- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)

- Check for audit log being writable by owner in auditd
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
- Added aulastlog utility
This commit is contained in:
Steve Grubb 2008-01-07 20:11:15 +00:00
parent 1d5ece1ce9
commit 61abc7b01e
4 changed files with 15 additions and 25 deletions

View File

@ -81,3 +81,4 @@ audit-1.6.tar.gz
audit-1.6.1.tar.gz audit-1.6.1.tar.gz
audit-1.6.2.tar.gz audit-1.6.2.tar.gz
audit-1.6.4.tar.gz audit-1.6.4.tar.gz
audit-1.6.5.tar.gz

View File

@ -1,16 +0,0 @@
diff -urp audit-1.6.5.orig/src/auditd-config.c audit-1.6.5/src/auditd-config.c
--- audit-1.6.5.orig/src/auditd-config.c 2007-12-30 17:01:29.000000000 -0500
+++ audit-1.6.5/src/auditd-config.c 2007-12-30 17:07:45.000000000 -0500
@@ -505,9 +505,9 @@ static int log_file_parser(struct nv_pai
audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
return 1;
}
- if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
- (S_IRUSR|S_IWUSR|S_IRGRP)) {
- audit_msg(LOG_ERR, "%s permissions should be 0640", nv->value);
+ if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
+ audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
+ nv->value);
return 1;
}
free((void *)config->log_file);

View File

@ -1,17 +1,16 @@
%define sca_version 0.4.5 %define sca_version 0.4.5
%define sca_release 4 %define sca_release 5
%define selinux_variants mls strict targeted %define selinux_variants mls strict targeted
%define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,') %define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,')
Summary: User space tools for 2.6 kernel auditing Summary: User space tools for 2.6 kernel auditing
Name: audit Name: audit
Version: 1.6.4 Version: 1.6.5
Release: 3%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
Patch1: audit-1.6.5-perm.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: gettext-devel intltool libtool swig python-devel
BuildRequires: kernel-headers >= 2.6.18 BuildRequires: kernel-headers >= 2.6.18
@ -91,7 +90,6 @@ A graphical utility for editing audit configuration.
%prep %prep
%setup -q %setup -q
%patch1 -p1
mkdir zos-remote-policy mkdir zos-remote-policy
cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
@ -156,6 +154,7 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
rm -rf zos-remote-policy
%post libs -p /sbin/ldconfig %post libs -p /sbin/ldconfig
@ -241,6 +240,7 @@ fi
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz %attr(644,root,root) %{_mandir}/man8/aureport.8.gz
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz %attr(644,root,root) %{_mandir}/man8/autrace.8.gz
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
%attr(750,root,root) /sbin/auditctl %attr(750,root,root) /sbin/auditctl
@ -249,6 +249,7 @@ fi
%attr(755,root,root) /sbin/aureport %attr(755,root,root) /sbin/aureport
%attr(750,root,root) /sbin/autrace %attr(750,root,root) /sbin/autrace
%attr(750,root,root) /sbin/audispd %attr(750,root,root) /sbin/audispd
%attr(750,root,root) /sbin/aulastlog
%attr(755,root,root) /etc/rc.d/init.d/auditd %attr(755,root,root) /etc/rc.d/init.d/auditd
%attr(750,root,root) %{_var}/log/audit %attr(750,root,root) %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit %attr(750,root,root) %dir /etc/audit
@ -264,9 +265,6 @@ fi
%files -n audispd-plugins %files -n audispd-plugins
%defattr(-,root,root,-) %defattr(-,root,root,-)
%attr(640,root,root) /etc/audisp/plugins.d/syslog.conf %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
%attr(640,root,root) /etc/audisp/plugins.d/au-ids.conf
%attr(640,root,root) /etc/audisp/plugins.d/remote.conf
%attr(750,root,root) /sbin/audisp-ids
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
@ -290,6 +288,13 @@ fi
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
%changelog %changelog
* Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1
- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
- Check for audit log being writable by owner in auditd
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
- Added aulastlog utility
* Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3 * Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3
- Allow 0600 file perms for audit logs - Allow 0600 file perms for audit logs

View File

@ -1 +1 @@
3845dc6b8fbca062984b4968a15c208f audit-1.6.4.tar.gz 53ede8c7422cb251d01d06c7a5e3027b audit-1.6.5.tar.gz