From 5431994a68ee5023a2f80351a148de78a8526836 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Oct 25 2008 13:08:31 +0000 Subject: - If kernel is in immutable mode, auditd should not send enable command --- diff --git a/audit-1.7.9-startup.patch b/audit-1.7.9-startup.patch new file mode 100644 index 0000000..d64c295 --- /dev/null +++ b/audit-1.7.9-startup.patch @@ -0,0 +1,12 @@ +diff -urp audit-1.7.9.orig/src/auditd.c audit-1.7.9/src/auditd.c +--- audit-1.7.9.orig/src/auditd.c 2008-10-25 08:25:39.000000000 -0400 ++++ audit-1.7.9/src/auditd.c 2008-10-25 08:42:08.000000000 -0400 +@@ -664,7 +664,7 @@ int main(int argc, char *argv[]) + tell_parent(SUCCESS); + + /* Depending on value of opt_startup (-s) set initial audit state */ +- if (opt_startup != startup_nochange && ++ if ((audit_is_enabled(fd) < 2) && opt_startup != startup_nochange && + audit_set_enabled(fd, (int)opt_startup) < 0) { + char emsg[DEFAULT_BUF_SZ]; + if (*subj) diff --git a/audit.spec b/audit.spec index 092e1dc..bbe1a4a 100644 --- a/audit.spec +++ b/audit.spec @@ -1,17 +1,18 @@ %define sca_version 0.4.8 -%define sca_release 7 +%define sca_release 8 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} Summary: User space tools for 2.6 kernel auditing Name: audit Version: 1.7.8 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Patch1: audit-1.7.9-bugs.patch Patch2: audit-1.7.9-i386.patch +Patch3: audit-1.7.9-startup.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: tcp_wrappers-devel @@ -90,6 +91,7 @@ A graphical utility for editing audit configuration. %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build (cd system-config-audit; ./autogen.sh) @@ -278,7 +280,10 @@ fi %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %changelog -* Thu Oct 23 2008 Steve Grubb 1.7.8-3 +* Sat Oct 25 2008 Steve Grubb 1.7.8-4 +- If kernel is in immutable mode, auditd should not send enable command + +* Fri Oct 24 2008 Steve Grubb 1.7.8-3 - Fix ausearch interpretting i386 syscalls on x86_64 machine * Thu Oct 23 2008 Steve Grubb 1.7.8-2