rpms/audit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import audit-3.0.7-100.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-03-01 08:04:32 -05:00 committed by Stepan Oksanichenko
parent df5aaa8592
commit 69e6562299
7 changed files with 10 additions and 1020 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.audit.metadata
View File

@ -1 +1 @@
b109c5bfae1ea3641523f693ce54a4746ba5a034 SOURCES/audit-3.0.5.tar.gz
7c485e7c97eb25f7413eaf1dd3edb03ad0b2619f SOURCES/audit-3.0.7.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/audit-3.0.5.tar.gz
SOURCES/audit-3.0.7.tar.gz

34
SOURCES/0002-audit-3.0.6-time.patch
View File

@ -1,34 +0,0 @@
---
auparse/auparse.c | 2 +-
src/ausearch-lol.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index cc7ba5c..75ad8e7 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1202,7 +1202,7 @@ static int extract_timestamp(const char *b, au_event_t *e)
// at this point we have type=
ptr = audit_strsplit(NULL);
// strlen is for fuzzers that make invalid lines
- if (ptr && strnlen(ptr, 28) > 24) {
+ if (ptr && strnlen(ptr, 20) > 18) {
if (*(ptr+9) == '(')
ptr+=9;
else
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index bb596a2..4a7e5fd 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -194,7 +194,7 @@ static int extract_timestamp(const char *b, event *e)
// Now should be pointing to msg=
ptr = audit_strsplit(NULL);
// strlen is for fuzzers that make invalid lines
- if (ptr && strlen(ptr) > 24) {
+ if (ptr && strnlen(ptr, 20) > 18) {
if (*(ptr+9) == '(')
ptr+=9;
else
--
2.31.1

801
SOURCES/0003-Carry-functions-file-from-initscripts-in-audit.patch
View File

@ -1,801 +0,0 @@
From a474b904deb127a766ef8c9b5ef899e5ff801346 Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Tue, 31 Aug 2021 11:04:42 -0300
Subject: [PATCH] Carry functions file from initscripts in audit
Also update legacy service actions to use updated functions file.
---
init.d/auditd.init | 2 +-
init.d/auditd.reload | 2 +-
init.d/auditd.resume | 2 +-
init.d/auditd.rotate | 2 +-
init.d/auditd.state | 2 +-
init.d/auditd.stop | 2 +-
init.d/functions | 697 +++++++++++++++++++++++++++++++++++++++++++
7 files changed, 703 insertions(+), 6 deletions(-)
create mode 100644 init.d/functions
diff --git a/init.d/auditd.init b/init.d/auditd.init
index cfb4af8..f2150f2 100644
--- a/init.d/auditd.init
+++ b/init.d/auditd.init
@@ -29,7 +29,7 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
# Source function library.
-. /etc/init.d/functions
+. /usr/share/audit/functions
# Allow anyone to run status
if [ "$1" = "status" ] ; then
diff --git a/init.d/auditd.reload b/init.d/auditd.reload
index 9c30295..5341a9a 100644
--- a/init.d/auditd.reload
+++ b/init.d/auditd.reload
@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
-. /etc/rc.d/init.d/functions
+. /usr/share/audit/functions
printf "Reconfiguring: "
/sbin/augenrules --load
diff --git a/init.d/auditd.resume b/init.d/auditd.resume
index f1d2157..01cc42d 100644
--- a/init.d/auditd.resume
+++ b/init.d/auditd.resume
@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
-. /etc/rc.d/init.d/functions
+. /usr/share/audit/functions
printf "Resuming logging: "
killproc $prog -USR2
diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
index 2b13cf7..94728c8 100644
--- a/init.d/auditd.rotate
+++ b/init.d/auditd.rotate
@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
-. /etc/rc.d/init.d/functions
+. /usr/share/audit/functions
printf "Rotating logs: "
killproc $prog -USR1
diff --git a/init.d/auditd.state b/init.d/auditd.state
index c7e291e..04bb4f5 100644
--- a/init.d/auditd.state
+++ b/init.d/auditd.state
@@ -8,7 +8,7 @@ test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
state_file="/var/run/auditd.state"
-. /etc/rc.d/init.d/functions
+. /usr/share/audit/functions
printf "Getting auditd internal state: "
killproc $prog -CONT
diff --git a/init.d/auditd.stop b/init.d/auditd.stop
index 7c74723..de6f264 100644
--- a/init.d/auditd.stop
+++ b/init.d/auditd.stop
@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
-. /etc/rc.d/init.d/functions
+. /usr/share/audit/functions
pid="$(__pids_pidof "$prog")"
printf "Stopping logging: "
diff --git a/init.d/functions b/init.d/functions
new file mode 100644
index 0000000..e557619
--- /dev/null
+++ b/init.d/functions
@@ -0,0 +1,697 @@
+# -*-Shell-script-*-
+#
+# functions This file contains functions to be used by most or all
+# shell scripts in the /etc/init.d directory.
+#
+
+TEXTDOMAIN=initscripts
+
+# Make sure umask is sane
+umask 022
+
+# Set up a default search path.
+PATH="/sbin:/usr/sbin:/bin:/usr/bin"
+export PATH
+
+if [ $PPID -ne 1 -a -z "$SYSTEMCTL_SKIP_REDIRECT" ] && \
+ [ -d /run/systemd/system ] ; then
+ case "$0" in
+ /etc/init.d/*|/etc/rc.d/init.d/*)
+ _use_systemctl=1
+ ;;
+ esac
+fi
+
+systemctl_redirect () {
+ local s
+ local prog=${1##*/}
+ local command=$2
+ local options=""
+
+ case "$command" in
+ start)
+ s=$"Starting $prog (via systemctl): "
+ ;;
+ stop)
+ s=$"Stopping $prog (via systemctl): "
+ ;;
+ reload|try-reload)
+ s=$"Reloading $prog configuration (via systemctl): "
+ ;;
+ restart|try-restart|condrestart)
+ s=$"Restarting $prog (via systemctl): "
+ ;;
+ esac
+
+ if [ -n "$SYSTEMCTL_IGNORE_DEPENDENCIES" ] ; then
+ options="--ignore-dependencies"
+ fi
+
+ if ! systemctl show "$prog.service" > /dev/null 2>&1 || \
+ systemctl show -p LoadState "$prog.service" | grep -q 'not-found' ; then
+ action $"Reloading systemd: " /bin/systemctl daemon-reload
+ fi
+
+ action "$s" /bin/systemctl $options $command "$prog.service"
+}
+
+# Get a sane screen width
+[ -z "${COLUMNS:-}" ] && COLUMNS=80
+
+# Read in our configuration
+if [ -z "${BOOTUP:-}" ]; then
+ if [ -f /etc/sysconfig/init ]; then
+ . /etc/sysconfig/init
+ else
+ # verbose ->> very (very!) old bootup look (prior to RHL-6.0?)
+ # color ->> default bootup look
+ # other ->> default bootup look without ANSI colors or positioning
+ BOOTUP=color
+ # Column to start "[ OK ]" label in:
+ RES_COL=60
+ # terminal sequence to move to that column:
+ MOVE_TO_COL="echo -en \\033[${RES_COL}G"
+ # Terminal sequence to set color to a 'success' (bright green):
+ SETCOLOR_SUCCESS="echo -en \\033[1;32m"
+ # Terminal sequence to set color to a 'failure' (bright red):
+ SETCOLOR_FAILURE="echo -en \\033[1;31m"
+ # Terminal sequence to set color to a 'warning' (bright yellow):
+ SETCOLOR_WARNING="echo -en \\033[1;33m"
+ # Terminal sequence to reset to the default color:
+ SETCOLOR_NORMAL="echo -en \\033[0;39m"
+
+ # Verbosity of logging:
+ LOGLEVEL=1
+ fi
+
+ # NOTE: /dev/ttyS* is serial console. "not a tty" is such as
+ # /dev/null associated when executed under systemd service units.
+ if LANG=C tty | grep -q -e '\(/dev/ttyS\|not a tty\)'; then
+ BOOTUP=serial
+ MOVE_TO_COL=
+ SETCOLOR_SUCCESS=
+ SETCOLOR_FAILURE=
+ SETCOLOR_WARNING=
+ SETCOLOR_NORMAL=
+ fi
+fi
+
+# Check if any of $pid (could be plural) are running
+checkpid() {
+ local i
+
+ for i in $* ; do
+ [ -d "/proc/$i" ] && return 0
+ done
+ return 1
+}
+
+__kill_pids_term_kill_checkpids() {
+ local base_stime=$1
+ shift 1
+ local pid=
+ local pids=$*
+ local remaining=
+ local stat=
+ local stime=
+
+ for pid in $pids ; do
+ [ ! -e "/proc/$pid" ] && continue
+ read -r line < "/proc/$pid/stat" 2> /dev/null
+
+ stat=($line)
+ stime=${stat[21]}
+
+ [ -n "$stime" ] && [ "$base_stime" -lt "$stime" ] && continue
+ remaining+="$pid "
+ done
+
+ echo "$remaining"
+ [ -n "$remaining" ] && return 1
+
+ return 0
+}
+
+__kill_pids_term_kill() {
+ local try=0
+ local delay=3;
+ local pid=
+ local stat=
+ local base_stime=
+
+ # We can't initialize stat & base_stime on the same line where 'local'
+ # keyword is, otherwise the sourcing of this file will fail for ksh...
+ stat=($(< /proc/self/stat))
+ base_stime=${stat[21]}
+
+ if [ "$1" = "-d" ]; then
+ delay=$2
+ shift 2
+ fi
+
+ local kill_list=$*
+
+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list)
+
+ [ -z "$kill_list" ] && return 0
+
+ kill -TERM $kill_list >/dev/null 2>&1
+ sleep 0.1
+
+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list)
+ if [ -n "$kill_list" ] ; then
+ while [ $try -lt $delay ] ; do
+ sleep 1
+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list)
+ [ -z "$kill_list" ] && break
+ let try+=1
+ done
+ if [ -n "$kill_list" ] ; then
+ kill -KILL $kill_list >/dev/null 2>&1
+ sleep 0.1
+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list)
+ fi
+ fi
+
+ [ -n "$kill_list" ] && return 1
+ return 0
+}
+
+# __proc_pids {program} [pidfile]
+# Set $pid to pids from /run* for {program}. $pid should be declared
+# local in the caller.
+# Returns LSB exit code for the 'status' action.
+__pids_var_run() {
+ local base=${1##*/}
+ local pid_file=${2:-/run/$base.pid}
+ local pid_dir=$(/usr/bin/dirname $pid_file > /dev/null)
+ local binary=$3
+
+ [ -d "$pid_dir" ] && [ ! -r "$pid_dir" ] && return 4
+
+ pid=
+ if [ -f "$pid_file" ] ; then
+ local line p
+
+ [ ! -r "$pid_file" ] && return 4 # "user had insufficient privilege"
+ while : ; do
+ read line
+ [ -z "$line" ] && break
+ for p in $line ; do
+ if [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] ; then
+ if [ -n "$binary" ] ; then
+ local b=$(readlink /proc/$p/exe | sed -e 's/\s*(deleted)$//')
+ [ "$b" != "$binary" ] && continue
+ fi
+ pid="$pid $p"
+ fi
+ done
+ done < "$pid_file"
+
+ if [ -n "$pid" ]; then
+ return 0
+ fi
+ return 1 # "Program is dead and /run pid file exists"
+ fi
+ return 3 # "Program is not running"
+}
+
+# Output PIDs of matching processes, found using pidof
+__pids_pidof() {
+ pidof -c -o $$ -o $PPID -o %PPID -x "$1" || \
+ pidof -c -o $$ -o $PPID -o %PPID -x "${1##*/}"
+}
+
+
+# A function to start a program.
+daemon() {
+ # Test syntax.
+ local gotbase= force= nicelevel corelimit
+ local pid base= user= nice= bg= pid_file=
+ local cgroup=
+ nicelevel=0
+ while [ "$1" != "${1##[-+]}" ]; do
+ case $1 in
+ '')
+ echo $"$0: Usage: daemon [+/-nicelevel] {program}" "[arg1]..."
+ return 1
+ ;;
+ --check)
+ base=$2
+ gotbase="yes"
+ shift 2
+ ;;
+ --check=?*)
+ base=${1#--check=}
+ gotbase="yes"
+ shift
+ ;;
+ --user)
+ user=$2
+ shift 2
+ ;;
+ --user=?*)
+ user=${1#--user=}
+ shift
+ ;;
+ --pidfile)
+ pid_file=$2
+ shift 2
+ ;;
+ --pidfile=?*)
+ pid_file=${1#--pidfile=}
+ shift
+ ;;
+ --force)
+ force="force"
+ shift
+ ;;
+ [-+][0-9]*)
+ nice="nice -n $1"
+ shift
+ ;;
+ *)
+ echo $"$0: Usage: daemon [+/-nicelevel] {program}" "[arg1]..."
+ return 1
+ ;;
+ esac
+ done
+
+ # Save basename.
+ [ -z "$gotbase" ] && base=${1##*/}
+
+ # See if it's already running. Look *only* at the pid file.
+ __pids_var_run "$base" "$pid_file"
+
+ [ -n "$pid" -a -z "$force" ] && return
+
+ # make sure it doesn't core dump anywhere unless requested
+ corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"
+
+ # if they set NICELEVEL in /etc/sysconfig/foo, honor it
+ [ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL"
+
+ # Echo daemon
+ [ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base"
+
+ # And start it up.
+ if [ -z "$user" ]; then
+ $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*"
+ else
+ $nice runuser -s /bin/bash $user -c "$corelimit >/dev/null 2>&1 ; $*"
+ fi
+
+ [ "$?" -eq 0 ] && success $"$base startup" || failure $"$base startup"
+}
+
+# A function to stop a program.
+killproc() {
+ local RC killlevel= base pid pid_file= delay try binary=
+
+ RC=0; delay=3; try=0
+ # Test syntax.
+ if [ "$#" -eq 0 ]; then
+ echo $"Usage: killproc [-p {pidfile} [-b {binary}]] [-d {delay}] {program} [-signal]"
+ return 1
+ fi
+ if [ "$1" = "-p" ]; then
+ pid_file=$2
+ shift 2
+ fi
+ if [ "$1" = "-b" ]; then
+ if [ -z $pid_file ]; then
+ echo $"-b option can be used only with -p"
+ echo $"Usage: killproc [-p {pidfile} [-b {binary}]] [-d {delay}] {program} [-signal]"
+ return 1
+ fi
+ binary=$2
+ shift 2
+ fi
+ if [ "$1" = "-d" ]; then
+ delay=$(echo $2 | awk -v RS=' ' -v IGNORECASE=1 '{if($1!~/^[0-9.]+[smhd]?$/) exit 1;d=$1~/s$|^[0-9.]*$/?1:$1~/m$/?60:$1~/h$/?60*60:$1~/d$/?24*60*60:-1;if(d==-1) exit 1;delay+=d*$1} END {printf("%d",delay+0.5)}')
+ if [ "$?" -eq 1 ]; then
+ echo $"Usage: killproc [-p {pidfile} [-b {binary}]] [-d {delay}] {program} [-signal]"
+ return 1
+ fi
+ shift 2
+ fi
+
+
+ # check for second arg to be kill level
+ [ -n "${2:-}" ] && killlevel=$2
+
+ # Save basename.
+ base=${1##*/}
+
+ # Find pid.
+ __pids_var_run "$1" "$pid_file" "$binary"
+ RC=$?
+ if [ -z "$pid" ]; then
+ if [ -z "$pid_file" ]; then
+ pid="$(__pids_pidof "$1")"
+ else
+ [ "$RC" = "4" ] && { failure $"$base shutdown" ; return $RC ;}
+ fi
+ fi
+
+ # Kill it.
+ if [ -n "$pid" ] ; then
+ [ "$BOOTUP" = "verbose" -a -z "${LSB:-}" ] && echo -n "$base "
+ if [ -z "$killlevel" ] ; then
+ __kill_pids_term_kill -d $delay $pid
+ RC=$?
+ [ "$RC" -eq 0 ] && success $"$base shutdown" || failure $"$base shutdown"
+ # use specified level only
+ else
+ if checkpid $pid; then
+ kill $killlevel $pid >/dev/null 2>&1
+ RC=$?
+ [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel"
+ elif [ -n "${LSB:-}" ]; then
+ RC=7 # Program is not running
+ fi
+ fi
+ else
+ if [ -n "${LSB:-}" -a -n "$killlevel" ]; then
+ RC=7 # Program is not running
+ else
+ failure $"$base shutdown"
+ RC=0
+ fi
+ fi
+
+ # Remove pid file if any.
+ if [ -z "$killlevel" ]; then
+ rm -f "${pid_file:-/run/$base.pid}"
+ fi
+ return $RC
+}
+
+# A function to find the pid of a program. Looks *only* at the pidfile
+pidfileofproc() {
+ local pid
+
+ # Test syntax.
+ if [ "$#" = 0 ] ; then
+ echo $"Usage: pidfileofproc {program}"
+ return 1
+ fi
+
+ __pids_var_run "$1"
+ [ -n "$pid" ] && echo $pid
+ return 0
+}
+
+# A function to find the pid of a program.
+pidofproc() {
+ local RC pid pid_file=
+
+ # Test syntax.
+ if [ "$#" = 0 ]; then
+ echo $"Usage: pidofproc [-p {pidfile}] {program}"
+ return 1
+ fi
+ if [ "$1" = "-p" ]; then
+ pid_file=$2
+ shift 2
+ fi
+ fail_code=3 # "Program is not running"
+
+ # First try "/run/*.pid" files
+ __pids_var_run "$1" "$pid_file"
+ RC=$?
+ if [ -n "$pid" ]; then
+ echo $pid
+ return 0
+ fi
+
+ [ -n "$pid_file" ] && return $RC
+ __pids_pidof "$1" || return $RC
+}
+
+status() {
+ local base pid lock_file= pid_file= binary=
+
+ # Test syntax.
+ if [ "$#" = 0 ] ; then
+ echo $"Usage: status [-p {pidfile}] [-l {lockfile}] [-b {binary}] {program}"
+ return 1
+ fi
+ if [ "$1" = "-p" ]; then
+ pid_file=$2
+ shift 2
+ fi
+ if [ "$1" = "-l" ]; then
+ lock_file=$2
+ shift 2
+ fi
+ if [ "$1" = "-b" ]; then
+ if [ -z $pid_file ]; then
+ echo $"-b option can be used only with -p"
+ echo $"Usage: status [-p {pidfile}] [-l {lockfile}] [-b {binary}] {program}"
+ return 1
+ fi
+ binary=$2
+ shift 2
+ fi
+ base=${1##*/}
+
+ if [ "$_use_systemctl" = "1" ]; then
+ systemctl status ${0##*/}.service
+ ret=$?
+ # LSB daemons that dies abnormally in systemd looks alive in systemd's eyes due to RemainAfterExit=yes
+ # lets adjust the reality a little bit
+ if systemctl show -p ActiveState ${0##*/}.service | grep -q '=active$' && \
+ systemctl show -p SubState ${0##*/}.service | grep -q '=exited$' ; then
+ ret=3
+ fi
+ return $ret
+ fi
+
+ # First try "pidof"
+ __pids_var_run "$1" "$pid_file" "$binary"
+ RC=$?
+ if [ -z "$pid_file" -a -z "$pid" ]; then
+ pid="$(__pids_pidof "$1")"
+ fi
+ if [ -n "$pid" ]; then
+ echo $"${base} (pid $pid) is running..."
+ return 0
+ fi
+
+ case "$RC" in
+ 0)
+ echo $"${base} (pid $pid) is running..."
+ return 0
+ ;;
+ 1)
+ echo $"${base} dead but pid file exists"
+ return 1
+ ;;
+ 4)
+ echo $"${base} status unknown due to insufficient privileges."
+ return 4
+ ;;
+ esac
+ if [ -z "${lock_file}" ]; then
+ lock_file=${base}
+ fi
+ # See if /var/lock/subsys/${lock_file} exists
+ if [ -f /var/lock/subsys/${lock_file} ]; then
+ echo $"${base} dead but subsys locked"
+ return 2
+ fi
+ echo $"${base} is stopped"
+ return 3
+}
+
+echo_success() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS
+ echo -n $" OK "
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 0
+}
+
+echo_failure() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
+ echo -n $"FAILED"
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 1
+}
+
+echo_passed() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
+ echo -n $"PASSED"
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 1
+}
+
+echo_warning() {
+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
+ echo -n "["
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
+ echo -n $"WARNING"
+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
+ echo -n "]"
+ echo -ne "\r"
+ return 1
+}
+
+# Inform the graphical boot of our current state
+update_boot_stage() {
+ if [ -x /bin/plymouth ]; then
+ /bin/plymouth --update="$1"
+ fi
+ return 0
+}
+
+# Log that something succeeded
+success() {
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_success
+ return 0
+}
+
+# Log that something failed
+failure() {
+ local rc=$?
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_failure
+ [ -x /bin/plymouth ] && /bin/plymouth --details
+ return $rc
+}
+
+# Log that something passed, but may have had errors. Useful for fsck
+passed() {
+ local rc=$?
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_passed
+ return $rc
+}
+
+# Log a warning
+warning() {
+ local rc=$?
+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_warning
+ return $rc
+}
+
+# Run some action. Log its output.
+action() {
+ local STRING rc
+
+ STRING=$1
+ echo -n "$STRING "
+ shift
+ "$@" && success $"$STRING" || failure $"$STRING"
+ rc=$?
+ echo
+ return $rc
+}
+
+# returns OK if $1 contains $2
+strstr() {
+ [ "${1#*$2*}" = "$1" ] && return 1
+ return 0
+}
+
+# Check whether file $1 is a backup or rpm-generated file and should be ignored
+# Copy of the function is present in usr/sbin/service
+is_ignored_file() {
+ case "$1" in
+ *~ | *.bak | *.old | *.orig | *.rpmnew | *.rpmorig | *.rpmsave)
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Convert the value ${1} of time unit ${2}-seconds into seconds:
+convert2sec() {
+ local retval=""
+
+ case "${2}" in
+ deci) retval=$(awk "BEGIN {printf \"%.1f\", ${1} / 10}") ;;
+ centi) retval=$(awk "BEGIN {printf \"%.2f\", ${1} / 100}") ;;
+ mili) retval=$(awk "BEGIN {printf \"%.3f\", ${1} / 1000}") ;;
+ micro) retval=$(awk "BEGIN {printf \"%.6f\", ${1} / 1000000}") ;;
+ nano) retval=$(awk "BEGIN {printf \"%.9f\", ${1} / 1000000000}") ;;
+ piko) retval=$(awk "BEGIN {printf \"%.12f\", ${1} / 1000000000000}") ;;
+ esac
+
+ echo "${retval}"
+}
+
+# Evaluate shvar-style booleans
+is_true() {
+ case "$1" in
+ [tT] | [yY] | [yY][eE][sS] | [oO][nN] | [tT][rR][uU][eE] | 1)
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Evaluate shvar-style booleans
+is_false() {
+ case "$1" in
+ [fF] | [nN] | [nN][oO] | [oO][fF][fF] | [fF][aA][lL][sS][eE] | 0)
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Apply sysctl settings, including files in /etc/sysctl.d
+apply_sysctl() {
+ if [ -x /lib/systemd/systemd-sysctl ]; then
+ /lib/systemd/systemd-sysctl
+ else
+ for file in /usr/lib/sysctl.d/*.conf ; do
+ is_ignored_file "$file" && continue
+ [ -f /run/sysctl.d/${file##*/} ] && continue
+ [ -f /etc/sysctl.d/${file##*/} ] && continue
+ test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1
+ done
+ for file in /run/sysctl.d/*.conf ; do
+ is_ignored_file "$file" && continue
+ [ -f /etc/sysctl.d/${file##*/} ] && continue
+ test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1
+ done
+ for file in /etc/sysctl.d/*.conf ; do
+ is_ignored_file "$file" && continue
+ test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1
+ done
+ sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1
+ fi
+}
+
+# A sed expression to filter out the files that is_ignored_file recognizes
+__sed_discard_ignored_files='/\(~\|\.bak\|\.old\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'
+
+if [ "$_use_systemctl" = "1" ]; then
+ if [ "x$1" = xstart -o \
+ "x$1" = xstop -o \
+ "x$1" = xrestart -o \
+ "x$1" = xreload -o \
+ "x$1" = xtry-restart -o \
+ "x$1" = xforce-reload -o \
+ "x$1" = xcondrestart ] ; then
+
+ systemctl_redirect $0 $1
+ exit $?
+ fi
+fi
+
+strstr "$(cat /proc/cmdline)" "rc.debug" && set -x
+return 0
+
--
2.31.1

26
SOURCES/0004-When-interpreting-if-val-is-NULL-return-an-empty-str.patch
View File

@ -1,26 +0,0 @@
From ae210cb59accb6ee03488b6ec14fb67aca22660f Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 21 Aug 2021 10:20:11 -0400
Subject: [PATCH 4/4] When interpreting, if val is NULL return an empty string
---
auparse/interpret.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 177ab82..63829aa 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -840,6 +840,9 @@ static char *print_escaped(const char *val)
{
char *out;
+ if (val == NULL)
+ return strdup(" ");
+
if (*val == '"') {
char *term;
val++;
--
2.33.1

142
SOURCES/0005-auparse-refact-nvlist-cleanup-cod.patch
View File

@ -1,142 +0,0 @@
From 96a197fb642933b625996947b2e18ff2ed1df261 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Wed, 3 Nov 2021 10:22:55 -0300
Subject: [PATCH 5/5] auparse: refact nvlist cleanup cod
The nvlist_clear function tries to guess whether we allocated a buffer
or if the pointer points to a spot in the parsed up record by using a
name. This is fragile because someone actually used a reserved name in
a record unexpectedly. The refactored code does a range check to see if
the pointer is within the parsed up buffer area. If not, it can free the
buffer.
Backport of upstream 5baa2a860c
---
auparse/ellist.c | 12 ++++++++++--
auparse/nvlist.c | 23 +++++++++++++++++------
auparse/nvlist.h | 2 +-
auparse/rnode.h | 1 +
4 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/auparse/ellist.c b/auparse/ellist.c
index bbb4064..048ac4c 100644
--- a/auparse/ellist.c
+++ b/auparse/ellist.c
@@ -103,7 +103,7 @@ static char *escape(const char *tmp)
static int parse_up_record(rnode* r)
{
char *ptr, *buf, *saved=NULL;
- unsigned int offset = 0;
+ unsigned int offset = 0, len;
// Potentially cut the record in two
ptr = strchr(r->record, AUDIT_INTERP_SEPARATOR);
@@ -112,7 +112,15 @@ static int parse_up_record(rnode* r)
ptr++;
}
r->interp = ptr;
- r->nv.record = buf = strdup(r->record);
+ // Rather than call strndup, we will do it ourselves to reduce
+ // the number of interations across the record.
+ // len includes the string terminator.
+ len = strlen(r->record) + 1;
+ r->nv.record = buf = malloc(len);
+ if (r->nv.record == NULL)
+ return -1;
+ memcpy(r->nv.record, r->record, len);
+ r->nv.end = r->nv.record + len;
ptr = audit_strsplit_r(buf, &saved);
if (ptr == NULL) {
free(buf);
diff --git a/auparse/nvlist.c b/auparse/nvlist.c
index 99c7c2b..c9ccc8f 100644
--- a/auparse/nvlist.c
+++ b/auparse/nvlist.c
@@ -36,11 +36,13 @@ void nvlist_create(nvlist *l)
l->cur = 0;
l->cnt = 0;
l->record = NULL;
+ l->end = NULL;
}
}
nvnode *nvlist_next(nvlist *l)
{
+ // Since cur will be incremented, check for 1 less that total
if (l->cnt && l->cur < (l->cnt - 1)) {
l->cur++;
return &l->array[l->cur];
@@ -125,11 +127,21 @@ const char *nvlist_interp_cur_val(rnode *r, auparse_esc_t escape_mode)
return do_interpret(r, escape_mode);
}
+// This function determines if a chunk of memory is part of the parsed up
+// record. If it is, do not free it since it gets free'd at the very end.
+// NOTE: This function causes invalid-pointer-pair errors with ASAN
+static inline int not_in_rec_buf(nvlist *l, const char *ptr)
+{
+ if (ptr >= l->record && ptr < l->end)
+ return 0;
+ return 1;
+}
+
// free_interp does not apply to thing coming from interpretation_list
-void nvlist_clear(nvlist* l, int free_interp)
+void nvlist_clear(nvlist *l, int free_interp)
{
unsigned int i = 0;
- register nvnode* current;
+ register nvnode *current;
if (l->cnt == 0)
return;
@@ -140,11 +152,9 @@ void nvlist_clear(nvlist* l, int free_interp)
free(current->interp_val);
// A couple items are not in parsed up list.
// These all come from the aup_list_append path.
- if ((strcmp(current->name, "key") == 0) ||
- (strcmp(current->name, "seperms") == 0) ||
- (strcmp(current->name, "seresult") == 0)) {
+ if (not_in_rec_buf(l, current->name)) {
// seperms & key values are strdup'ed
- if (current->name[2] != 'r')
+ if (not_in_rec_buf(l, current->val))
free(current->val);
free(current->name);
}
@@ -153,6 +163,7 @@ void nvlist_clear(nvlist* l, int free_interp)
}
free((void *)l->record);
l->record = NULL;
+ l->end = NULL;
l->cur = 0;
l->cnt = 0;
}
diff --git a/auparse/nvlist.h b/auparse/nvlist.h
index b006caa..59f3e13 100644
--- a/auparse/nvlist.h
+++ b/auparse/nvlist.h
@@ -45,7 +45,7 @@ static inline const char *nvlist_get_cur_val_interp(nvlist *l)
AUDIT_HIDDEN_START
void nvlist_create(nvlist *l);
-void nvlist_clear(nvlist* l, int free_interp);
+void nvlist_clear(nvlist *l, int free_interp);
nvnode *nvlist_next(nvlist *l);
int nvlist_get_cur_type(rnode *r);
const char *nvlist_interp_cur_val(rnode *r, auparse_esc_t escape_mode);
diff --git a/auparse/rnode.h b/auparse/rnode.h
index 06303c7..69f0843 100644
--- a/auparse/rnode.h
+++ b/auparse/rnode.h
@@ -40,6 +40,7 @@ typedef struct {
unsigned int cur; // Index to current node
unsigned int cnt; // How many items in this list
char *record; // Holds the parsed up record
+ char *end; // End of the parsed up record
} nvlist;
--
2.33.1

23
SPECS/audit.spec
View File

@ -1,18 +1,14 @@
Summary: User space tools for kernel auditing
Name: audit
Version: 3.0.5
Release: 5%{?dist}
Version: 3.0.7
Release: 100%{?dist}
License: GPLv2+
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch1: 0001-Add-ausysrulevalidate.patch
Patch2: 0002-audit-3.0.6-time.patch
Patch3: 0003-Carry-functions-file-from-initscripts-in-audit.patch
Patch4: 0004-When-interpreting-if-val-is-NULL-return-an-empty-str.patch
Patch5: 0005-auparse-refact-nvlist-cleanup-cod.patch
BuildRequires: make gcc swig
BuildRequires: openldap-devel
@ -94,10 +90,6 @@ Management Facility) database, through an IBM Tivoli Directory Server
%setup -q
cp %{SOURCE1} .
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
# Remove the ids code, its not ready
sed -i 's/ ids / /' audisp/plugins/Makefile.in
@ -121,10 +113,6 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
mkdir -p $RPM_BUILD_ROOT/%{_datadir}
make DESTDIR=$RPM_BUILD_ROOT install
# Copy functions file.
install -m750 %{_builddir}/%{name}-%{version}/init.d/functions \
$RPM_BUILD_ROOT/%{_datadir}/%{name}/functions
# Validate sample rules shipped.
for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do
PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \
@ -199,6 +187,7 @@ fi
%doc README ChangeLog init.d/auditd.cron
%{!?_licensedir:%global license %%doc}
%license COPYING
%attr(750,root,root) %{_datadir}/%{name}
%attr(644,root,root) %{_datadir}/%{name}/sample-rules/*
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
@ -233,7 +222,7 @@ fi
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_datadir}/%{name}/functions
%attr(750,root,root) %{_libexecdir}/audit-functions
%ghost %{_localstatedir}/run/auditd.state
%attr(-,root,-) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit
@ -268,6 +257,10 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog
* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-100
- New upstream release, 3.0.7
Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-5
- auparse: refact nvlist cleanup code
Resolves: rhbz#2008965