|
 |
cae892 |
diff -urNp audit-3.0.orig/auparse/normalize.c audit-3.0/auparse/normalize.c
|
|
|
cae892 |
--- audit-3.0.orig/auparse/normalize.c 2018-05-21 13:38:08.000000000 -0400
|
|
|
cae892 |
+++ audit-3.0/auparse/normalize.c 2018-07-01 10:22:28.772089011 -0400
|
|
|
cae892 |
@@ -910,6 +910,7 @@ static const char *normalize_determine_e
|
|
|
cae892 |
case AUDIT_NETFILTER_CFG:
|
|
|
cae892 |
case AUDIT_FEATURE_CHANGE ... AUDIT_REPLACE:
|
|
|
cae892 |
case AUDIT_USER_DEVICE:
|
|
|
cae892 |
+ case AUDIT_SOFTWARE_UPDATE:
|
|
|
cae892 |
kind = NORM_EVTYPE_CONFIG;
|
|
|
cae892 |
break;
|
|
|
cae892 |
case AUDIT_SECCOMP:
|
|
|
cae892 |
@@ -1187,6 +1188,11 @@ static value_t find_simple_object(aupars
|
|
|
cae892 |
f = auparse_find_field(au, "device");
|
|
|
cae892 |
D.thing.what = NORM_WHAT_KEYSTROKES;
|
|
|
cae892 |
break;
|
|
|
cae892 |
+ case AUDIT_SOFTWARE_UPDATE:
|
|
|
cae892 |
+ auparse_first_record(au);
|
|
|
cae892 |
+ f = auparse_find_field(au, "sw");
|
|
|
cae892 |
+ D.thing.what = NORM_WHAT_SOFTWARE;
|
|
|
cae892 |
+ break;
|
|
|
cae892 |
case AUDIT_VIRT_MACHINE_ID:
|
|
|
cae892 |
f = auparse_find_field(au, "vm");
|
|
|
cae892 |
D.thing.what = NORM_WHAT_VM;
|
|
|
cae892 |
@@ -1286,6 +1292,9 @@ static value_t find_simple_obj_secondary
|
|
|
cae892 |
case AUDIT_CRYPTO_SESSION:
|
|
|
cae892 |
f = auparse_find_field(au, "rport");
|
|
|
cae892 |
break;
|
|
|
cae892 |
+ case AUDIT_SOFTWARE_UPDATE:
|
|
|
cae892 |
+ f = auparse_find_field(au, "sw_type");
|
|
|
cae892 |
+ break;
|
|
|
cae892 |
default:
|
|
|
cae892 |
break;
|
|
|
cae892 |
}
|
|
|
cae892 |
@@ -1311,6 +1320,9 @@ static value_t find_simple_obj_primary2(
|
|
|
cae892 |
case AUDIT_VIRT_RESOURCE:
|
|
|
cae892 |
f = auparse_find_field(au, "vm");
|
|
|
cae892 |
break;
|
|
|
cae892 |
+ case AUDIT_SOFTWARE_UPDATE:
|
|
|
cae892 |
+ f = auparse_find_field(au, "root_dir");
|
|
|
cae892 |
+ break;
|
|
|
cae892 |
default:
|
|
|
cae892 |
break;
|
|
|
cae892 |
}
|
|
|
cae892 |
@@ -1628,6 +1640,10 @@ map:
|
|
|
cae892 |
if (D.opt == NORM_OPT_ALL) {
|
|
|
cae892 |
if (type == AUDIT_USER_DEVICE) {
|
|
|
cae892 |
add_obj_attr(au, "uuid", 0);
|
|
|
cae892 |
+ } else if (type == AUDIT_SOFTWARE_UPDATE) {
|
|
|
cae892 |
+ auparse_first_record(au);
|
|
|
cae892 |
+ add_obj_attr(au, "key_enforce", 0);
|
|
|
cae892 |
+ add_obj_attr(au, "gpg_res", 0);
|
|
|
cae892 |
}
|
|
|
cae892 |
}
|
|
|
cae892 |
|
|
|
cae892 |
diff -urNp audit-3.0.orig/auparse/normalize-internal.h audit-3.0/auparse/normalize-internal.h
|
|
|
cae892 |
--- audit-3.0.orig/auparse/normalize-internal.h 2018-05-21 13:38:08.000000000 -0400
|
|
|
cae892 |
+++ audit-3.0/auparse/normalize-internal.h 2018-07-01 10:24:07.029078467 -0400
|
|
|
cae892 |
@@ -1,6 +1,6 @@
|
|
|
cae892 |
/*
|
|
|
cae892 |
* normalize-internal.h
|
|
|
cae892 |
- * Copyright (c) 2016-17 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
+ * Copyright (c) 2016-18 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
* All Rights Reserved.
|
|
|
cae892 |
*
|
|
|
cae892 |
* This library is free software; you can redistribute it and/or
|
|
|
cae892 |
@@ -96,6 +96,7 @@
|
|
|
cae892 |
#define NORM_WHAT_MEMORY 20
|
|
|
cae892 |
#define NORM_WHAT_KEYSTROKES 21
|
|
|
cae892 |
#define NORM_WHAT_DEVICE 22
|
|
|
cae892 |
+#define NORM_WHAT_SOFTWARE 23
|
|
|
cae892 |
|
|
|
cae892 |
// This enum is used to map events to what kind they are
|
|
|
cae892 |
#define NORM_EVTYPE_UNKNOWN 0
|
|
|
cae892 |
diff -urNp audit-3.0.orig/auparse/normalize_obj_kind_map.h audit-3.0/auparse/normalize_obj_kind_map.h
|
|
|
cae892 |
--- audit-3.0.orig/auparse/normalize_obj_kind_map.h 2018-05-21 13:38:08.000000000 -0400
|
|
|
cae892 |
+++ audit-3.0/auparse/normalize_obj_kind_map.h 2018-07-01 10:22:28.806089007 -0400
|
|
|
cae892 |
@@ -1,6 +1,6 @@
|
|
|
cae892 |
/*
|
|
|
cae892 |
* normalize_obj_kind_map.h
|
|
|
cae892 |
- * Copyright (c) 2016-17 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
+ * Copyright (c) 2016-18 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
* All Rights Reserved.
|
|
|
cae892 |
*
|
|
|
cae892 |
* This library is free software; you can redistribute it and/or
|
|
|
cae892 |
@@ -45,4 +45,5 @@ _S(NORM_WHAT_MAC_CONFIG, "mac-config")
|
|
|
cae892 |
_S(NORM_WHAT_MEMORY, "memory")
|
|
|
cae892 |
_S(NORM_WHAT_KEYSTROKES, "keystrokes")
|
|
|
cae892 |
_S(NORM_WHAT_DEVICE, "device")
|
|
|
cae892 |
+_S(NORM_WHAT_SOFTWARE, "software")
|
|
|
cae892 |
//_S(, "")
|
|
|
cae892 |
diff -urNp audit-3.0.orig/auparse/normalize_record_map.h audit-3.0/auparse/normalize_record_map.h
|
|
|
cae892 |
--- audit-3.0.orig/auparse/normalize_record_map.h 2018-05-21 13:38:08.000000000 -0400
|
|
|
cae892 |
+++ audit-3.0/auparse/normalize_record_map.h 2018-07-01 10:22:28.806089007 -0400
|
|
|
cae892 |
@@ -1,6 +1,6 @@
|
|
|
cae892 |
/*
|
|
|
cae892 |
* normalize_record_map.h
|
|
|
cae892 |
- * Copyright (c) 2016-17 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
+ * Copyright (c) 2016-18 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
* All Rights Reserved.
|
|
|
cae892 |
*
|
|
|
cae892 |
* This library is free software; you can redistribute it and/or
|
|
|
cae892 |
@@ -63,6 +63,7 @@ _S(AUDIT_MAC_CHECK, "mac-permission")
|
|
|
cae892 |
_S(AUDIT_ACCT_LOCK, "locked-account")
|
|
|
cae892 |
_S(AUDIT_ACCT_UNLOCK, "unlocked-account")
|
|
|
cae892 |
_S(AUDIT_USER_DEVICE, "configured-device")
|
|
|
cae892 |
+_S(AUDIT_SOFTWARE_UPDATE, "installed-software")
|
|
|
cae892 |
_S(AUDIT_DAEMON_START, "started-audit")
|
|
|
cae892 |
_S(AUDIT_DAEMON_END, "shutdown-audit")
|
|
|
cae892 |
_S(AUDIT_DAEMON_ABORT, "aborted-auditd-startup")
|
|
|
cae892 |
diff -urNp audit-3.0.orig/auparse/typetab.h audit-3.0/auparse/typetab.h
|
|
|
cae892 |
--- audit-3.0.orig/auparse/typetab.h 2018-05-21 13:38:08.000000000 -0400
|
|
|
cae892 |
+++ audit-3.0/auparse/typetab.h 2018-07-01 10:22:28.807089007 -0400
|
|
|
cae892 |
@@ -1,5 +1,5 @@
|
|
|
cae892 |
/* typetab.h --
|
|
|
cae892 |
- * Copyright 2007-09,2011-12,2014-17 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
+ * Copyright 2007-09,2011-12,2014-18 Red Hat Inc., Durham, North Carolina.
|
|
|
cae892 |
* All Rights Reserved.
|
|
|
cae892 |
*
|
|
|
cae892 |
* This library is free software; you can redistribute it and/or
|
|
|
cae892 |
@@ -140,4 +140,5 @@ _S(AUPARSE_TYPE_MACPROTO, "macproto" )
|
|
|
cae892 |
_S(AUPARSE_TYPE_ESCAPED, "invalid_context")
|
|
|
cae892 |
_S(AUPARSE_TYPE_IOCTL_REQ, "ioctlcmd" )
|
|
|
cae892 |
_S(AUPARSE_TYPE_FANOTIFY, "resp" )
|
|
|
cae892 |
-
|
|
|
cae892 |
+_S(AUPARSE_TYPE_ESCAPED, "sw" )
|
|
|
cae892 |
+_S(AUPARSE_TYPE_ESCAPED, "root_dir" )
|