rpms/audit
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- If kernel is in immutable mode, auditd should not send enable command

Browse Source
This commit is contained in:
Steve Grubb 2008-10-25 13:08:31 +00:00
parent 43fc1794e1
commit 5431994a68
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
audit-1.7.9-startup.patch Normal file
View File

@ -0,0 +1,12 @@
diff -urp audit-1.7.9.orig/src/auditd.c audit-1.7.9/src/auditd.c
--- audit-1.7.9.orig/src/auditd.c 2008-10-25 08:25:39.000000000 -0400
+++ audit-1.7.9/src/auditd.c 2008-10-25 08:42:08.000000000 -0400
@@ -664,7 +664,7 @@ int main(int argc, char *argv[])
tell_parent(SUCCESS);
/* Depending on value of opt_startup (-s) set initial audit state */
- if (opt_startup != startup_nochange &&
+ if ((audit_is_enabled(fd) < 2) && opt_startup != startup_nochange &&
audit_set_enabled(fd, (int)opt_startup) < 0) {
char emsg[DEFAULT_BUF_SZ];
if (*subj)

11
audit.spec
View File

@ -1,17 +1,18 @@
%define sca_version 0.4.8 %define sca_version 0.4.8
%define sca_release 7 %define sca_release 8
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
Summary: User space tools for 2.6 kernel auditing Summary: User space tools for 2.6 kernel auditing
Name: audit Name: audit
Version: 1.7.8 Version: 1.7.8
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Patch1: audit-1.7.9-bugs.patch Patch1: audit-1.7.9-bugs.patch
Patch2: audit-1.7.9-i386.patch Patch2: audit-1.7.9-i386.patch
Patch3: audit-1.7.9-startup.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: gettext-devel intltool libtool swig python-devel
BuildRequires: tcp_wrappers-devel BuildRequires: tcp_wrappers-devel
@ -90,6 +91,7 @@ A graphical utility for editing audit configuration.
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%build %build
(cd system-config-audit; ./autogen.sh) (cd system-config-audit; ./autogen.sh)
@ -278,7 +280,10 @@ fi
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
%changelog %changelog
* Thu Oct 23 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-3 * Sat Oct 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-4
- If kernel is in immutable mode, auditd should not send enable command
* Fri Oct 24 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-3
- Fix ausearch interpretting i386 syscalls on x86_64 machine - Fix ausearch interpretting i386 syscalls on x86_64 machine
* Thu Oct 23 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-2 * Thu Oct 23 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-2