- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
- Check for audit log being writable by owner in auditd - If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639) - Updated CAPP, LSPP, and NISPOM rules for new capabilities - Added aulastlog utility
This commit is contained in:
parent
1d5ece1ce9
commit
61abc7b01e
@ -81,3 +81,4 @@ audit-1.6.tar.gz
|
|||||||
audit-1.6.1.tar.gz
|
audit-1.6.1.tar.gz
|
||||||
audit-1.6.2.tar.gz
|
audit-1.6.2.tar.gz
|
||||||
audit-1.6.4.tar.gz
|
audit-1.6.4.tar.gz
|
||||||
|
audit-1.6.5.tar.gz
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
diff -urp audit-1.6.5.orig/src/auditd-config.c audit-1.6.5/src/auditd-config.c
|
|
||||||
--- audit-1.6.5.orig/src/auditd-config.c 2007-12-30 17:01:29.000000000 -0500
|
|
||||||
+++ audit-1.6.5/src/auditd-config.c 2007-12-30 17:07:45.000000000 -0500
|
|
||||||
@@ -505,9 +505,9 @@ static int log_file_parser(struct nv_pai
|
|
||||||
audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
- if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
|
|
||||||
- (S_IRUSR|S_IWUSR|S_IRGRP)) {
|
|
||||||
- audit_msg(LOG_ERR, "%s permissions should be 0640", nv->value);
|
|
||||||
+ if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
|
|
||||||
+ audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
|
|
||||||
+ nv->value);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
free((void *)config->log_file);
|
|
21
audit.spec
21
audit.spec
@ -1,17 +1,16 @@
|
|||||||
%define sca_version 0.4.5
|
%define sca_version 0.4.5
|
||||||
%define sca_release 4
|
%define sca_release 5
|
||||||
%define selinux_variants mls strict targeted
|
%define selinux_variants mls strict targeted
|
||||||
%define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,')
|
%define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,')
|
||||||
|
|
||||||
Summary: User space tools for 2.6 kernel auditing
|
Summary: User space tools for 2.6 kernel auditing
|
||||||
Name: audit
|
Name: audit
|
||||||
Version: 1.6.4
|
Version: 1.6.5
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
URL: http://people.redhat.com/sgrubb/audit/
|
URL: http://people.redhat.com/sgrubb/audit/
|
||||||
Source0: %{name}-%{version}.tar.gz
|
Source0: %{name}-%{version}.tar.gz
|
||||||
Patch1: audit-1.6.5-perm.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: gettext-devel intltool libtool swig python-devel
|
BuildRequires: gettext-devel intltool libtool swig python-devel
|
||||||
BuildRequires: kernel-headers >= 2.6.18
|
BuildRequires: kernel-headers >= 2.6.18
|
||||||
@ -91,7 +90,6 @@ A graphical utility for editing audit configuration.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
|
||||||
mkdir zos-remote-policy
|
mkdir zos-remote-policy
|
||||||
cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
|
cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
|
||||||
|
|
||||||
@ -156,6 +154,7 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
|||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
rm -rf zos-remote-policy
|
||||||
|
|
||||||
%post libs -p /sbin/ldconfig
|
%post libs -p /sbin/ldconfig
|
||||||
|
|
||||||
@ -241,6 +240,7 @@ fi
|
|||||||
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
|
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
|
||||||
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
|
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
|
||||||
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
|
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
|
||||||
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
|
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
|
||||||
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
|
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
|
||||||
%attr(750,root,root) /sbin/auditctl
|
%attr(750,root,root) /sbin/auditctl
|
||||||
@ -249,6 +249,7 @@ fi
|
|||||||
%attr(755,root,root) /sbin/aureport
|
%attr(755,root,root) /sbin/aureport
|
||||||
%attr(750,root,root) /sbin/autrace
|
%attr(750,root,root) /sbin/autrace
|
||||||
%attr(750,root,root) /sbin/audispd
|
%attr(750,root,root) /sbin/audispd
|
||||||
|
%attr(750,root,root) /sbin/aulastlog
|
||||||
%attr(755,root,root) /etc/rc.d/init.d/auditd
|
%attr(755,root,root) /etc/rc.d/init.d/auditd
|
||||||
%attr(750,root,root) %{_var}/log/audit
|
%attr(750,root,root) %{_var}/log/audit
|
||||||
%attr(750,root,root) %dir /etc/audit
|
%attr(750,root,root) %dir /etc/audit
|
||||||
@ -264,9 +265,6 @@ fi
|
|||||||
%files -n audispd-plugins
|
%files -n audispd-plugins
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
|
%attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
|
||||||
%attr(640,root,root) /etc/audisp/plugins.d/au-ids.conf
|
|
||||||
%attr(640,root,root) /etc/audisp/plugins.d/remote.conf
|
|
||||||
%attr(750,root,root) /sbin/audisp-ids
|
|
||||||
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
|
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
|
||||||
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
|
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
|
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
|
||||||
@ -290,6 +288,13 @@ fi
|
|||||||
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
|
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1
|
||||||
|
- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
|
||||||
|
- Check for audit log being writable by owner in auditd
|
||||||
|
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
|
||||||
|
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
|
||||||
|
- Added aulastlog utility
|
||||||
|
|
||||||
* Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3
|
* Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3
|
||||||
- Allow 0600 file perms for audit logs
|
- Allow 0600 file perms for audit logs
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user