Blame audit-1.7.3-prelude.patch
|
Steve Grubb |
d05050 |
diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c
|
|
Steve Grubb |
d05050 |
--- audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c 2008-04-07 16:57:12.000000000 -0400
|
|
Steve Grubb |
d05050 |
+++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c 2008-04-17 16:27:51.000000000 -0400
|
|
Steve Grubb |
d05050 |
@@ -228,7 +228,8 @@ int main(int argc, char *argv[])
|
|
Steve Grubb |
d05050 |
return -1;
|
|
Steve Grubb |
d05050 |
}
|
|
Steve Grubb |
d05050 |
|
|
Steve Grubb |
d05050 |
- syslog(LOG_INFO, "audisp-prelude is ready for events");
|
|
Steve Grubb |
d05050 |
+ if (mode != M_TEST)
|
|
Steve Grubb |
d05050 |
+ syslog(LOG_INFO, "audisp-prelude is ready for events");
|
|
Steve Grubb |
d05050 |
do {
|
|
Steve Grubb |
d05050 |
/* Load configuration */
|
|
Steve Grubb |
d05050 |
if (hup) {
|
|
Steve Grubb |
d05050 |
@@ -248,9 +249,10 @@ int main(int argc, char *argv[])
|
|
Steve Grubb |
d05050 |
/* Flush any accumulated events from queue */
|
|
Steve Grubb |
d05050 |
auparse_flush_feed(au);
|
|
Steve Grubb |
d05050 |
|
|
Steve Grubb |
d05050 |
- syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
|
|
Steve Grubb |
d05050 |
if (mode == M_TEST)
|
|
Steve Grubb |
d05050 |
puts("audisp-prelude is exiting on stop request");
|
|
Steve Grubb |
d05050 |
+ else
|
|
Steve Grubb |
d05050 |
+ syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
|
|
Steve Grubb |
d05050 |
|
|
Steve Grubb |
d05050 |
/* Cleanup subsystems */
|
|
Steve Grubb |
d05050 |
if (client)
|
|
Steve Grubb |
d05050 |
@@ -1938,6 +1940,7 @@ static void handle_event(auparse_state_t
|
|
Steve Grubb |
d05050 |
break;
|
|
Steve Grubb |
d05050 |
case AUDIT_SYSCALL:
|
|
Steve Grubb |
d05050 |
handle_watched_syscalls(au, &idmef, &alert);
|
|
Steve Grubb |
d05050 |
+ goto_record_type(au, AUDIT_SYSCALL);
|
|
Steve Grubb |
d05050 |
break;
|
|
Steve Grubb |
d05050 |
default:
|
|
Steve Grubb |
d05050 |
break;
|