From 63151c4f0e9d1d037f80f10cb7809573a49da6c7 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 17 Oct 2017 13:33:28 -0400
Subject: [PATCH] make style match rest of audit system

---
src/auditd-listen.c | 176 ++++++++++++++++++++++++++--------------------------
1 file changed, 88 insertions(+), 88 deletions(-)

diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index b4dc097..7a5c2c6 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -114,11 +114,11 @@ static char *sockaddr_to_addr4(struct sockaddr_in *addr)
static void set_close_on_exec(int fd)
{
- int flags = fcntl (fd, F_GETFD);
+ int flags = fcntl(fd, F_GETFD);
if (flags == -1)
flags = 0;
flags |= FD_CLOEXEC;
- fcntl (fd, F_SETFD, flags);
+ fcntl(fd, F_SETFD, flags);
}
static void release_client(struct ev_tcp *client)
@@ -144,11 +144,11 @@ static void release_client(struct ev_tcp *client)
static void close_client(struct ev_tcp *client)
{
- release_client (client);
- free (client);
+ release_client(client);
+ free(client);
}
-static int ar_write (int sock, const void *buf, int len)
+static int ar_write(int sock, const void *buf, int len)
{
int rc = 0, w;
while (len > 0) {
@@ -167,7 +167,7 @@ static int ar_write (int sock, const void *buf, int len)
}
#ifdef USE_GSSAPI
-static int ar_read (int sock, void *buf, int len)
+static int ar_read(int sock, void *buf, int len)
{
int rc = 0, r;
while (len > 0) {
@@ -192,13 +192,13 @@ static int ar_read (int sock, void *buf, int len)
the tokens. The protocol we use for transferring tokens is to send
the length first, four bytes MSB first, then the token data. We
return nonzero on error. */
-static int recv_token (int s, gss_buffer_t tok)
+static int recv_token(int s, gss_buffer_t tok)
{
int ret;
unsigned char lenbuf[4];
unsigned int len;
- ret = ar_read(s, (char *) lenbuf, 4);
+ ret = ar_read(s, (char *)lenbuf, 4);
if (ret < 0) {
audit_msg(LOG_ERR, "GSS-API error reading token length");
return -1;
@@ -220,13 +220,13 @@ static int recv_token (int s, gss_buffer_t tok)
}
tok->length = len;
- tok->value = (char *) malloc(tok->length ? tok->length : 1);
+ tok->value = (char *)malloc(tok->length ? tok->length : 1);
if (tok->length && tok->value == NULL) {
audit_msg(LOG_ERR, "Out of memory allocating token data");
return -1;
}
- ret = ar_read(s, (char *) tok->value, tok->length);
+ ret = ar_read(s, (char *)tok->value, tok->length);
if (ret < 0) {
audit_msg(LOG_ERR, "GSS-API error reading token data");
free(tok->value);
@@ -243,7 +243,7 @@ static int recv_token (int s, gss_buffer_t tok)
/* Same here. */
int send_token(int s, gss_buffer_t tok)
{
- int ret;
+ int ret;
unsigned char lenbuf[4];
unsigned int len;
@@ -268,7 +268,7 @@ int send_token(int s, gss_buffer_t tok)
if (ret < 0) {
audit_msg(LOG_ERR, "GSS-API error sending token data");
return -1;
- } else if (ret != (int) tok->length) {
+ } else if (ret != (int)tok->length) {
audit_msg(LOG_ERR, "GSS-API error sending token data");
return -1;
}
@@ -277,14 +277,14 @@ int send_token(int s, gss_buffer_t tok)
}
-static void gss_failure_2 (const char *msg, int status, int type)
+static void gss_failure_2(const char *msg, int status, int type)
{
OM_uint32 message_context = 0;
OM_uint32 min_status = 0;
gss_buffer_desc status_string;
do {
- gss_display_status (&min_status,
+ gss_display_status(&min_status,
status,
type,
GSS_C_NO_OID,
@@ -298,11 +298,11 @@ static void gss_failure_2 (const char *msg, int status, int type)
} while (message_context != 0);
}
-static void gss_failure (const char *msg, int major_status, int minor_status)
+static void gss_failure(const char *msg, int major_status, int minor_status)
{
- gss_failure_2 (msg, major_status, GSS_C_GSS_CODE);
+ gss_failure_2(msg, major_status, GSS_C_GSS_CODE);
if (minor_status)
- gss_failure_2 (msg, minor_status, GSS_C_MECH_CODE);
+ gss_failure_2(msg, minor_status, GSS_C_MECH_CODE);
}
#define KCHECK(x,f) if (x) { \
@@ -323,7 +323,7 @@ static int server_acquire_creds(const char *service_name,
krb5_context kcontext = NULL;
int krberr;
- my_service_name = strdup (service_name);
+ my_service_name = strdup(service_name);
name_buf.value = (char *)service_name;
name_buf.length = strlen(name_buf.value) + 1;
major_status = gss_import_name(&minor_status, &name_buf,
@@ -346,9 +346,9 @@ static int server_acquire_creds(const char *service_name,
(void) gss_release_name(&minor_status, &server_name);
- krberr = krb5_init_context (&kcontext);
+ krberr = krb5_init_context(&kcontext);
KCHECK (krberr, "krb5_init_context");
- krberr = krb5_get_default_realm (kcontext, &my_gss_realm);
+ krberr = krb5_get_default_realm(kcontext, &my_gss_realm);
KCHECK (krberr, "krb5_get_default_realm");
audit_msg(LOG_DEBUG, "GSS creds for %s acquired", service_name);
@@ -360,7 +360,7 @@ static int server_acquire_creds(const char *service_name,
the case of Kerberos, this is where the key exchange happens.
FIXME: While everything else is strictly nonblocking, this
negotiation blocks. */
-static int negotiate_credentials (ev_tcp *io)
+static int negotiate_credentials(ev_tcp *io)
{
gss_buffer_desc send_tok, recv_tok;
gss_name_t client;
@@ -440,12 +440,12 @@ static int negotiate_credentials (ev_tcp *io)
audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
(char *)recv_tok.value);
- io->remote_name = strdup (recv_tok.value);
- io->remote_name_len = strlen (recv_tok.value);
+ io->remote_name = strdup(recv_tok.value);
+ io->remote_name_len = strlen(recv_tok.value);
gss_release_buffer(&min_stat, &recv_tok);
- slashptr = strchr (io->remote_name, '/');
- atptr = strchr (io->remote_name, '@');
+ slashptr = strchr(io->remote_name, '/');
+ atptr = strchr(io->remote_name, '@');
if (!slashptr || !atptr) {
audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",
@@ -454,14 +454,14 @@ static int negotiate_credentials (ev_tcp *io)
}
*slashptr = 0;
- if (strcmp (io->remote_name, my_service_name)) {
+ if (strcmp(io->remote_name, my_service_name)) {
audit_msg(LOG_ERR, "Unauthorized GSS client name: %s (not %s)",
io->remote_name, my_service_name);
return -1;
}
*slashptr = '/';
- if (strcmp (atptr+1, my_gss_realm)) {
+ if (strcmp(atptr+1, my_gss_realm)) {
audit_msg(LOG_ERR, "Unauthorized GSS client realm: %s (not %s)",
atptr+1, my_gss_realm);
return -1;
@@ -473,7 +473,7 @@ static int negotiate_credentials (ev_tcp *io)
/* This is called from auditd-event after the message has been logged.
The header is already filled in. */
-static void client_ack (void *ack_data, const unsigned char *header,
+static void client_ack(void *ack_data, const unsigned char *header,
const char *msg)
{
ev_tcp *io = (ev_tcp *)ack_data;
@@ -483,18 +483,18 @@ static void client_ack (void *ack_data, const unsigned char *header,
gss_buffer_desc utok, etok;
int rc, mlen;
- mlen = strlen (msg);
+ mlen = strlen(msg);
utok.length = AUDIT_RMW_HEADER_SIZE + mlen;
- utok.value = malloc (utok.length + 1);
+ utok.value = malloc(utok.length + 1);
- memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);
- memcpy (utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
+ memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);
+ memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
/* Wrapping the message creates a token for the
client. Then we just have to worry about sending
the token. */
- major_status = gss_wrap (&minor_status,
+ major_status = gss_wrap(&minor_status,
io->gss_context,
1,
GSS_C_QOP_DEFAULT,
@@ -504,21 +504,21 @@ static void client_ack (void *ack_data, const unsigned char *header,
if (major_status != GSS_S_COMPLETE) {
gss_failure("encrypting message", major_status,
minor_status);
- free (utok.value);
+ free(utok.value);
return;
}
// FIXME: What were we going to do with rc?
- rc = send_token (io->io.fd, &etok);
- free (utok.value);
+ rc = send_token(io->io.fd, &etok);
+ free(utok.value);
(void) gss_release_buffer(&minor_status, &etok);
return;
}
#endif
// Send the header and a text error message if it exists
- ar_write (io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
+ ar_write(io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
if (msg[0])
- ar_write (io->io.fd, msg, strlen(msg));
+ ar_write(io->io.fd, msg, strlen(msg));
}
extern void distribute_event(struct auditd_event *e);
@@ -540,7 +540,7 @@ static void client_message (struct ev_tcp *io, unsigned int length,
unsigned char ack[AUDIT_RMW_HEADER_SIZE];
AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ACK,
0, seq);
- client_ack (io, ack, "");
+ client_ack(io, ack, "");
} else {
struct auditd_event *e = create_event(
header+AUDIT_RMW_HEADER_SIZE,
@@ -552,10 +552,10 @@ static void client_message (struct ev_tcp *io, unsigned int length,
}
}
-static void auditd_tcp_client_handler( struct ev_loop *loop,
- struct ev_io *_io, int revents )
+static void auditd_tcp_client_handler(struct ev_loop *loop,
+ struct ev_io *_io, int revents)
{
- struct ev_tcp *io = (struct ev_tcp *) _io;
+ struct ev_tcp *io = (struct ev_tcp *)_io;
int i, r;
int total_this_call = 0;
@@ -586,18 +586,18 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
otherwise fails, the read will return -1. */
if (r <= 0) {
if (r < 0)
- audit_msg (LOG_WARNING,
+ audit_msg(LOG_WARNING,
"client %s socket closed unexpectedly",
sockaddr_to_addr4(&io->addr));
/* There may have been a final message without a LF. */
if (io->bufptr) {
- client_message (io, io->bufptr, io->buffer);
+ client_message(io, io->bufptr, io->buffer);
}
- ev_io_stop (loop, _io);
- close_client (io);
+ ev_io_stop(loop, _io);
+ close_client(io);
return;
}
@@ -635,7 +635,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
/* Unwrapping the token gives us the original message,
which we know is already a single record. */
- major_status = gss_unwrap (&minor_status, io->gss_context,
+ major_status = gss_unwrap(&minor_status, io->gss_context,
&etok, &utok, NULL, NULL);
if (major_status != GSS_S_COMPLETE) {
@@ -645,10 +645,10 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
/* client_message() wants to NUL terminate it,
so copy it to a bigger buffer. Plus, we
want to add our own tag. */
- memcpy (msgbuf, utok.value, utok.length);
+ memcpy(msgbuf, utok.value, utok.length);
while (utok.length > 0 && msgbuf[utok.length-1] == '\n')
utok.length --;
- snprintf (msgbuf + utok.length,
+ snprintf(msgbuf + utok.length,
MAX_AUDIT_MESSAGE_LENGTH - utok.length,
" krb5=%s", io->remote_name);
utok.length += 6 + io->remote_name_len;
@@ -681,7 +681,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
return;
/* We have an I-byte message in buffer. Send ACK */
- client_message (io, i, io->buffer);
+ client_message(io, i, io->buffer);
} else {
/* At this point, the buffer has IO->BUFPTR+R bytes in it.
@@ -701,7 +701,7 @@ static void auditd_tcp_client_handler( struct ev_loop *loop,
i++;
/* We have an I-byte message in buffer. Send ACK */
- client_message (io, i, io->buffer);
+ client_message(io, i, io->buffer);
}
/* Now copy any remaining bytes to the beginning of the
@@ -730,7 +730,7 @@ static int auditd_tcpd_check(int sock)
request_init(&request, RQ_DAEMON, "auditd", RQ_FILE, sock, 0);
fromhost(&request);
- if (! hosts_access(&request))
+ if (!hosts_access(&request))
return 1;
return 0;
}
@@ -759,7 +759,7 @@ static int check_num_connections(struct sockaddr_in *aaddr)
}
static void auditd_tcp_listen_handler( struct ev_loop *loop,
- struct ev_io *_io, int revents )
+ struct ev_io *_io, int revents)
{
int one=1;
int afd;
@@ -770,7 +770,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
/* Accept the connection and see where it's coming from. */
aaddrlen = sizeof(aaddr);
- afd = accept (_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
+ afd = accept(_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
if (afd == -1) {
audit_msg(LOG_ERR, "Unable to accept TCP connection");
return;
@@ -793,8 +793,8 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
/* Verify it's coming from an authorized port. We assume the firewall
* will block attempts from unauthorized machines. */
- if (min_port > ntohs (aaddr.sin_port) ||
- ntohs (aaddr.sin_port) > max_port) {
+ if (min_port > ntohs(aaddr.sin_port) ||
+ ntohs(aaddr.sin_port) > max_port) {
audit_msg(LOG_ERR, "TCP connection from %s rejected",
sockaddr_to_addr4(&aaddr));
snprintf(emsg, sizeof(emsg),
@@ -825,29 +825,29 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
setsockopt(afd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int));
setsockopt(afd, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof (int));
setsockopt(afd, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof (int));
- set_close_on_exec (afd);
+ set_close_on_exec(afd);
/* Make the client data structure */
- client = (struct ev_tcp *) malloc (sizeof (struct ev_tcp));
+ client = (struct ev_tcp *)malloc (sizeof (struct ev_tcp));
if (client == NULL) {
audit_msg(LOG_CRIT, "Unable to allocate TCP client data");
snprintf(emsg, sizeof(emsg),
"op=alloc addr=%s port=%d res=no",
sockaddr_to_ipv4(&aaddr),
- ntohs (aaddr.sin_port));
+ ntohs(aaddr.sin_port));
send_audit_event(AUDIT_DAEMON_ACCEPT, emsg);
shutdown(afd, SHUT_RDWR);
close(afd);
return;
}
- memset (client, 0, sizeof (struct ev_tcp));
+ memset(client, 0, sizeof (struct ev_tcp));
client->client_active = 1;
// Was watching for EV_ERROR, but libev 3.48 took it away
- ev_io_init (&(client->io), auditd_tcp_client_handler, afd, EV_READ);
+ ev_io_init(&(client->io), auditd_tcp_client_handler, afd, EV_READ);
- memcpy (&client->addr, &aaddr, sizeof (struct sockaddr_in));
+ memcpy(&client->addr, &aaddr, sizeof (struct sockaddr_in));
#ifdef USE_GSSAPI
if (use_gss && negotiate_credentials (client)) {
@@ -860,7 +860,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
#endif
fcntl(afd, F_SETFL, O_NONBLOCK | O_NDELAY);
- ev_io_start (loop, &(client->io));
+ ev_io_start(loop, &(client->io));
/* Add the new connection to a linked list of active clients. */
client->next = client_chain;
@@ -883,7 +883,7 @@ static void auditd_set_ports(int minp, int maxp, int max_p_addr)
}
static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
- int revents )
+ int revents)
{
struct daemon_conf *config = (struct daemon_conf *) per->data;
struct ev_tcp *ev, *next = NULL;
@@ -902,24 +902,24 @@ static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
audit_msg(LOG_NOTICE,
"client %s idle too long - closing connection\n",
sockaddr_to_addr4(&(ev->addr)));
- ev_io_stop (loop, &ev->io);
+ ev_io_stop(loop, &ev->io);
release_client(ev);
free(ev);
}
}
-int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
+int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
{
struct addrinfo *ai, *runp;
struct addrinfo hints;
char local[16];
int one = 1, rc;
- ev_periodic_init (&periodic_watcher, periodic_handler,
+ ev_periodic_init(&periodic_watcher, periodic_handler,
0, config->tcp_client_max_idle, NULL);
periodic_watcher.data = config;
if (config->tcp_client_max_idle)
- ev_periodic_start (loop, &periodic_watcher);
+ ev_periodic_start(loop, &periodic_watcher);
/* If the port is not set, that means we aren't going to
listen for connections. */
@@ -940,7 +940,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
nlsocks = 0;
runp = ai;
while (runp && nlsocks < N_SOCKS) {
- listen_socket[nlsocks] = socket (runp->ai_family,
+ listen_socket[nlsocks] = socket(runp->ai_family,
runp->ai_socktype, runp->ai_protocol);
if (listen_socket[nlsocks] < 0) {
audit_msg(LOG_ERR, "Cannot create tcp listener socket");
@@ -950,7 +950,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
/* This avoids problems if auditd needs to be restarted. */
setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR,
(char *)&one, sizeof (int));
- set_close_on_exec (listen_socket[nlsocks]);
+ set_close_on_exec(listen_socket[nlsocks]);
if (bind(listen_socket[nlsocks], runp->ai_addr,
runp->ai_addrlen)) {
@@ -977,9 +977,9 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
p ? p->p_name: "?");
endprotoent();
- ev_io_init (&tcp_listen_watcher, auditd_tcp_listen_handler,
+ ev_io_init(&tcp_listen_watcher, auditd_tcp_listen_handler,
listen_socket[nlsocks], EV_READ);
- ev_io_start (loop, &tcp_listen_watcher);
+ ev_io_start(loop, &tcp_listen_watcher);
non_fatal:
nlsocks++;
if (nlsocks == N_SOCKS)
@@ -1014,7 +1014,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
key_file = "/etc/audit/audit.key";
setenv ("KRB5_KTNAME", key_file, 1);
- if (stat (key_file, &st) == 0) {
+ if (stat(key_file, &st) == 0) {
if ((st.st_mode & 07777) != 0400) {
audit_msg (LOG_ERR,
"%s is not mode 0400 (it's %#o) - compromised key?",
@@ -1022,7 +1022,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
return -1;
}
if (st.st_uid != 0) {
- audit_msg (LOG_ERR,
+ audit_msg(LOG_ERR,
"%s is not owned by root (it's %d) - compromised key?",
key_file, st.st_uid);
return -1;
@@ -1036,17 +1036,16 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
return 0;
}
-void auditd_tcp_listen_uninit ( struct ev_loop *loop,
- struct daemon_conf *config )
+void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)
{
#ifdef USE_GSSAPI
OM_uint32 status;
#endif
- ev_io_stop ( loop, &tcp_listen_watcher );
+ ev_io_stop(loop, &tcp_listen_watcher);
while (nlsocks >= 0) {
nlsocks--;
- close ( listen_socket[nlsocks] );
+ close (listen_socket[nlsocks]);
}
#ifdef USE_GSSAPI
@@ -1060,29 +1059,29 @@ void auditd_tcp_listen_uninit ( struct ev_loop *loop,
unsigned char ack[AUDIT_RMW_HEADER_SIZE];
AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ENDING, 0, 0);
- client_ack (client_chain, ack, "");
- ev_io_stop (loop, &client_chain->io);
- close_client (client_chain);
+ client_ack(client_chain, ack, "");
+ ev_io_stop(loop, &client_chain->io);
+ close_client(client_chain);
}
if (config->tcp_client_max_idle)
- ev_periodic_stop (loop, &periodic_watcher);
+ ev_periodic_stop(loop, &periodic_watcher);
}
static void periodic_reconfigure(struct daemon_conf *config)
{
- struct ev_loop *loop = ev_default_loop (EVFLAG_AUTO);
+ struct ev_loop *loop = ev_default_loop(EVFLAG_AUTO);
if (config->tcp_client_max_idle) {
- ev_periodic_set (&periodic_watcher, ev_now (loop),
+ ev_periodic_set(&periodic_watcher, ev_now(loop),
config->tcp_client_max_idle, NULL);
- ev_periodic_start (loop, &periodic_watcher);
+ ev_periodic_start(loop, &periodic_watcher);
} else {
- ev_periodic_stop (loop, &periodic_watcher);
+ ev_periodic_stop(loop, &periodic_watcher);
}
}
-void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
- struct daemon_conf *oconf )
+void auditd_tcp_listen_reconfigure(struct daemon_conf *nconf,
+ struct daemon_conf *oconf)
{
use_libwrap = nconf->use_libwrap;
@@ -1112,3 +1111,4 @@ void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
// and recredential if needed.
oconf->krb5_principal = nconf->krb5_principal;
}
+

483
SPECS/audit.spec

@ -0,0 +1,483 @@ @@ -0,0 +1,483 @@
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

Summary: User space tools for 2.6 kernel auditing
Name: audit
Version: 2.8.1
Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
# This patch switches collecting nametype for objtype because RHEL is different
Patch1: audit-2.7.1-rhel7-fixup.patch
# DO NOT REMOVE - backlog_wait_time is not in RHEL 7 kernel
Patch2: audit-2.7.5-no-backlog-wait-time.patch
# This patch is purely fomatting. Needed for Patch4 to apply
Patch3: audit-2.8.2-style-fix.patch
# This patch fixes issue reported in bz 1101605#c15
Patch4: audit-2.8.2-ipv6-bind.patch
# This patch corrects the return value for auditctl --reset-lost
Patch5: audit-2.8.2-fix-reset-lost-return.patch
# This patch makes date a numeric field so auparse_search works
Patch6: audit-2.8.2-auparse-numeric_field.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openldap-devel
BuildRequires: swig
BuildRequires: python-devel
BuildRequires: tcp_wrappers-devel krb5-devel libcap-ng-devel
BuildRequires: kernel-headers >= 2.6.29
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
BuildRequires: systemd-units
Requires(post): systemd-units systemd-sysv chkconfig coreutils
Requires(preun): systemd-units
Requires(postun): systemd-units coreutils

%description
The audit package contains the user space utilities for
storing and searching the audit records generated by
the audit subsystem in the Linux 2.6 and later kernels.

%package libs
Summary: Dynamic library for libaudit
License: LGPLv2+
Group: Development/Libraries

%description libs
The audit-libs package contains the dynamic libraries needed for
applications to use the audit framework.

%package libs-devel
Summary: Header files for libaudit
License: LGPLv2+
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: kernel-headers >= 2.6.29

%description libs-devel
The audit-libs-devel package contains the header files needed for
developing applications that need to use the audit framework libraries.

%package libs-static
Summary: Static version of libaudit library
License: LGPLv2+
Group: Development/Libraries
Requires: kernel-headers >= 2.6.29

%description libs-static
The audit-libs-static package contains the static libraries
needed for developing applications that need to use static audit
framework libraries

%package libs-python
Summary: Python bindings for libaudit
License: LGPLv2+
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release}

%description libs-python
The audit-libs-python package contains the bindings so that libaudit
and libauparse can be used by python.

%package -n audispd-plugins
Summary: Plugins for the audit event dispatcher
License: GPLv2+
Group: System Environment/Daemons
Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: openldap

%description -n audispd-plugins
The audispd-plugins package provides plugins for the real-time
interface to the audit system, audispd. These plugins can do things
like relay events to remote machines.

%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1

%build
%configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes \
--with-libwrap --enable-gssapi-krb5=yes \
--with-libcap-ng=yes --with-arm --with-aarch64 \
--enable-zos-remote --without-golang --enable-systemd

make CFLAGS="%{optflags}" %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audispd/plugins.d,etc/audit/rules.d}
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
make DESTDIR=$RPM_BUILD_ROOT install

mkdir -p $RPM_BUILD_ROOT/%{_libdir}
# This winds up in the wrong place when libtool is involved
mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir}
mv $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
curdir=`pwd`
cd $RPM_BUILD_ROOT/%{_libdir}
LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.1.*.*\``
ln -s ../../%{_lib}/$LIBNAME libaudit.so
LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.0.*.*\``
ln -s ../../%{_lib}/$LIBNAME libauparse.so
cd $curdir
# Remove these items so they don't get picked up.
rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so
rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so

find $RPM_BUILD_ROOT -name '*.la' -delete
find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete

# Move the pkgconfig file
mv $RPM_BUILD_ROOT/%{_lib}/pkgconfig $RPM_BUILD_ROOT%{_libdir}

# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz

%check
%ifnarch aarch64 ppc %{power64} s390 s390x %{ix86}
make check
%endif
# Get rid of make files that they don't get packaged.
rm -f rules/Makefile*


%clean
rm -rf $RPM_BUILD_ROOT

%post libs -p /sbin/ldconfig

%post
# Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then
if [ -e /usr/share/doc/audit-%{version}/rules/10-base-config.rules ] ; then
cp /usr/share/doc/audit-%{version}/rules/10-base-config.rules /etc/audit/rules.d/audit.rules
else
touch /etc/audit/rules.d/audit.rules
fi
chmod 0600 /etc/audit/rules.d/audit.rules
fi
%systemd_post auditd.service

%preun
%systemd_preun auditd.service

%postun libs -p /sbin/ldconfig

%postun
if [ $1 -ge 1 ]; then
/sbin/service auditd condrestart > /dev/null 2>&1 || :
fi

%files libs
%defattr(-,root,root,-)
/%{_lib}/libaudit.so.1*
/%{_lib}/libauparse.*
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
%{_mandir}/man5/libaudit.conf.5.gz

%files libs-devel
%defattr(-,root,root,-)
%doc contrib/skeleton.c contrib/plugin
%{_libdir}/libaudit.so
%{_libdir}/libauparse.so
%{_includedir}/libaudit.h
%{_includedir}/auparse.h
%{_includedir}/auparse-defs.h
%{_datadir}/aclocal/audit.m4
%{_libdir}/pkgconfig/audit.pc
%{_libdir}/pkgconfig/auparse.pc
%{_mandir}/man3/*

%files libs-static
%defattr(-,root,root,-)
%{_libdir}/libaudit.a
%{_libdir}/libauparse.a

%files libs-python
%defattr(-,root,root,-)
%attr(755,root,root) %{python_sitearch}/_audit.so
%attr(755,root,root) %{python_sitearch}/auparse.so
%{python_sitearch}/audit.py*

%files
%defattr(-,root,root,-)
%doc README COPYING ChangeLog rules init.d/auditd.cron
%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(755,root,root) /sbin/auditctl
%attr(755,root,root) /sbin/auditd
%attr(755,root,root) /sbin/ausearch
%attr(755,root,root) /sbin/aureport
%attr(750,root,root) /sbin/autrace
%attr(755,root,root) /sbin/audispd
%attr(755,root,root) /sbin/augenrules
%attr(755,root,root) %{_bindir}/aulast
%attr(755,root,root) %{_bindir}/aulastlog
%attr(755,root,root) %{_bindir}/ausyscall
%attr(755,root,root) %{_bindir}/auvirt
%attr(644,root,root) %{_unitdir}/auditd.service
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
%attr(-,root,-) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit
%attr(750,root,root) %dir /etc/audit/rules.d
%attr(750,root,root) %dir /etc/audisp
%attr(750,root,root) %dir /etc/audisp/plugins.d
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf

%files -n audispd-plugins
%defattr(-,root,root,-)
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
%attr(750,root,root) /sbin/audispd-zos-remote
%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
%attr(750,root,root) /sbin/audisp-remote
%attr(700,root,root) %dir %{_var}/spool/audit
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz

%changelog
* Tue Dec 12 2017 Steve Grubb <sgrubb@redhat.com> 2.8.1-3
resolves: #1399314 - Allow non-equality comparisons for uid and gid fields

* Mon Nov 06 2017 Steve Grubb <sgrubb@redhat.com> 2.8.1-2
resolves: #1508965 - Need to rebuild rpm to remove static relocations

* Thu Oct 12 2017 Steve Grubb <sgrubb@redhat.com> 2.8.1-1
resolves: #982154 - Can't find the "avc" event with the auvirt command
resolves: #1101605 - Ipv6 seems no working
resolves: #1399314 - Allow non-equality comparisons for uid and gid fields
resolves: #1455598 - Default port is wrong in audisp-remote.conf
resolves: #1476406 - Audit package rebase

* Mon Sep 18 2017 Steve Grubb <sgrubb@redhat.com> 2.7.8-1
resolves: #1406887 - auditd validate_email uses obsolete gethostbyname
resolves: #1448526 - aureport shows the wrong auid "-1"
resolves: #1475998 - python audit crash if when using AUSOURCE_FILE_POINTER
resolves: #1482121 - python audit crash dereferencing auparse_state_t le field

* Mon Jun 12 2017 Steve Grubb <sgrubb@redhat.com> 2.7.6-3
resolves: #1460110 - aureport does not report all anomalies

* Fri May 26 2017 Steve Grubb <sgrubb@redhat.com> 2.7.6-2
resolves: #1455594 - Bad configuration keyword for audispd-remote.conf

* Wed Apr 19 2017 Steve Grubb <sgrubb@redhat.com> 2.7.6-1
resolves: #1443107 - disk full action and infinite loop in audit-remote

* Mon Apr 10 2017 Steve Grubb <sgrubb@redhat.com> 2.7.5-1
resolves: #1437187 - audit rpm postinstall script points to non-existing file
resolves: #1437426 - Remove "--backlog_wait_time" from auditctl man page & rules
resolves: #1437626 - PF_PACKET socket address will cause ausearch to segfault
resolves: #1438997 - SECCOMP records have wrong syscall

* Tue Mar 28 2017 Steve Grubb <sgrubb@redhat.com> 2.7.4-1
resolves: #1367703 - auvirt wasn't supporting date keywords
resolves: #1396792 - augenrules includes files ending in regexp "rules"
resolves: #1406525 - ausearch with '--raw' parameter outputs garbage character

* Tue Feb 28 2017 Steve Grubb <sgrubb@redhat.com> 2.7.3-1
resolves: #1381601 - audit package update
resolves: #1382381 - typo in package description

* Fri Jan 20 2017 Steve Grubb <sgrubb@redhat.com> 2.6.5-4
resolves: #1382397 - write_logs option is not correctly handled
resolves: #1414812 - Setting log_format to NOLOG make auditd core dump

* Wed Aug 10 2016 Steve Grubb <sgrubb@redhat.com> 2.6.5-3
resolves: #1296204 - Rebase audit package

* Wed Jan 14 2015 Steve Grubb <sgrubb@redhat.com> 2.4.1-5
resolves: #1180675 - rules with "-F arch=ppc64le" fail to load

* Tue Jan 13 2015 Steve Grubb <sgrubb@redhat.com> 2.4.1-4
- Remove golang bindings added under the following bz
resolves: #1115196 - Add golang bindings for libaudit

* Wed Dec 17 2014 Steve Grubb <sgrubb@redhat.com> 2.4.1-2
resolves: #1173160 - Audit package needs update for new VPN crypto events

* Tue Oct 28 2014 Steve Grubb <sgrubb@redhat.com> 2.4.1-1
resolves: #963353 - aarch64 userspace auditing needs to be written
resolves: #1150202 - perf trace sleep 1 does not list any syscall information
resolves: #1142989 - Update audit package to 2.4.1
resolves: #1155221 - adjust fstatat naming to match kernel uapi

* Thu Sep 18 2014 Steve Grubb <sgrubb@redhat.com> 2.4-1
resolves: #1115196 - Add golang bindings for libaudit
resolves: #1105150 - audispd config file parser fails on long input
resolves: #1104973 - auparse truncating selinux context after first category
resolves: #1088593 - auditctl man page examples use deprecated syscalls
resolves: #1087849 - support for setting loginuid immutable
resolves: #1073063 - AUDIT_SECCOMP events syscall field is not interpretted
resolves: #975796 - confusing aulast records for bad logins

* Tue Mar 18 2014 Steve Grubb <sgrubb@redhat.com> 2.3.3-4
resolves: #1077249 - Audit update, various issues

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.3.3-3
- Mass rebuild 2014-01-24

* Mon Jan 20 2014 Steve Grubb <sgrubb@redhat.com> 2.3.3-2
- New upstream bugfix/enhancement release
resolves: #1053804 - ausearch issues found by ausearch-test
resolves: #1030409 - ausearch help typo for "-x" option

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.3.2-4
- Mass rebuild 2013-12-27

* Thu Oct 03 2013 Steve Grubb <sgrubb@redhat.com> 2.3.2-3
resolves: #828495 - semanage port should generate an audit event

* Thu Aug 29 2013 Steve Grubb <sgrubb@redhat.com> 2.3.2-2
resolves: #991056 - ausearch ignores USER events with -ua option

* Mon Jul 29 2013 Steve Grubb <sgrubb@redhat.com> 2.3.2-1
- New upstream bugfix/enhancement release
resolves: #982112 Add delay between stopping and starting auditd

* Wed Jul 10 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-4
resolves: #982112 Add delay between stopping and starting auditd

* Wed Jul 03 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-3
- Remove prelude support

* Fri May 31 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-2
- Fix unknown lvalue in auditd.service (#969345)

* Thu May 30 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-1
- New upstream bugfix/enhancement release

* Fri May 03 2013 Steve Grubb <sgrubb@redhat.com> 2.3-2
- If no rules exist, copy shipped rules into place

* Tue Apr 30 2013 Steve Grubb <sgrubb@redhat.com> 2.3-1
- New upstream bugfix release

* Thu Mar 21 2013 Steve Grubb <sgrubb@redhat.com> 2.2.3-2
- Fix clone syscall interpretation

* Tue Mar 19 2013 Steve Grubb <sgrubb@redhat.com> 2.2.3-1
- New upstream bugfix release

* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Wed Jan 16 2013 Steve Grubb <sgrubb@redhat.com> 2.2.2-4
- Don't make auditd.service file executable (#896113)

* Fri Jan 11 2013 Steve Grubb <sgrubb@redhat.com> 2.2.2-3
- Do not own /usr/lib64/audit

* Wed Dec 12 2012 Steve Grubb <sgrubb@redhat.com> 2.2.2-2
- New upstream release

* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Fri Mar 23 2012 Steve Grubb <sgrubb@redhat.com> 2.2.1-1
- New upstream release

* Thu Mar 1 2012 Steve Grubb <sgrubb@redhat.com> 2.2-1
- New upstream release

* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Thu Sep 15 2011 Adam Williamson <awilliam@redhat.com> 2.1.3-4
- add in some systemd scriptlets that were missed, including one which
will cause auditd to be enabled on upgrade from pre-systemd builds

* Wed Sep 14 2011 Steve Grubb <sgrubb@redhat.com> 2.1.3-3
- Enable by default (#737060)

* Tue Aug 30 2011 Steve Grubb <sgrubb@redhat.com> 2.1.3-2
- Correct misplaced ifnarch (#734359)

* Mon Aug 15 2011 Steve Grubb <sgrubb@redhat.com> 2.1.3-1
- New upstream release

* Tue Jul 26 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.1.2-2
- Introduce systemd unit file, drop SysV support

* Sat Jun 11 2011 Steve Grubb <sgrubb@redhat.com> 2.1.2-1
- New upstream release

* Wed Apr 20 2011 Steve Grubb <sgrubb@redhat.com> 2.1.1-1
- New upstream release

* Tue Mar 29 2011 Steve Grubb <sgrubb@redhat.com> 2.1-1
- New upstream release

* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Fri Feb 04 2011 Steve Grubb <sgrubb@redhat.com> 2.0.6-1
- New upstream release

* Thu Jan 20 2011 Karsten Hopp <karsten@redhat.com> 2.0.5-2
- bump and rebuild as 2.0.5-1 was erroneously linked with python-2.6 on ppc

* Tue Nov 02 2010 Steve Grubb <sgrubb@redhat.com> 2.0.5-1
- New upstream release

* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

* Tue Feb 16 2010 Adam Jackson <ajax@redhat.com> 2.0.4-3
- audit-2.0.4-add-needed.patch: Fix FTBFS for --no-add-needed

* Fri Jan 29 2010 Steve Grubb <sgrubb@redhat.com> 2.0.4-2
- Split out static libs (#556039)

* Tue Dec 08 2009 Steve Grubb <sgrubb@redhat.com> 2.0.4-1
- New upstream release

* Sat Oct 17 2009 Steve Grubb <sgrubb@redhat.com> 2.0.3-1
- New upstream release

* Fri Oct 16 2009 Steve Grubb <sgrubb@redhat.com> 2.0.2-1
- New upstream release

* Mon Sep 28 2009 Steve Grubb <sgrubb@redhat.com> 2.0.1-1
- New upstream release

* Fri Aug 21 2009 Steve Grubb <sgrubb@redhat.com> 2.0-3
- New upstream release
Loading…
Cancel
Save