From 57623a879a4905ff41cf0bcc839c9b4ad0f8bcc9 Mon Sep 17 00:00:00 2001 From: sgrubb Date: Mon, 11 Jan 2016 13:23:17 -0500 Subject: [PATCH] New upstream release - Fixes #1241565 - still logs way too much - Fixes #1238051 - audit.rules should be generated from by augenrules --- .gitignore | 1 + audit-2.3.3-augenrules.patch | 21 ------ audit.spec | 120 ++++------------------------------- never-audit.patch | 17 ----- sources | 2 +- 5 files changed, 16 insertions(+), 145 deletions(-) delete mode 100644 audit-2.3.3-augenrules.patch delete mode 100644 never-audit.patch diff --git a/.gitignore b/.gitignore index 36b2f4b..31fced3 100644 --- a/.gitignore +++ b/.gitignore @@ -131,3 +131,4 @@ audit-2.0.4.tar.gz /audit-2.4.3.tar.gz /audit-2.4.4.tar.gz /audit-2.4.5.tar.gz +/audit-2.5.tar.gz diff --git a/audit-2.3.3-augenrules.patch b/audit-2.3.3-augenrules.patch deleted file mode 100644 index f408308..0000000 --- a/audit-2.3.3-augenrules.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -urp audit-2.3.3.orig/init.d/auditd.service audit-2.3.3/init.d/auditd.service ---- audit-2.3.3.orig/init.d/auditd.service 2014-01-16 06:24:42.000000000 -0500 -+++ audit-2.3.3/init.d/auditd.service 2014-03-18 12:47:13.682617960 -0400 -@@ -8,12 +8,11 @@ RefuseManualStop=yes - - [Service] - ExecStart=/sbin/auditd -n --## To use augenrules, copy this file to /etc/systemd/system/auditd.service --## and uncomment the next line and delete/comment out the auditctl line. --## Then copy existing rules to /etc/audit/rules.d/ --## Not doing this last step can cause loss of existing rules --#ExecStartPost=-/sbin/augenrules --load --ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules -+## To not use augenrules, copy this file to /etc/systemd/system/auditd.service -+## and comment/delete the next line and uncomment the auditctl line. -+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ -+ExecStartPost=-/sbin/augenrules --load -+#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules - ExecReload=/bin/kill -HUP $MAINPID - - [Install] diff --git a/audit.spec b/audit.spec index 201d17c..fc6c4d4 100644 --- a/audit.spec +++ b/audit.spec @@ -2,17 +2,13 @@ Summary: User space tools for 2.6 kernel auditing Name: audit -Version: 2.4.5 +Version: 2.5 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt -# FESCO asked for audit to be off by default. #1117953 -Patch1: never-audit.patch -Patch2: audit-2.3.3-augenrules.patch - BuildRequires: openldap-devel BuildRequires: swig BuildRequires: python-devel @@ -106,8 +102,6 @@ behavior. %prep %setup -q cp %{SOURCE1} . -%patch1 -p1 -%patch2 -p1 %build %configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes \ @@ -122,7 +116,7 @@ cp %{SOURCE1} . make CFLAGS="%{optflags}" %{?_smp_mflags} %install -mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audispd/plugins.d} +mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audispd/plugins.d,etc/audit/rules.d} mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8} mkdir -p $RPM_BUILD_ROOT/%{_lib} mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit @@ -167,8 +161,10 @@ rm -rf $RPM_BUILD_ROOT %post # Copy default rules into place on new installation -if [ ! -e /etc/audit/audit.rules ] ; then - cp /etc/audit/rules.d/audit.rules /etc/audit/audit.rules +files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` +if [ "$files" -eq 0 ] ; then +# FESCO asked for audit to be off by default. #1117953 + cp /usr/share/doc/audit/rules/10-no-audit.rules /etc/audit/rules.d/audit.rules fi %systemd_post auditd.service @@ -227,7 +223,7 @@ fi %files %defattr(-,root,root,-) -%doc README ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron +%doc README ChangeLog rules init.d/auditd.cron %{!?_licensedir:%global license %%doc} %license COPYING %attr(644,root,root) %{_mandir}/man8/audispd.8.gz @@ -256,7 +252,7 @@ fi %attr(755,root,root) %{_bindir}/aulastlog %attr(755,root,root) %{_bindir}/ausyscall %attr(755,root,root) %{_bindir}/auvirt -%attr(640,root,root) %{_unitdir}/auditd.service +%attr(644,root,root) %{_unitdir}/auditd.service %attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate @@ -269,7 +265,7 @@ fi %attr(750,root,root) %dir /etc/audisp %attr(750,root,root) %dir /etc/audisp/plugins.d %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf -%config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules +%ghost %config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf @@ -290,6 +286,11 @@ fi %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %changelog +* Mon Jan 11 2016 Steve Grubb 2.5.1-1 +- New upstream release +- Fixes #1241565 - still logs way too much +- Fixes #1238051 - audit.rules should be generated from by augenrules + * Fri Dec 18 2015 Steve Grubb 2.4.4-1 - New upstream bugfix release @@ -377,96 +378,3 @@ fi * Fri May 03 2013 Steve Grubb 2.3-2 - If no rules exist, copy shipped rules into place -* Tue Apr 30 2013 Steve Grubb 2.3-1 -- New upstream bugfix release - -* Thu Mar 21 2013 Steve Grubb 2.2.3-2 -- Fix clone syscall interpretation - -* Tue Mar 19 2013 Steve Grubb 2.2.3-1 -- New upstream bugfix release - -* Wed Feb 13 2013 Fedora Release Engineering - 2.2.2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Wed Jan 16 2013 Steve Grubb 2.2.2-4 -- Don't make auditd.service file executable (#896113) - -* Fri Jan 11 2013 Steve Grubb 2.2.2-3 -- Do not own /usr/lib64/audit - -* Wed Dec 12 2012 Steve Grubb 2.2.2-2 -- New upstream release - -* Wed Jul 18 2012 Fedora Release Engineering - 2.2.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Fri Mar 23 2012 Steve Grubb 2.2.1-1 -- New upstream release - -* Thu Mar 1 2012 Steve Grubb 2.2-1 -- New upstream release - -* Thu Jan 12 2012 Fedora Release Engineering - 2.1.3-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Thu Sep 15 2011 Adam Williamson 2.1.3-4 -- add in some systemd scriptlets that were missed, including one which - will cause auditd to be enabled on upgrade from pre-systemd builds - -* Wed Sep 14 2011 Steve Grubb 2.1.3-3 -- Enable by default (#737060) - -* Tue Aug 30 2011 Steve Grubb 2.1.3-2 -- Correct misplaced %ifnarch (#734359) - -* Mon Aug 15 2011 Steve Grubb 2.1.3-1 -- New upstream release - -* Tue Jul 26 2011 Jóhann B. Guðmundsson - 2.1.2-2 -- Introduce systemd unit file, drop SysV support - -* Sat Jun 11 2011 Steve Grubb 2.1.2-1 -- New upstream release - -* Wed Apr 20 2011 Steve Grubb 2.1.1-1 -- New upstream release - -* Tue Mar 29 2011 Steve Grubb 2.1-1 -- New upstream release - -* Mon Feb 07 2011 Fedora Release Engineering - 2.0.6-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Fri Feb 04 2011 Steve Grubb 2.0.6-1 -- New upstream release - -* Thu Jan 20 2011 Karsten Hopp 2.0.5-2 -- bump and rebuild as 2.0.5-1 was erroneously linked with python-2.6 on ppc - -* Tue Nov 02 2010 Steve Grubb 2.0.5-1 -- New upstream release - -* Wed Jul 21 2010 David Malcolm - 2.0.4-4 -- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild - -* Tue Feb 16 2010 Adam Jackson 2.0.4-3 -- audit-2.0.4-add-needed.patch: Fix FTBFS for --no-add-needed - -* Fri Jan 29 2010 Steve Grubb 2.0.4-2 -- Split out static libs (#556039) - -* Tue Dec 08 2009 Steve Grubb 2.0.4-1 -- New upstream release - -* Sat Oct 17 2009 Steve Grubb 2.0.3-1 -- New upstream release - -* Fri Oct 16 2009 Steve Grubb 2.0.2-1 -- New upstream release - -* Mon Sep 28 2009 Steve Grubb 2.0.1-1 -- New upstream release - -* Fri Aug 21 2009 Steve Grubb 2.0-3 -- New upstream release diff --git a/never-audit.patch b/never-audit.patch deleted file mode 100644 index ee93620..0000000 --- a/never-audit.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -ur audit.orig/init.d/audit.rules audit/init.d/audit.rules ---- audit.orig/init.d/audit.rules 2014-07-20 10:43:44.724841702 -0400 -+++ audit/init.d/audit.rules 2014-07-22 14:55:50.856253189 -0400 -@@ -6,9 +6,8 @@ - # First rule - delete all - -D - --# Increase the buffers to survive stress events. --# Make this bigger for busy systems ---b 320 -- --# Feel free to add below this line. See auditctl man page -+# This suppresses syscall auditing for all tasks started -+# with this rule in effect. Remove it if you need syscall -+# auditing. -+-a task,never - diff --git a/sources b/sources index 3de4618..0d6005a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -501db6fb5318d24b53bb68d536d991da audit-2.4.5.tar.gz +e721d48f3e1927c84b7c176b3bdbc443 audit-2.5.tar.gz