New upstream release
- Fixes #1241565 - still logs way too much - Fixes #1238051 - audit.rules should be generated from by augenrules
This commit is contained in:
parent
40f23da18c
commit
57623a879a
1
.gitignore
vendored
1
.gitignore
vendored
@ -131,3 +131,4 @@ audit-2.0.4.tar.gz
|
|||||||
/audit-2.4.3.tar.gz
|
/audit-2.4.3.tar.gz
|
||||||
/audit-2.4.4.tar.gz
|
/audit-2.4.4.tar.gz
|
||||||
/audit-2.4.5.tar.gz
|
/audit-2.4.5.tar.gz
|
||||||
|
/audit-2.5.tar.gz
|
||||||
|
@ -1,21 +0,0 @@
|
|||||||
diff -urp audit-2.3.3.orig/init.d/auditd.service audit-2.3.3/init.d/auditd.service
|
|
||||||
--- audit-2.3.3.orig/init.d/auditd.service 2014-01-16 06:24:42.000000000 -0500
|
|
||||||
+++ audit-2.3.3/init.d/auditd.service 2014-03-18 12:47:13.682617960 -0400
|
|
||||||
@@ -8,12 +8,11 @@ RefuseManualStop=yes
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=/sbin/auditd -n
|
|
||||||
-## To use augenrules, copy this file to /etc/systemd/system/auditd.service
|
|
||||||
-## and uncomment the next line and delete/comment out the auditctl line.
|
|
||||||
-## Then copy existing rules to /etc/audit/rules.d/
|
|
||||||
-## Not doing this last step can cause loss of existing rules
|
|
||||||
-#ExecStartPost=-/sbin/augenrules --load
|
|
||||||
-ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
|
||||||
+## To not use augenrules, copy this file to /etc/systemd/system/auditd.service
|
|
||||||
+## and comment/delete the next line and uncomment the auditctl line.
|
|
||||||
+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
|
|
||||||
+ExecStartPost=-/sbin/augenrules --load
|
|
||||||
+#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
|
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
|
||||||
|
|
||||||
[Install]
|
|
120
audit.spec
120
audit.spec
@ -2,17 +2,13 @@
|
|||||||
|
|
||||||
Summary: User space tools for 2.6 kernel auditing
|
Summary: User space tools for 2.6 kernel auditing
|
||||||
Name: audit
|
Name: audit
|
||||||
Version: 2.4.5
|
Version: 2.5
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
URL: http://people.redhat.com/sgrubb/audit/
|
URL: http://people.redhat.com/sgrubb/audit/
|
||||||
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
||||||
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
||||||
# FESCO asked for audit to be off by default. #1117953
|
|
||||||
Patch1: never-audit.patch
|
|
||||||
Patch2: audit-2.3.3-augenrules.patch
|
|
||||||
|
|
||||||
BuildRequires: openldap-devel
|
BuildRequires: openldap-devel
|
||||||
BuildRequires: swig
|
BuildRequires: swig
|
||||||
BuildRequires: python-devel
|
BuildRequires: python-devel
|
||||||
@ -106,8 +102,6 @@ behavior.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes \
|
%configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes \
|
||||||
@ -122,7 +116,7 @@ cp %{SOURCE1} .
|
|||||||
make CFLAGS="%{optflags}" %{?_smp_mflags}
|
make CFLAGS="%{optflags}" %{?_smp_mflags}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audispd/plugins.d}
|
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audispd/plugins.d,etc/audit/rules.d}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
|
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_lib}
|
mkdir -p $RPM_BUILD_ROOT/%{_lib}
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
|
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
|
||||||
@ -167,8 +161,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
%post
|
%post
|
||||||
# Copy default rules into place on new installation
|
# Copy default rules into place on new installation
|
||||||
if [ ! -e /etc/audit/audit.rules ] ; then
|
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
|
||||||
cp /etc/audit/rules.d/audit.rules /etc/audit/audit.rules
|
if [ "$files" -eq 0 ] ; then
|
||||||
|
# FESCO asked for audit to be off by default. #1117953
|
||||||
|
cp /usr/share/doc/audit/rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
|
||||||
fi
|
fi
|
||||||
%systemd_post auditd.service
|
%systemd_post auditd.service
|
||||||
|
|
||||||
@ -227,7 +223,7 @@ fi
|
|||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%doc README ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron
|
%doc README ChangeLog rules init.d/auditd.cron
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
|
%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
|
||||||
@ -256,7 +252,7 @@ fi
|
|||||||
%attr(755,root,root) %{_bindir}/aulastlog
|
%attr(755,root,root) %{_bindir}/aulastlog
|
||||||
%attr(755,root,root) %{_bindir}/ausyscall
|
%attr(755,root,root) %{_bindir}/ausyscall
|
||||||
%attr(755,root,root) %{_bindir}/auvirt
|
%attr(755,root,root) %{_bindir}/auvirt
|
||||||
%attr(640,root,root) %{_unitdir}/auditd.service
|
%attr(644,root,root) %{_unitdir}/auditd.service
|
||||||
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
|
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
|
||||||
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
|
||||||
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
|
||||||
@ -269,7 +265,7 @@ fi
|
|||||||
%attr(750,root,root) %dir /etc/audisp
|
%attr(750,root,root) %dir /etc/audisp
|
||||||
%attr(750,root,root) %dir /etc/audisp/plugins.d
|
%attr(750,root,root) %dir /etc/audisp/plugins.d
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
|
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules
|
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules
|
||||||
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
|
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
|
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
|
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
|
||||||
@ -290,6 +286,11 @@ fi
|
|||||||
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
|
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 11 2016 Steve Grubb <sgrubb@redhat.com> 2.5.1-1
|
||||||
|
- New upstream release
|
||||||
|
- Fixes #1241565 - still logs way too much
|
||||||
|
- Fixes #1238051 - audit.rules should be generated from by augenrules
|
||||||
|
|
||||||
* Fri Dec 18 2015 Steve Grubb <sgrubb@redhat.com> 2.4.4-1
|
* Fri Dec 18 2015 Steve Grubb <sgrubb@redhat.com> 2.4.4-1
|
||||||
- New upstream bugfix release
|
- New upstream bugfix release
|
||||||
|
|
||||||
@ -377,96 +378,3 @@ fi
|
|||||||
* Fri May 03 2013 Steve Grubb <sgrubb@redhat.com> 2.3-2
|
* Fri May 03 2013 Steve Grubb <sgrubb@redhat.com> 2.3-2
|
||||||
- If no rules exist, copy shipped rules into place
|
- If no rules exist, copy shipped rules into place
|
||||||
|
|
||||||
* Tue Apr 30 2013 Steve Grubb <sgrubb@redhat.com> 2.3-1
|
|
||||||
- New upstream bugfix release
|
|
||||||
|
|
||||||
* Thu Mar 21 2013 Steve Grubb <sgrubb@redhat.com> 2.2.3-2
|
|
||||||
- Fix clone syscall interpretation
|
|
||||||
|
|
||||||
* Tue Mar 19 2013 Steve Grubb <sgrubb@redhat.com> 2.2.3-1
|
|
||||||
- New upstream bugfix release
|
|
||||||
|
|
||||||
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jan 16 2013 Steve Grubb <sgrubb@redhat.com> 2.2.2-4
|
|
||||||
- Don't make auditd.service file executable (#896113)
|
|
||||||
|
|
||||||
* Fri Jan 11 2013 Steve Grubb <sgrubb@redhat.com> 2.2.2-3
|
|
||||||
- Do not own /usr/lib64/audit
|
|
||||||
|
|
||||||
* Wed Dec 12 2012 Steve Grubb <sgrubb@redhat.com> 2.2.2-2
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.1-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Mar 23 2012 Steve Grubb <sgrubb@redhat.com> 2.2.1-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Mar 1 2012 Steve Grubb <sgrubb@redhat.com> 2.2-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Sep 15 2011 Adam Williamson <awilliam@redhat.com> 2.1.3-4
|
|
||||||
- add in some systemd scriptlets that were missed, including one which
|
|
||||||
will cause auditd to be enabled on upgrade from pre-systemd builds
|
|
||||||
|
|
||||||
* Wed Sep 14 2011 Steve Grubb <sgrubb@redhat.com> 2.1.3-3
|
|
||||||
- Enable by default (#737060)
|
|
||||||
|
|
||||||
* Tue Aug 30 2011 Steve Grubb <sgrubb@redhat.com> 2.1.3-2
|
|
||||||
- Correct misplaced %ifnarch (#734359)
|
|
||||||
|
|
||||||
* Mon Aug 15 2011 Steve Grubb <sgrubb@redhat.com> 2.1.3-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Tue Jul 26 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.1.2-2
|
|
||||||
- Introduce systemd unit file, drop SysV support
|
|
||||||
|
|
||||||
* Sat Jun 11 2011 Steve Grubb <sgrubb@redhat.com> 2.1.2-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Apr 20 2011 Steve Grubb <sgrubb@redhat.com> 2.1.1-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Tue Mar 29 2011 Steve Grubb <sgrubb@redhat.com> 2.1-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.6-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Feb 04 2011 Steve Grubb <sgrubb@redhat.com> 2.0.6-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Jan 20 2011 Karsten Hopp <karsten@redhat.com> 2.0.5-2
|
|
||||||
- bump and rebuild as 2.0.5-1 was erroneously linked with python-2.6 on ppc
|
|
||||||
|
|
||||||
* Tue Nov 02 2010 Steve Grubb <sgrubb@redhat.com> 2.0.5-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.4-4
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
|
||||||
|
|
||||||
* Tue Feb 16 2010 Adam Jackson <ajax@redhat.com> 2.0.4-3
|
|
||||||
- audit-2.0.4-add-needed.patch: Fix FTBFS for --no-add-needed
|
|
||||||
|
|
||||||
* Fri Jan 29 2010 Steve Grubb <sgrubb@redhat.com> 2.0.4-2
|
|
||||||
- Split out static libs (#556039)
|
|
||||||
|
|
||||||
* Tue Dec 08 2009 Steve Grubb <sgrubb@redhat.com> 2.0.4-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sat Oct 17 2009 Steve Grubb <sgrubb@redhat.com> 2.0.3-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Fri Oct 16 2009 Steve Grubb <sgrubb@redhat.com> 2.0.2-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Mon Sep 28 2009 Steve Grubb <sgrubb@redhat.com> 2.0.1-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Fri Aug 21 2009 Steve Grubb <sgrubb@redhat.com> 2.0-3
|
|
||||||
- New upstream release
|
|
||||||
|
@ -1,17 +0,0 @@
|
|||||||
diff -ur audit.orig/init.d/audit.rules audit/init.d/audit.rules
|
|
||||||
--- audit.orig/init.d/audit.rules 2014-07-20 10:43:44.724841702 -0400
|
|
||||||
+++ audit/init.d/audit.rules 2014-07-22 14:55:50.856253189 -0400
|
|
||||||
@@ -6,9 +6,8 @@
|
|
||||||
# First rule - delete all
|
|
||||||
-D
|
|
||||||
|
|
||||||
-# Increase the buffers to survive stress events.
|
|
||||||
-# Make this bigger for busy systems
|
|
||||||
--b 320
|
|
||||||
-
|
|
||||||
-# Feel free to add below this line. See auditctl man page
|
|
||||||
+# This suppresses syscall auditing for all tasks started
|
|
||||||
+# with this rule in effect. Remove it if you need syscall
|
|
||||||
+# auditing.
|
|
||||||
+-a task,never
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user