- External plugin support in place

- Fix reference counting in auparse python bindings (#263961)
- Moved default af_unix plugin socket to /var/run/audispd_events
This commit is contained in:
Steve Grubb 2007-09-02 16:49:22 +00:00
parent 114d2589bb
commit 862b73deea
5 changed files with 13 additions and 150 deletions

View File

@ -78,3 +78,4 @@ audit-1.5.3.tar.gz
audit-1.5.5.tar.gz
audit-1.5.6.tar.gz
audit-1.6.tar.gz
audit-1.6.1.tar.gz

View File

@ -1,16 +0,0 @@
diff -urp audit-1.6.orig/audisp/audispd.c audit-1.6/audisp/audispd.c
--- audit-1.6.orig/audisp/audispd.c 2007-08-29 12:57:42.000000000 -0400
+++ audit-1.6/audisp/audispd.c 2007-08-29 12:58:19.000000000 -0400
@@ -306,10 +306,10 @@ static void event_loop(void)
}
if (daemon_config.node_name_format != N_NONE) {
- asprintf(&v, "node=%s type=%s msg=%.*s",
+ asprintf(&v, "node=%s type=%s msg=%.*s\n",
name, type, e->hdr.size, e->data);
} else
- asprintf(&v, "type=%s msg=%.*s",
+ asprintf(&v, "type=%s msg=%.*s\n",
type, e->hdr.size, e->data);
// Got event, now distribute it to the plugins - builtins first

View File

@ -1,16 +1,14 @@
%define sca_version 0.4.3
%define sca_release 2
%define sca_release 3
Summary: User space tools for 2.6 kernel auditing
Name: audit
Version: 1.6
Release: 3%{?dist}
Version: 1.6.1
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/
Source0: %{name}-%{version}.tar.gz
Patch1: s-c-audit-0.4.3.patch
Patch2: audit-1.6-audispd.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gettext-devel intltool libtool swig python-devel
BuildRequires: kernel-headers >= 2.6.18
@ -69,8 +67,6 @@ An utility for editing audit configuration.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
(cd system-config-audit; ./autogen.sh)
@ -158,6 +154,7 @@ fi
%files libs-devel
%defattr(-,root,root)
%doc contrib/skeleton.c contrib/plugin
%{_libdir}/libaudit.a
%{_libdir}/libauparse.a
%{_libdir}/libaudit.so
@ -175,7 +172,7 @@ fi
%files
%defattr(-,root,root,-)
%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron
%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron
%attr(0644,root,root) %{_mandir}/man8/*
%attr(0644,root,root) %{_mandir}/man5/*
%attr(750,root,root) /sbin/auditctl
@ -194,7 +191,7 @@ fi
%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/*
%attr(640,root,root) /etc/audisp/plugins.d/*
%files -n system-config-audit -f system-config-audit.lang
%defattr(-,root,root,-)
@ -212,6 +209,11 @@ fi
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
%changelog
* Sun Sep 2 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-1
- External plugin support in place
- Fix reference counting in auparse python bindings (#263961)
- Moved default af_unix plugin socket to /var/run/audispd_events
* Wed Aug 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6-3
- Add newline to audispd string formatted events

View File

@ -1,124 +0,0 @@
diff -ur audit-1.5.6.orig/system-config-audit/ChangeLog audit-1.5.6/system-config-audit/ChangeLog
--- audit-1.5.6.orig/system-config-audit/ChangeLog 2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/ChangeLog 2007-08-28 14:20:16.000000000 -0400
@@ -1,3 +1,21 @@
+2007-08-28 Miloslav Trmač <mitr@redhat.com>
+
+ * configure.ac: Release 0.4.3.
+ * NEWS: Update.
+
+ * src/audit_rules.py (Field.option_text): New parameter rule. Use
+ -p only in rules with -w, -F perm= otherwise.
+ (Rule.command_text): Add -k only after -S.
+
+2007-08-02 Miloslav Trmač <mitr@redhat.com>
+
+ * src/main_window.py (N_): Remove useless definition.
+
+2007-07-23 Miloslav Trmač <mitr@redhat.com>
+
+ * src/watch_list_dialog.py (_WatchTable._validate_rule): Fix a
+ crash when the rule has no AUDIT_WATCH or AUDIT_PERM field.
+
2007-07-17 Miloslav Trmač <mitr@redhat.com>
* system-config-audit.desktop.in (Categories): Add System, to move the
diff -ur audit-1.5.6.orig/system-config-audit/configure.ac audit-1.5.6/system-config-audit/configure.ac
--- audit-1.5.6.orig/system-config-audit/configure.ac 2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/configure.ac 2007-08-28 14:08:59.000000000 -0400
@@ -1,5 +1,5 @@
# Process this file with autoconf to produce a configure script.
-AC_INIT([system-config-audit], [0.4.2], [mitr@redhat.com])
+AC_INIT([system-config-audit], [0.4.3], [mitr@redhat.com])
AC_COPYRIGHT(
[Copyright (C) 2007 Red Hat, Inc. All rights reserved.
diff -ur audit-1.5.6.orig/system-config-audit/NEWS audit-1.5.6/system-config-audit/NEWS
--- audit-1.5.6.orig/system-config-audit/NEWS 2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/NEWS 2007-08-28 14:08:59.000000000 -0400
@@ -1,5 +1,10 @@
+Changes in release 0.4.3:
+* Fix order of -k and -S, and using -p without -w, in audit rules
+* Fix a crash validating a non-watch rule
+* Move the menu entry to the Administration submenu in GNOME
+
Changes in release 0.4.2:
-* Modify to run on RHEL 5.
+* Modify to run on RHEL 5
Changes in release 0.4.1:
* Add an install-fedora Makefile target
diff -ur audit-1.5.6.orig/system-config-audit/src/audit_rules.py audit-1.5.6/system-config-audit/src/audit_rules.py
--- audit-1.5.6.orig/system-config-audit/src/audit_rules.py 2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/src/audit_rules.py 2007-08-28 14:08:59.000000000 -0400
@@ -347,13 +347,18 @@
self.op = self.OP_EQ
self.value = self.get_field_type(self.var).parse_value(string, self.op)
- def option_text(self):
- '''Return a string representing this field as an auditctl option.'''
+ def option_text(self, rule):
+ '''Return a string representing this field as an auditctl option.
+
+ Use rule to determine the correct syntax.
+
+ '''
val = self._value_text()
if self.var == audit.AUDIT_FILTERKEY:
assert self.op == self.OP_EQ
return '-k %s' % val
- elif self.var == audit.AUDIT_PERM:
+ elif (self.var == audit.AUDIT_PERM and
+ len([f for f in rule.fields if f.var == audit.AUDIT_WATCH]) == 1):
assert self.op == self.OP_EQ
return '-p %s' % val
else:
@@ -443,16 +448,21 @@
o.append('-w %s' % watches[0].value)
watch_used = True
# Add fields before syscalls because -F arch=... may change the meaning
- # of syscall names
+ # of syscall names. But add AUDIT_FILTERKEY only after -S, auditctl
+ # stubbornly insists on that order.
for f in self.fields:
- if f.var != audit.AUDIT_WATCH or not watch_used:
- o.append(f.option_text())
+ if (f.var != audit.AUDIT_FILTERKEY and
+ (f.var != audit.AUDIT_WATCH or not watch_used)):
+ o.append(f.option_text(self))
if list is not rules.exclude_rules:
for s in self.syscalls:
if s == self.SYSCALLS_ALL:
o.append('-S all')
else:
o.append('-S %s' % util.syscall_string(s, self.machine))
+ for f in self.fields:
+ if f.var == audit.AUDIT_FILTERKEY:
+ o.append(f.option_text(self))
return ' '.join(o)
def __eq__(self, rule):
diff -ur audit-1.5.6.orig/system-config-audit/src/main_window.py audit-1.5.6/system-config-audit/src/main_window.py
--- audit-1.5.6.orig/system-config-audit/src/main_window.py 2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/src/main_window.py 2007-08-28 14:08:59.000000000 -0400
@@ -32,8 +32,6 @@
import settings
import util
-def N_(s): return s
-
def exit_watch_rules(rules):
'''Split exit rules to lists for WatchListDialog and RuleListDialog.
diff -ur audit-1.5.6.orig/system-config-audit/src/server.c audit-1.5.6/system-config-audit/src/server.c
--- audit-1.5.6.orig/system-config-audit/src/server.c 2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/src/server.c 2007-08-28 14:08:59.000000000 -0400
@@ -200,7 +200,7 @@
err = errno;
goto err_fd;
}
- if (st.st_size > SIZE_MAX)
+ if (st.st_size > (off_t)SIZE_MAX)
{
err = EFBIG;
goto err_fd;

View File

@ -1 +1 @@
538b2fc33878e420da1daabc769d1e1b audit-1.6.tar.gz
ce393ed76e25dd95f2d54ae27e7a25be audit-1.6.1.tar.gz