- External plugin support in place
- Fix reference counting in auparse python bindings (#263961) - Moved default af_unix plugin socket to /var/run/audispd_events
This commit is contained in:
parent
114d2589bb
commit
862b73deea
@ -78,3 +78,4 @@ audit-1.5.3.tar.gz
|
||||
audit-1.5.5.tar.gz
|
||||
audit-1.5.6.tar.gz
|
||||
audit-1.6.tar.gz
|
||||
audit-1.6.1.tar.gz
|
||||
|
@ -1,16 +0,0 @@
|
||||
diff -urp audit-1.6.orig/audisp/audispd.c audit-1.6/audisp/audispd.c
|
||||
--- audit-1.6.orig/audisp/audispd.c 2007-08-29 12:57:42.000000000 -0400
|
||||
+++ audit-1.6/audisp/audispd.c 2007-08-29 12:58:19.000000000 -0400
|
||||
@@ -306,10 +306,10 @@ static void event_loop(void)
|
||||
}
|
||||
|
||||
if (daemon_config.node_name_format != N_NONE) {
|
||||
- asprintf(&v, "node=%s type=%s msg=%.*s",
|
||||
+ asprintf(&v, "node=%s type=%s msg=%.*s\n",
|
||||
name, type, e->hdr.size, e->data);
|
||||
} else
|
||||
- asprintf(&v, "type=%s msg=%.*s",
|
||||
+ asprintf(&v, "type=%s msg=%.*s\n",
|
||||
type, e->hdr.size, e->data);
|
||||
|
||||
// Got event, now distribute it to the plugins - builtins first
|
20
audit.spec
20
audit.spec
@ -1,16 +1,14 @@
|
||||
%define sca_version 0.4.3
|
||||
%define sca_release 2
|
||||
%define sca_release 3
|
||||
|
||||
Summary: User space tools for 2.6 kernel auditing
|
||||
Name: audit
|
||||
Version: 1.6
|
||||
Release: 3%{?dist}
|
||||
Version: 1.6.1
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Daemons
|
||||
URL: http://people.redhat.com/sgrubb/audit/
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
Patch1: s-c-audit-0.4.3.patch
|
||||
Patch2: audit-1.6-audispd.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: gettext-devel intltool libtool swig python-devel
|
||||
BuildRequires: kernel-headers >= 2.6.18
|
||||
@ -69,8 +67,6 @@ An utility for editing audit configuration.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
(cd system-config-audit; ./autogen.sh)
|
||||
@ -158,6 +154,7 @@ fi
|
||||
|
||||
%files libs-devel
|
||||
%defattr(-,root,root)
|
||||
%doc contrib/skeleton.c contrib/plugin
|
||||
%{_libdir}/libaudit.a
|
||||
%{_libdir}/libauparse.a
|
||||
%{_libdir}/libaudit.so
|
||||
@ -175,7 +172,7 @@ fi
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron
|
||||
%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron
|
||||
%attr(0644,root,root) %{_mandir}/man8/*
|
||||
%attr(0644,root,root) %{_mandir}/man5/*
|
||||
%attr(750,root,root) /sbin/auditctl
|
||||
@ -194,7 +191,7 @@ fi
|
||||
%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
|
||||
%config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd
|
||||
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
|
||||
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/*
|
||||
%attr(640,root,root) /etc/audisp/plugins.d/*
|
||||
|
||||
%files -n system-config-audit -f system-config-audit.lang
|
||||
%defattr(-,root,root,-)
|
||||
@ -212,6 +209,11 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
|
||||
|
||||
%changelog
|
||||
* Sun Sep 2 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-1
|
||||
- External plugin support in place
|
||||
- Fix reference counting in auparse python bindings (#263961)
|
||||
- Moved default af_unix plugin socket to /var/run/audispd_events
|
||||
|
||||
* Wed Aug 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6-3
|
||||
- Add newline to audispd string formatted events
|
||||
|
||||
|
@ -1,124 +0,0 @@
|
||||
diff -ur audit-1.5.6.orig/system-config-audit/ChangeLog audit-1.5.6/system-config-audit/ChangeLog
|
||||
--- audit-1.5.6.orig/system-config-audit/ChangeLog 2007-08-28 14:08:15.000000000 -0400
|
||||
+++ audit-1.5.6/system-config-audit/ChangeLog 2007-08-28 14:20:16.000000000 -0400
|
||||
@@ -1,3 +1,21 @@
|
||||
+2007-08-28 Miloslav Trmač <mitr@redhat.com>
|
||||
+
|
||||
+ * configure.ac: Release 0.4.3.
|
||||
+ * NEWS: Update.
|
||||
+
|
||||
+ * src/audit_rules.py (Field.option_text): New parameter rule. Use
|
||||
+ -p only in rules with -w, -F perm= otherwise.
|
||||
+ (Rule.command_text): Add -k only after -S.
|
||||
+
|
||||
+2007-08-02 Miloslav Trmač <mitr@redhat.com>
|
||||
+
|
||||
+ * src/main_window.py (N_): Remove useless definition.
|
||||
+
|
||||
+2007-07-23 Miloslav Trmač <mitr@redhat.com>
|
||||
+
|
||||
+ * src/watch_list_dialog.py (_WatchTable._validate_rule): Fix a
|
||||
+ crash when the rule has no AUDIT_WATCH or AUDIT_PERM field.
|
||||
+
|
||||
2007-07-17 Miloslav Trmač <mitr@redhat.com>
|
||||
|
||||
* system-config-audit.desktop.in (Categories): Add System, to move the
|
||||
diff -ur audit-1.5.6.orig/system-config-audit/configure.ac audit-1.5.6/system-config-audit/configure.ac
|
||||
--- audit-1.5.6.orig/system-config-audit/configure.ac 2007-08-28 14:08:15.000000000 -0400
|
||||
+++ audit-1.5.6/system-config-audit/configure.ac 2007-08-28 14:08:59.000000000 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
# Process this file with autoconf to produce a configure script.
|
||||
-AC_INIT([system-config-audit], [0.4.2], [mitr@redhat.com])
|
||||
+AC_INIT([system-config-audit], [0.4.3], [mitr@redhat.com])
|
||||
AC_COPYRIGHT(
|
||||
[Copyright (C) 2007 Red Hat, Inc. All rights reserved.
|
||||
|
||||
diff -ur audit-1.5.6.orig/system-config-audit/NEWS audit-1.5.6/system-config-audit/NEWS
|
||||
--- audit-1.5.6.orig/system-config-audit/NEWS 2007-08-28 14:08:15.000000000 -0400
|
||||
+++ audit-1.5.6/system-config-audit/NEWS 2007-08-28 14:08:59.000000000 -0400
|
||||
@@ -1,5 +1,10 @@
|
||||
+Changes in release 0.4.3:
|
||||
+* Fix order of -k and -S, and using -p without -w, in audit rules
|
||||
+* Fix a crash validating a non-watch rule
|
||||
+* Move the menu entry to the Administration submenu in GNOME
|
||||
+
|
||||
Changes in release 0.4.2:
|
||||
-* Modify to run on RHEL 5.
|
||||
+* Modify to run on RHEL 5
|
||||
|
||||
Changes in release 0.4.1:
|
||||
* Add an install-fedora Makefile target
|
||||
diff -ur audit-1.5.6.orig/system-config-audit/src/audit_rules.py audit-1.5.6/system-config-audit/src/audit_rules.py
|
||||
--- audit-1.5.6.orig/system-config-audit/src/audit_rules.py 2007-08-28 14:08:15.000000000 -0400
|
||||
+++ audit-1.5.6/system-config-audit/src/audit_rules.py 2007-08-28 14:08:59.000000000 -0400
|
||||
@@ -347,13 +347,18 @@
|
||||
self.op = self.OP_EQ
|
||||
self.value = self.get_field_type(self.var).parse_value(string, self.op)
|
||||
|
||||
- def option_text(self):
|
||||
- '''Return a string representing this field as an auditctl option.'''
|
||||
+ def option_text(self, rule):
|
||||
+ '''Return a string representing this field as an auditctl option.
|
||||
+
|
||||
+ Use rule to determine the correct syntax.
|
||||
+
|
||||
+ '''
|
||||
val = self._value_text()
|
||||
if self.var == audit.AUDIT_FILTERKEY:
|
||||
assert self.op == self.OP_EQ
|
||||
return '-k %s' % val
|
||||
- elif self.var == audit.AUDIT_PERM:
|
||||
+ elif (self.var == audit.AUDIT_PERM and
|
||||
+ len([f for f in rule.fields if f.var == audit.AUDIT_WATCH]) == 1):
|
||||
assert self.op == self.OP_EQ
|
||||
return '-p %s' % val
|
||||
else:
|
||||
@@ -443,16 +448,21 @@
|
||||
o.append('-w %s' % watches[0].value)
|
||||
watch_used = True
|
||||
# Add fields before syscalls because -F arch=... may change the meaning
|
||||
- # of syscall names
|
||||
+ # of syscall names. But add AUDIT_FILTERKEY only after -S, auditctl
|
||||
+ # stubbornly insists on that order.
|
||||
for f in self.fields:
|
||||
- if f.var != audit.AUDIT_WATCH or not watch_used:
|
||||
- o.append(f.option_text())
|
||||
+ if (f.var != audit.AUDIT_FILTERKEY and
|
||||
+ (f.var != audit.AUDIT_WATCH or not watch_used)):
|
||||
+ o.append(f.option_text(self))
|
||||
if list is not rules.exclude_rules:
|
||||
for s in self.syscalls:
|
||||
if s == self.SYSCALLS_ALL:
|
||||
o.append('-S all')
|
||||
else:
|
||||
o.append('-S %s' % util.syscall_string(s, self.machine))
|
||||
+ for f in self.fields:
|
||||
+ if f.var == audit.AUDIT_FILTERKEY:
|
||||
+ o.append(f.option_text(self))
|
||||
return ' '.join(o)
|
||||
|
||||
def __eq__(self, rule):
|
||||
diff -ur audit-1.5.6.orig/system-config-audit/src/main_window.py audit-1.5.6/system-config-audit/src/main_window.py
|
||||
--- audit-1.5.6.orig/system-config-audit/src/main_window.py 2007-08-28 14:08:15.000000000 -0400
|
||||
+++ audit-1.5.6/system-config-audit/src/main_window.py 2007-08-28 14:08:59.000000000 -0400
|
||||
@@ -32,8 +32,6 @@
|
||||
import settings
|
||||
import util
|
||||
|
||||
-def N_(s): return s
|
||||
-
|
||||
def exit_watch_rules(rules):
|
||||
'''Split exit rules to lists for WatchListDialog and RuleListDialog.
|
||||
|
||||
diff -ur audit-1.5.6.orig/system-config-audit/src/server.c audit-1.5.6/system-config-audit/src/server.c
|
||||
--- audit-1.5.6.orig/system-config-audit/src/server.c 2007-08-28 14:08:15.000000000 -0400
|
||||
+++ audit-1.5.6/system-config-audit/src/server.c 2007-08-28 14:08:59.000000000 -0400
|
||||
@@ -200,7 +200,7 @@
|
||||
err = errno;
|
||||
goto err_fd;
|
||||
}
|
||||
- if (st.st_size > SIZE_MAX)
|
||||
+ if (st.st_size > (off_t)SIZE_MAX)
|
||||
{
|
||||
err = EFBIG;
|
||||
goto err_fd;
|
Loading…
Reference in New Issue
Block a user