From 78ce717674700bd9c40d227703a7b323e06ddf4c Mon Sep 17 00:00:00 2001 From: sgrubb Date: Tue, 22 Jul 2014 15:46:19 -0400 Subject: [PATCH] Bug 1117953 - Per fesco#1311, please disable syscall auditing by default --- audit.spec | 8 +++++++- never-audit.patch | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 never-audit.patch diff --git a/audit.spec b/audit.spec index 2cddf92..5206871 100644 --- a/audit.spec +++ b/audit.spec @@ -6,12 +6,14 @@ Summary: User space tools for 2.6 kernel auditing Name: audit Version: 2.3.7 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt +# FESCO asked for audit to be off by default. #1117953 +Patch1: never-audit.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: swig python-devel BuildRequires: tcp_wrappers-devel krb5-devel libcap-ng-devel @@ -91,6 +93,7 @@ behavior. %prep %setup -q cp %{SOURCE1} . +%patch1 -p1 %build %configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes --with-libwrap --enable-gssapi-krb5=yes --with-libcap-ng=yes --with-arm --with-aarch64 \ @@ -280,6 +283,9 @@ fi %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %changelog +* Tue Jul 22 2014 Steve Grubb 2.3.7-4 +- Bug 1117953 - Per fesco#1311, please disable syscall auditing by default + * Fri Jul 11 2014 Tom Callaway - 2.3.7-3 - mark license files properly diff --git a/never-audit.patch b/never-audit.patch new file mode 100644 index 0000000..ee93620 --- /dev/null +++ b/never-audit.patch @@ -0,0 +1,17 @@ +diff -ur audit.orig/init.d/audit.rules audit/init.d/audit.rules +--- audit.orig/init.d/audit.rules 2014-07-20 10:43:44.724841702 -0400 ++++ audit/init.d/audit.rules 2014-07-22 14:55:50.856253189 -0400 +@@ -6,9 +6,8 @@ + # First rule - delete all + -D + +-# Increase the buffers to survive stress events. +-# Make this bigger for busy systems +--b 320 +- +-# Feel free to add below this line. See auditctl man page ++# This suppresses syscall auditing for all tasks started ++# with this rule in effect. Remove it if you need syscall ++# auditing. ++-a task,never +