From 6578fabf5e702a9a3efb9a15b34db27eecfa3c2d Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Feb 26 2009 21:44:35 +0000 Subject: - Handle audit=0 boot option for 2.6.29 kernel (#487541) --- diff --git a/audit-1.8-noaudit.patch b/audit-1.8-noaudit.patch new file mode 100644 index 0000000..7329feb --- /dev/null +++ b/audit-1.8-noaudit.patch @@ -0,0 +1,130 @@ +Index: /trunk/init.d/auditd.init +=================================================================== +--- /trunk/init.d/auditd.init (revision 243) ++++ /trunk/init.d/auditd.init (revision 265) +@@ -72,7 +72,7 @@ + if test $RETVAL = 0 ; then + touch /var/lock/subsys/auditd ++ # Load the default rules ++ test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + fi +- # Load the default rules +- test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + return $RETVAL + } +@@ -85,9 +85,15 @@ + rm -f /var/lock/subsys/auditd + # Remove watches so shutdown works cleanly +- if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" ; then +- /sbin/auditctl -D >/dev/null ++ if test x"$AUDITD_CLEAN_STOP" != "x" ; then ++ if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" ++ then ++ /sbin/auditctl -D >/dev/null ++ fi + fi +- if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no" ; then +- /sbin/auditctl -e 0 >/dev/null ++ if test x"$AUDITD_STOP_DISABLE" != "x" ; then ++ if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no" ++ then ++ /sbin/auditctl -e 0 >/dev/null ++ fi + fi + return $RETVAL +Index: /trunk/ChangeLog +=================================================================== +--- /trunk/ChangeLog (revision 264) ++++ /trunk/ChangeLog (revision 265) +@@ -1,4 +1,5 @@ + 1.8 + - Disable asserts unless --with-debug passed to configure ++- Handle kernel 2.6.29's audit = 0 boot parameter better + + 1.7.12 +Index: /trunk/src/auditctl.c +=================================================================== +--- /trunk/src/auditctl.c (revision 242) ++++ /trunk/src/auditctl.c (revision 265) +@@ -971,4 +971,6 @@ + } + } ++ if (retval == -1 && errno == ECONNREFUSED) ++ fprintf(stderr, "The audit system is disabled\n"); + return retval; + } +@@ -1086,4 +1088,10 @@ + "There was an error in line %d of %s\n", + lineno, file); ++ else { ++ fprintf(stderr, ++ "The audit system is disabled\n"); ++ fclose(f); ++ return 0; ++ } + if (!ignore) { + fclose(f); +@@ -1122,4 +1130,7 @@ + "The audit system is in immutable " + "mode, no rules loaded\n"); ++ return 0; ++ } else if (errno == ECONNREFUSED) { ++ fprintf(stderr, "The audit system is disabled\n"); + return 0; + } else if (fileopt(argv[2])) +@@ -1141,4 +1152,7 @@ + "The audit system is in immutable " + "mode, no rules loaded\n"); ++ return 0; ++ } else if (errno == ECONNREFUSED) { ++ fprintf(stderr, "The audit system is disabled\n"); + return 0; + } +Index: /trunk/src/auditd-event.c +=================================================================== +--- /trunk/src/auditd-event.c (revision 258) ++++ /trunk/src/auditd-event.c (revision 265) +@@ -287,6 +287,7 @@ + data->tail = NULL; + data->head = data->head->next; +- if (data->head == NULL && stop && +- cur->reply.type == AUDIT_DAEMON_END) ++ if (data->head == NULL && stop && ++ ( cur->reply.type == AUDIT_DAEMON_END || ++ cur->reply.type == AUDIT_DAEMON_ABORT) ) + stop_req = 1; + pthread_mutex_unlock(&data->queue_lock); +Index: /trunk/src/auditd.c +=================================================================== +--- /trunk/src/auditd.c (revision 256) ++++ /trunk/src/auditd.c (revision 265) +@@ -616,5 +616,5 @@ + return 1; + } +- if(getsubj(subj)) ++ if (getsubj(subj)) + snprintf(start, sizeof(start), + "auditd start, ver=%s format=%s " +@@ -684,5 +684,5 @@ + send_audit_event(AUDIT_DAEMON_ABORT, emsg); + audit_msg(LOG_ERR, +- "Unable to set intitial audit startup state to '%s', exiting", ++ "Unable to set initial audit startup state to '%s', exiting", + startup_states[opt_startup]); + close_down(); +Index: /trunk/src/autrace.c +=================================================================== +--- /trunk/src/autrace.c (revision 1) ++++ /trunk/src/autrace.c (revision 265) +@@ -156,5 +156,10 @@ + { + case -1: +- fprintf(stderr, "Error - can't get rule count.\n"); ++ if (errno == ECONNREFUSED) ++ fprintf(stderr, ++ "The audit system is disabled\n"); ++ else ++ fprintf(stderr, ++ "Error - can't get rule count.\n"); + return 1; + case 0: diff --git a/audit.spec b/audit.spec index cb042c9..8dfbbb7 100644 --- a/audit.spec +++ b/audit.spec @@ -1,7 +1,7 @@ %define audit_version 1.7.12 -%define audit_release 1%{?dist} +%define audit_release 2%{?dist} %define sca_version 0.4.8 -%define sca_release 16 +%define sca_release 17 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} Summary: User space tools for 2.6 kernel auditing @@ -12,6 +12,7 @@ License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz +Patch1: audit-1.8-noaudit.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: tcp_wrappers-devel @@ -89,6 +90,7 @@ A graphical utility for editing audit configuration. %prep %setup -q +%patch1 -p1 %build %configure --sbindir=/sbin --libdir=/%{_lib} --with-prelude --with-libwrap --enable-gssapi-krb5=no @@ -259,6 +261,9 @@ fi %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %changelog +* Thu Feb 25 2009 Steve Grubb 1.7.12-2 +- Handle audit=0 boot option for 2.6.29 kernel (#487541) + * Tue Feb 24 2009 Steve Grubb 1.7.12-1 - New upstream release