diff --git a/.cvsignore b/.cvsignore index a7c80ae..a7b9f00 100644 --- a/.cvsignore +++ b/.cvsignore @@ -80,3 +80,4 @@ audit-1.5.6.tar.gz audit-1.6.tar.gz audit-1.6.1.tar.gz audit-1.6.2.tar.gz +audit-1.6.5.tar.gz diff --git a/audit-1.6.3-noretry.patch b/audit-1.6.3-noretry.patch deleted file mode 100644 index 7281395..0000000 --- a/audit-1.6.3-noretry.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -urp audit-1.6.2.orig/audisp/audispd.c audit-1.6.2/audisp/audispd.c ---- audit-1.6.2.orig/audisp/audispd.c 2007-10-17 13:56:22.000000000 -0400 -+++ audit-1.6.2/audisp/audispd.c 2007-10-17 14:13:49.000000000 -0400 -@@ -369,7 +369,6 @@ int main(int argc, char *argv[]) - conf = plist_get_cur(&plugin_conf); - while (conf) { - free_pconfig(conf->p); -- free(conf->p); - conf = plist_next(&plugin_conf); - } - plist_clear(&plugin_conf); -diff -urp audit-1.6.2.orig/lib/lookup_table.c audit-1.6.2/lib/lookup_table.c ---- audit-1.6.2.orig/lib/lookup_table.c 2007-10-17 13:56:22.000000000 -0400 -+++ audit-1.6.2/lib/lookup_table.c 2007-10-17 13:56:49.000000000 -0400 -@@ -483,7 +483,7 @@ int audit_name_to_msg_type(const char *m - strncpy(buf, msg_type + 8, len); - errno = 0; - return strtol(buf, NULL, 10); -- } else if (isdigit(msg_type)) { -+ } else if (isdigit(*msg_type)) { - errno = 0; - return strtol(msg_type, NULL, 10); - } -diff -urp audit-1.6.2.orig/lib/msg_typetab.h audit-1.6.2/lib/msg_typetab.h ---- audit-1.6.2.orig/lib/msg_typetab.h 2007-10-17 13:56:22.000000000 -0400 -+++ audit-1.6.2/lib/msg_typetab.h 2007-10-17 13:57:27.000000000 -0400 -@@ -92,7 +92,7 @@ _S(AUDIT_KERNEL_OTHER, "KE - _S(AUDIT_FD_PAIR, "FD_PAIR" ) - _S(AUDIT_OBJ_PID, "OBJ_PID" ) - _S(AUDIT_TTY, "TTY" ) --//_S(AUDIT_EOE, "EOE" ) -+_S(AUDIT_EOE, "EOE" ) - _S(AUDIT_AVC, "AVC" ) - _S(AUDIT_SELINUX_ERR, "SELINUX_ERR" ) - _S(AUDIT_AVC_PATH, "AVC_PATH" ) -diff -urp audit-1.6.2.orig/src/auditd.c audit-1.6.2/src/auditd.c ---- audit-1.6.2.orig/src/auditd.c 2007-10-17 13:56:22.000000000 -0400 -+++ audit-1.6.2/src/auditd.c 2007-10-17 13:59:32.000000000 -0400 -@@ -127,16 +127,18 @@ static void distribute_event(struct audi - - /* End of Event is for realtime interface - skip local logging of it */ - if (rep->reply.type != AUDIT_EOE) { -+ int yield = rep->reply.type <= AUDIT_LAST_DAEMON && -+ rep->reply.type >= AUDIT_FIRST_DAEMON ? 1 : 0; -+ - /* Write to local disk */ - enqueue_event(rep); -- if (rep->reply.type <= AUDIT_LAST_DAEMON && -- rep->reply.type >= AUDIT_FIRST_DAEMON) -+ if (yield) - pthread_yield(); /* Let other thread try to log it. */ - } - - /* Last chance to send...maybe the pipe is empty now. */ -- if (attempt) -- dispatch_event(&rep->reply, attempt); -+// if (attempt) -+// dispatch_event(&rep->reply, attempt); - } - - /* diff --git a/audit.spec b/audit.spec index 15cea13..132f7b4 100644 --- a/audit.spec +++ b/audit.spec @@ -1,15 +1,16 @@ -%define sca_version 0.4.3 -%define sca_release 8 +%define sca_version 0.4.5 +%define sca_release 1 +%define selinux_variants mls strict targeted +%define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,') Summary: User space tools for 2.6 kernel auditing Name: audit -Version: 1.6.2 -Release: 4%{?dist} +Version: 1.6.5 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: %{name}-%{version}.tar.gz -Patch1: audit-1.6.3-noretry.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: kernel-headers >= 2.6.18 @@ -55,6 +56,27 @@ Requires: %{name}-libs = %{version}-%{release} The audit-libs-python package contains the bindings so that libaudit and libauparse can be used by python. +%package -n audispd-plugins +Summary: Plugins for the audit event dispatcher +License: GPLv2+ +Group: System Environment/Daemons +BuildRequires: openldap-devel +BuildRequires: checkpolicy selinux-policy-devel +Requires: %{name} = %{version}-%{release} +Requires: %{name}-libs = %{version}-%{release} +Requires: openldap +%if "%{selinux_policyver}" != "" +Requires: selinux-policy >= %{selinux_policyver} +%endif +Requires(post): /usr/sbin/semodule /sbin/restorecon +Requires(postun): /usr/sbin/semodule + +%description -n audispd-plugins +The audispd-plugins package provides plugins for the real-time +interface to the audit system, audispd. These plugins can do things +like relay events to remote machines or analyze events for suspicious +behavior. + %package -n system-config-audit Summary: Utility for editing audit configuration Version: %{sca_version} @@ -64,27 +86,42 @@ Group: Applications/System Requires: pygtk2-libglade usermode usermode-gtk %description -n system-config-audit -An utility for editing audit configuration. +A graphical utility for editing audit configuration. %prep %setup -q -%patch1 -p1 +mkdir zos-remote-policy +cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy %build (cd system-config-audit; ./autogen.sh) aclocal && autoconf && autoheader && automake %configure --sbindir=/sbin --libdir=/%{_lib} make +cd zos-remote-policy +for selinuxvariant in %{selinux_variants} +do + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile + mv audispd-zos-remote.pp audispd-zos-remote.pp.${selinuxvariant} + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean +done +cd - %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,rc.d/init.d}} -mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8} mkdir -p $RPM_BUILD_ROOT/%{_lib} mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit make DESTDIR=$RPM_BUILD_ROOT install make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora +for selinuxvariant in %{selinux_variants} +do + install -d $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant} + install -p -m 644 zos-remote-policy/audispd-zos-remote.pp.${selinuxvariant} \ + $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant}/audispd-zos-remote.pp +done mkdir -p $RPM_BUILD_ROOT/%{_libdir} # This winds up in the wrong place when libtool is involved @@ -112,16 +149,24 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf %find_lang system-config-audit -# Remove the plugin stuff for now -rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/au-ids.conf -rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/remote.conf -rm -f $RPM_BUILD_ROOT/sbin/audisp-ids +#% check +#make check %clean rm -rf $RPM_BUILD_ROOT +rm -rf zos-remote-policy %post libs -p /sbin/ldconfig +%post -n audispd-plugins +for selinuxvariant in %{selinux_variants} +do + /usr/sbin/semodule -s $selinuxvariant \ + -i %{_datadir}/selinux/$selinuxvariant/audispd-zos-remote.pp \ + &> /dev/null || : +done +/sbin/restorecon -F /sbin/audispd-zos-remote /etc/audisp/zos-remote.conf + %post /sbin/chkconfig --add auditd if [ -f /etc/auditd.conf ]; then @@ -148,6 +193,14 @@ fi %postun libs /sbin/ldconfig 2>/dev/null +%postun -n audispd-plugins +if [ $1 -eq 0 ]; then + for selinuxvariant in %{selinux_variants} + do + /usr/sbin/semodule -s $selinuxvariant -r audispd-zos-remote &>/dev/null || : + done +fi + %postun if [ $1 -ge 1 ]; then /sbin/service auditd condrestart > /dev/null 2>&1 || : @@ -180,14 +233,22 @@ fi %files %defattr(-,root,root,-) %doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron -%attr(0644,root,root) %{_mandir}/man8/* -%attr(0644,root,root) %{_mandir}/man5/* +%attr(644,root,root) %{_mandir}/man8/audispd.8.gz +%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz +%attr(644,root,root) %{_mandir}/man8/auditd.8.gz +%attr(644,root,root) %{_mandir}/man8/aureport.8.gz +%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz +%attr(644,root,root) %{_mandir}/man8/autrace.8.gz +%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz +%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz +%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(750,root,root) /sbin/auditctl %attr(750,root,root) /sbin/auditd %attr(755,root,root) /sbin/ausearch %attr(755,root,root) /sbin/aureport %attr(750,root,root) /sbin/autrace %attr(750,root,root) /sbin/audispd +%attr(750,root,root) /sbin/aulastlog %attr(755,root,root) /etc/rc.d/init.d/auditd %attr(750,root,root) %{_var}/log/audit %attr(750,root,root) %dir /etc/audit @@ -199,7 +260,16 @@ fi %config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf + +%files -n audispd-plugins +%defattr(-,root,root,-) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf +%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz +%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz +%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf +%attr(750,root,root) /sbin/audispd-zos-remote +%attr(755,root,root) %{_datadir}/selinux/*/audispd-zos-remote.pp %files -n system-config-audit -f system-config-audit.lang %defattr(-,root,root,-) @@ -217,6 +287,17 @@ fi %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %changelog +* Mon Jan 07 2008 Steve Grubb 1.6.5-1 +- New upstream version +- Add RACF zos remote audispd plugin (Klaus Kiwi) +- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440 +- Update system-config-audit to version 0.4.5 (Miloslav Trmac) +- Fix keep_logs when num_logs option disabled (#325561) +- Allow use of errno strings for exit codes in audit rules +- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639) +- Updated CAPP, LSPP, and NISPOM rules for new capabilities +- Added aulastlog utility + * Wed Oct 17 2007 Steve Grubb 1.6.2-4 - Fix race between threads accessing common data in auditd - Fix double free in event dispatcher. diff --git a/sources b/sources index 0aab50f..c3a9f03 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a95dbfa22e65669e4449f3accbe84aef audit-1.6.2.tar.gz +53ede8c7422cb251d01d06c7a5e3027b audit-1.6.5.tar.gz