From d3e971a1566c17a52e7be167ea6b92dd36707b17 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Aug 28 2007 18:34:17 +0000 Subject: - spec file cleanups - Update to s-c-audit 0.4.3 --- diff --git a/audit.spec b/audit.spec index e084c60..8d83cde 100644 --- a/audit.spec +++ b/audit.spec @@ -1,21 +1,21 @@ -%define sca_version 0.4.2 -%define sca_release 7 +%define sca_version 0.4.3 +%define sca_release 1 Summary: User space tools for 2.6 kernel auditing Name: audit Version: 1.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: %{name}-%{version}.tar.gz +Patch1: s-c-audit-0.4.3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: kernel-headers >= 2.6.18 BuildRequires: automake >= 1.9 BuildRequires: autoconf >= 2.59 Requires: %{name}-libs = %{version}-%{release} -Requires: %{name}-libs-python = %{version}-%{release} Requires: chkconfig Prereq: coreutils @@ -55,14 +55,6 @@ Requires: %{name}-libs = %{version}-%{release} The audit-libs-python package contains the bindings so that libaudit and libauparse can be used by python. -%package audispd-plugins -Summary: Default plugins for the audit dispatcher -License: LGPLv2+ -Group: System Environment/Daemons - -%description audispd-plugins -The audispd-plugins package contains plugins for the audit dispatcher. - %package -n system-config-audit Summary: Utility for editing audit configuration Version: %{sca_version} @@ -76,6 +68,7 @@ An utility for editing audit configuration. %prep %setup -q +%patch1 -p1 %build aclocal && autoconf && autoheader && automake @@ -191,8 +184,8 @@ fi %attr(755,root,root) /etc/rc.d/init.d/auditd %attr(750,root,root) %{_var}/log/audit %attr(750,root,root) %dir /etc/audit -%attr(750,root,root) %dir /etc/audispd -%attr(750,root,root) %dir /etc/audispd/plugins.d +%attr(750,root,root) %dir /etc/audisp +%attr(750,root,root) %dir /etc/audisp/plugins.d %attr(750,root,root) %dir %{_libdir}/audit %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules @@ -216,6 +209,10 @@ fi %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %changelog +* Tue Aug 28 2007 Steve Grubb 1.6-2 +- spec file cleanups +- Update to s-c-audit 0.4.3 + * Mon Aug 27 2007 Steve Grubb 1.6-1 - Update Licence tags - Adding perm field should not set syscall added flag in auditctl diff --git a/s-c-audit-0.4.3.patch b/s-c-audit-0.4.3.patch new file mode 100644 index 0000000..07c9331 --- /dev/null +++ b/s-c-audit-0.4.3.patch @@ -0,0 +1,124 @@ +diff -ur audit-1.5.6.orig/system-config-audit/ChangeLog audit-1.5.6/system-config-audit/ChangeLog +--- audit-1.5.6.orig/system-config-audit/ChangeLog 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/ChangeLog 2007-08-28 14:20:16.000000000 -0400 +@@ -1,3 +1,21 @@ ++2007-08-28 Miloslav Trmač ++ ++ * configure.ac: Release 0.4.3. ++ * NEWS: Update. ++ ++ * src/audit_rules.py (Field.option_text): New parameter rule. Use ++ -p only in rules with -w, -F perm= otherwise. ++ (Rule.command_text): Add -k only after -S. ++ ++2007-08-02 Miloslav Trmač ++ ++ * src/main_window.py (N_): Remove useless definition. ++ ++2007-07-23 Miloslav Trmač ++ ++ * src/watch_list_dialog.py (_WatchTable._validate_rule): Fix a ++ crash when the rule has no AUDIT_WATCH or AUDIT_PERM field. ++ + 2007-07-17 Miloslav Trmač + + * system-config-audit.desktop.in (Categories): Add System, to move the +diff -ur audit-1.5.6.orig/system-config-audit/configure.ac audit-1.5.6/system-config-audit/configure.ac +--- audit-1.5.6.orig/system-config-audit/configure.ac 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/configure.ac 2007-08-28 14:08:59.000000000 -0400 +@@ -1,5 +1,5 @@ + # Process this file with autoconf to produce a configure script. +-AC_INIT([system-config-audit], [0.4.2], [mitr@redhat.com]) ++AC_INIT([system-config-audit], [0.4.3], [mitr@redhat.com]) + AC_COPYRIGHT( + [Copyright (C) 2007 Red Hat, Inc. All rights reserved. + +diff -ur audit-1.5.6.orig/system-config-audit/NEWS audit-1.5.6/system-config-audit/NEWS +--- audit-1.5.6.orig/system-config-audit/NEWS 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/NEWS 2007-08-28 14:08:59.000000000 -0400 +@@ -1,5 +1,10 @@ ++Changes in release 0.4.3: ++* Fix order of -k and -S, and using -p without -w, in audit rules ++* Fix a crash validating a non-watch rule ++* Move the menu entry to the Administration submenu in GNOME ++ + Changes in release 0.4.2: +-* Modify to run on RHEL 5. ++* Modify to run on RHEL 5 + + Changes in release 0.4.1: + * Add an install-fedora Makefile target +diff -ur audit-1.5.6.orig/system-config-audit/src/audit_rules.py audit-1.5.6/system-config-audit/src/audit_rules.py +--- audit-1.5.6.orig/system-config-audit/src/audit_rules.py 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/src/audit_rules.py 2007-08-28 14:08:59.000000000 -0400 +@@ -347,13 +347,18 @@ + self.op = self.OP_EQ + self.value = self.get_field_type(self.var).parse_value(string, self.op) + +- def option_text(self): +- '''Return a string representing this field as an auditctl option.''' ++ def option_text(self, rule): ++ '''Return a string representing this field as an auditctl option. ++ ++ Use rule to determine the correct syntax. ++ ++ ''' + val = self._value_text() + if self.var == audit.AUDIT_FILTERKEY: + assert self.op == self.OP_EQ + return '-k %s' % val +- elif self.var == audit.AUDIT_PERM: ++ elif (self.var == audit.AUDIT_PERM and ++ len([f for f in rule.fields if f.var == audit.AUDIT_WATCH]) == 1): + assert self.op == self.OP_EQ + return '-p %s' % val + else: +@@ -443,16 +448,21 @@ + o.append('-w %s' % watches[0].value) + watch_used = True + # Add fields before syscalls because -F arch=... may change the meaning +- # of syscall names ++ # of syscall names. But add AUDIT_FILTERKEY only after -S, auditctl ++ # stubbornly insists on that order. + for f in self.fields: +- if f.var != audit.AUDIT_WATCH or not watch_used: +- o.append(f.option_text()) ++ if (f.var != audit.AUDIT_FILTERKEY and ++ (f.var != audit.AUDIT_WATCH or not watch_used)): ++ o.append(f.option_text(self)) + if list is not rules.exclude_rules: + for s in self.syscalls: + if s == self.SYSCALLS_ALL: + o.append('-S all') + else: + o.append('-S %s' % util.syscall_string(s, self.machine)) ++ for f in self.fields: ++ if f.var == audit.AUDIT_FILTERKEY: ++ o.append(f.option_text(self)) + return ' '.join(o) + + def __eq__(self, rule): +diff -ur audit-1.5.6.orig/system-config-audit/src/main_window.py audit-1.5.6/system-config-audit/src/main_window.py +--- audit-1.5.6.orig/system-config-audit/src/main_window.py 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/src/main_window.py 2007-08-28 14:08:59.000000000 -0400 +@@ -32,8 +32,6 @@ + import settings + import util + +-def N_(s): return s +- + def exit_watch_rules(rules): + '''Split exit rules to lists for WatchListDialog and RuleListDialog. + +diff -ur audit-1.5.6.orig/system-config-audit/src/server.c audit-1.5.6/system-config-audit/src/server.c +--- audit-1.5.6.orig/system-config-audit/src/server.c 2007-08-28 14:08:15.000000000 -0400 ++++ audit-1.5.6/system-config-audit/src/server.c 2007-08-28 14:08:59.000000000 -0400 +@@ -200,7 +200,7 @@ + err = errno; + goto err_fd; + } +- if (st.st_size > SIZE_MAX) ++ if (st.st_size > (off_t)SIZE_MAX) + { + err = EFBIG; + goto err_fd;