- Allow 0600 file perms for audit logs

2007-12-31 03:48:17 +00:00 · 2007-12-31 03:48:17 +00:00 · 1d5ece1ce9
commit 1d5ece1ce9
parent 1a7594d87f
2 changed files with 19 additions and 3 deletions
--- a/audit-1.6.5-perm.patch
+++ b/audit-1.6.5-perm.patch
@ -0,0 +1,16 @@
+diff -urp audit-1.6.5.orig/src/auditd-config.c audit-1.6.5/src/auditd-config.c
+--- audit-1.6.5.orig/src/auditd-config.c	2007-12-30 17:01:29.000000000 -0500
+++ audit-1.6.5/src/auditd-config.c	2007-12-30 17:07:45.000000000 -0500
+@@ -505,9 +505,9 @@ static int log_file_parser(struct nv_pai
+ 		audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
+ 		return 1;
+ 	}
+-	if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != 
+-			  (S_IRUSR|S_IWUSR|S_IRGRP)) {
+-		audit_msg(LOG_ERR, "%s permissions should be 0640", nv->value);
+	if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
+		audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
+				nv->value);
+ 		return 1;
+ 	}
+ 	free((void *)config->log_file);
--- a/audit.spec
+++ b/audit.spec
@ -1,12 +1,12 @@
 %define sca_version 0.4.5
-%define sca_release 3
+%define sca_release 4
 %define selinux_variants mls strict targeted
 %define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,')

 Summary: User space tools for 2.6 kernel auditing
 Name: audit
 Version: 1.6.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://people.redhat.com/sgrubb/audit/
@ -290,7 +290,7 @@ fi
 %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server

 %changelog
-* Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-2
+* Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3
 - Allow 0600 file perms for audit logs

 * Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1