- Handle audit=0 boot option for 2.6.29 kernel (#487541)

2009-02-26 21:44:35 +00:00 · 2009-02-26 21:44:35 +00:00 · 6578fabf5e
commit 6578fabf5e
parent 60481bc88a
2 changed files with 137 additions and 2 deletions
--- a/audit-1.8-noaudit.patch
+++ b/audit-1.8-noaudit.patch
@ -0,0 +1,130 @@
+Index: /trunk/init.d/auditd.init
+===================================================================
+--- /trunk/init.d/auditd.init (revision 243)
+++ /trunk/init.d/auditd.init (revision 265)
+@@ -72,7 +72,7 @@
+ 	if test $RETVAL = 0 ; then
+ 		touch /var/lock/subsys/auditd
+		# Load the default rules
+		test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
+ 	fi
+-	# Load the default rules
+-	test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
+ 	return $RETVAL
+ }
+@@ -85,9 +85,15 @@
+ 	rm -f /var/lock/subsys/auditd
+ 	# Remove watches so shutdown works cleanly
+-	if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" ; then
+-		/sbin/auditctl -D >/dev/null
+	if test x"$AUDITD_CLEAN_STOP" != "x" ; then
+		if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no"
+		then
+			/sbin/auditctl -D >/dev/null
+		fi
+ 	fi
+-	if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no" ; then
+-		/sbin/auditctl -e 0 >/dev/null
+	if test x"$AUDITD_STOP_DISABLE" != "x" ; then
+		if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no"
+		then
+			/sbin/auditctl -e 0 >/dev/null
+		fi
+ 	fi
+ 	return $RETVAL
+Index: /trunk/ChangeLog
+===================================================================
+--- /trunk/ChangeLog (revision 264)
+++ /trunk/ChangeLog (revision 265)
+@@ -1,4 +1,5 @@
+ 1.8
+ - Disable asserts unless --with-debug passed to configure
+- Handle kernel 2.6.29's audit = 0 boot parameter better
+ 
+ 1.7.12
+Index: /trunk/src/auditctl.c
+===================================================================
+--- /trunk/src/auditctl.c (revision 242)
+++ /trunk/src/auditctl.c (revision 265)
+@@ -971,4 +971,6 @@
+ 	}
+     }
+    if (retval == -1 && errno == ECONNREFUSED)
+		fprintf(stderr,	"The audit system is disabled\n");
+     return retval;
+ }
+@@ -1086,4 +1088,10 @@
+ 					"There was an error in line %d of %s\n",
+ 					lineno, file);
+				else {
+					fprintf(stderr,
+					"The audit system is disabled\n");
+					fclose(f);
+					return 0;
+				}
+ 				if (!ignore) {
+ 					fclose(f);
+@@ -1122,4 +1130,7 @@
+ 				"The audit system is in immutable "
+ 				"mode, no rules loaded\n");
+			return 0;
+		} else if (errno == ECONNREFUSED) {
+			fprintf(stderr, "The audit system is disabled\n");
+ 			return 0;
+ 		} else if (fileopt(argv[2]))
+@@ -1141,4 +1152,7 @@
+ 				"The audit system is in immutable "
+ 				"mode, no rules loaded\n");
+			return 0;
+		} else if (errno == ECONNREFUSED) {
+			fprintf(stderr, "The audit system is disabled\n");
+ 			return 0;
+ 		}
+Index: /trunk/src/auditd-event.c
+===================================================================
+--- /trunk/src/auditd-event.c (revision 258)
+++ /trunk/src/auditd-event.c (revision 265)
+@@ -287,6 +287,7 @@
+ 			data->tail = NULL;
+ 		data->head = data->head->next;
+-		if (data->head == NULL && stop &&
+-					cur->reply.type == AUDIT_DAEMON_END)
+		if (data->head == NULL && stop && 
+				( cur->reply.type == AUDIT_DAEMON_END ||
+				cur->reply.type == AUDIT_DAEMON_ABORT) )
+ 			stop_req = 1;
+ 		pthread_mutex_unlock(&data->queue_lock);
+Index: /trunk/src/auditd.c
+===================================================================
+--- /trunk/src/auditd.c (revision 256)
+++ /trunk/src/auditd.c (revision 265)
+@@ -616,5 +616,5 @@
+ 			return 1;
+ 		}
+-		if(getsubj(subj))
+		if (getsubj(subj))
+ 			snprintf(start, sizeof(start),
+ 				"auditd start, ver=%s format=%s "
+@@ -684,5 +684,5 @@
+ 		send_audit_event(AUDIT_DAEMON_ABORT, emsg);
+ 		audit_msg(LOG_ERR,
+-		"Unable to set intitial audit startup state to '%s', exiting",
+		"Unable to set initial audit startup state to '%s', exiting",
+ 			startup_states[opt_startup]);
+ 		close_down();
+Index: /trunk/src/autrace.c
+===================================================================
+--- /trunk/src/autrace.c (revision 1)
+++ /trunk/src/autrace.c (revision 265)
+@@ -156,5 +156,10 @@
+ 	{
+ 		case -1:
+-			fprintf(stderr, "Error - can't get rule count.\n");
+			if (errno == ECONNREFUSED)
+		                fprintf(stderr,
+					"The audit system is disabled\n");
+			else
+				fprintf(stderr,
+					"Error - can't get rule count.\n");
+ 			return 1;
+ 		case 0:
--- a/audit.spec
+++ b/audit.spec
@ -1,7 +1,7 @@
 %define audit_version 1.7.12
-%define audit_release 1%{?dist}
+%define audit_release 2%{?dist}
 %define sca_version 0.4.8
-%define sca_release 16
+%define sca_release 17
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}

 Summary: User space tools for 2.6 kernel auditing
@ -12,6 +12,7 @@ License: GPLv2+
 Group: System Environment/Daemons
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
+Patch1: audit-1.8-noaudit.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: gettext-devel intltool libtool swig python-devel
 BuildRequires: tcp_wrappers-devel 
@ -89,6 +90,7 @@ A graphical utility for editing audit configuration.

 %prep
 %setup -q
+%patch1 -p1

 %build
 %configure --sbindir=/sbin --libdir=/%{_lib} --with-prelude --with-libwrap --enable-gssapi-krb5=no
@ -259,6 +261,9 @@ fi
 %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server

 %changelog
+* Thu Feb 25 2009 Steve Grubb <sgrubb@redhat.com> 1.7.12-2
+- Handle audit=0 boot option for 2.6.29 kernel (#487541)
+
 * Tue Feb 24 2009 Steve Grubb <sgrubb@redhat.com> 1.7.12-1
 - New upstream release