From 9893d2d877873ff6766e3c80265b34e323adaede Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@fedoraproject.org>
Date: Jan 19 2008 20:59:34 +0000
Subject: - Add prelude IDS plugin for IDMEF alerts

- Add --user option to aulastlog command
- Use desktop-file-install for system-config-audit
- Avoid touching auditd.conf most of the time (#408501)

---

diff --git a/.cvsignore b/.cvsignore
index 9c1dcc7..ec26eba 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -82,3 +82,4 @@ audit-1.6.1.tar.gz
 audit-1.6.2.tar.gz
 audit-1.6.4.tar.gz
 audit-1.6.5.tar.gz
+audit-1.6.6.tar.gz
diff --git a/audit.spec b/audit.spec
index 98a7ef0..fbb78cf 100644
--- a/audit.spec
+++ b/audit.spec
@@ -1,12 +1,12 @@
 %define sca_version 0.4.5
-%define sca_release 7
+%define sca_release 8
 %define selinux_variants mls strict targeted
 %define selinux_policyver 3.2.5 
 
 Summary: User space tools for 2.6 kernel auditing
 Name: audit
-Version: 1.6.5
-Release: 3%{?dist}
+Version: 1.6.6
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://people.redhat.com/sgrubb/audit/
@@ -61,7 +61,10 @@ Summary: Plugins for the audit event dispatcher
 License: GPLv2+
 Group: System Environment/Daemons
 BuildRequires: openldap-devel
-BuildRequires: checkpolicy selinux-policy-devel
+%if "%{selinux_policyver}" != ""
+BuildRequires: checkpolicy selinux-policy-devel >= %{selinux_policyver}
+%endif
+BuildRequires: libprelude-devel >= 0.9.16
 Requires: %{name} = %{version}-%{release}
 Requires: %{name}-libs = %{version}-%{release}
 Requires: openldap
@@ -83,6 +86,7 @@ Version: %{sca_version}
 Release: %{sca_release}%{?dist}
 License: GPLv2+
 Group: Applications/System
+BuildRequires: desktop-file-utils
 Requires: pygtk2-libglade usermode usermode-gtk
 
 %description -n system-config-audit
@@ -96,7 +100,7 @@ cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
 %build
 (cd system-config-audit; ./autogen.sh)
 aclocal && autoconf && autoheader && automake
-%configure --sbindir=/sbin --libdir=/%{_lib}
+%configure --sbindir=/sbin --libdir=/%{_lib} --with-prelude
 make
 cd zos-remote-policy
 for selinuxvariant in %{selinux_variants}
@@ -149,6 +153,11 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
 
 %find_lang system-config-audit
 
+desktop-file-install					\
+	--dir $RPM_BUILD_ROOT/%{_datadir}/applications	\
+	--delete-original				\
+	system-config-audit/system-config-audit.desktop
+
 # This is a reminder to enable it when tests
 # aren't based on postfix uids
 #% check
@@ -171,18 +180,23 @@ done
 
 %post
 /sbin/chkconfig --add auditd
+# This is to migrate users from audit-1.0.x installations
 if [ -f /etc/auditd.conf ]; then
    mv /etc/auditd.conf /etc/audit/auditd.conf
 fi
 if [ -f /etc/audit.rules ]; then
    mv /etc/audit.rules /etc/audit/audit.rules
 fi
+# This is to enable the dispatcher option which was commented out
 if [ -f /etc/audit/auditd.conf ]; then
-   tmp=`mktemp /etc/audit/auditd-post.XXXXXX`
-   if [ -n $tmp ]; then
-      sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
-      cat $tmp > /etc/audit/auditd.conf
-      rm -f $tmp
+   grep '^dispatcher' /etc/audit/auditd.conf >/dev/null
+   if [ $? -eq 1 ] ; then
+      tmp=`mktemp /etc/audit/auditd-post.XXXXXX`
+      if [ -n $tmp ]; then
+         sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
+         cat $tmp > /etc/audit/auditd.conf
+         rm -f $tmp
+      fi
    fi
 fi
 
@@ -192,8 +206,7 @@ if [ $1 -eq 0 ]; then
    /sbin/chkconfig --del auditd
 fi
 
-%postun libs
-/sbin/ldconfig 2>/dev/null
+%postun libs -p /sbin/ldconfig
 
 %postun -n audispd-plugins
 if [ $1 -eq 0 ]; then
@@ -262,7 +275,7 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd
 %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
-%attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
 
 %files -n audispd-plugins
 %defattr(-,root,root,-)
@@ -273,6 +286,9 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
 %attr(750,root,root) /sbin/audispd-zos-remote
 %attr(644,root,root) %{_datadir}/selinux/*/audispd-zos-remote.pp
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-prelude.conf
+%attr(750,root,root) /sbin/audisp-prelude
+%attr(644,root,root) %{_mandir}/man8/audisp-prelude.8.gz
 
 %files -n system-config-audit -f system-config-audit.lang
 %defattr(-,root,root,-)
@@ -290,6 +306,12 @@ fi
 %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
 
 %changelog
+* Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1
+- Add prelude IDS plugin for IDMEF alerts
+- Add --user option to aulastlog command
+- Use desktop-file-install for system-config-audit
+- Avoid touching auditd.conf most of the time (#408501)
+
 * Fri Jan 11 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-3
 - Updates for spec file review
 - Adjust permission on selinux policy file
diff --git a/sources b/sources
index c3a9f03..aab7a24 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-53ede8c7422cb251d01d06c7a5e3027b  audit-1.6.5.tar.gz
+9ce3c68697084f075928cc226357f242  audit-1.6.6.tar.gz