From 862b73deeabd5225d6d11766c5cad80ce07ce9f4 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sun, 2 Sep 2007 16:49:22 +0000 Subject: [PATCH] - External plugin support in place - Fix reference counting in auparse python bindings (#263961) - Moved default af_unix plugin socket to /var/run/audispd_events --- .cvsignore | 1 + audit-1.6-audispd.patch | 16 ------ audit.spec | 20 ++++--- s-c-audit-0.4.3.patch | 124 ---------------------------------------- sources | 2 +- 5 files changed, 13 insertions(+), 150 deletions(-) delete mode 100644 audit-1.6-audispd.patch delete mode 100644 s-c-audit-0.4.3.patch diff --git a/.cvsignore b/.cvsignore index af86388..d4d8cf1 100644 --- a/.cvsignore +++ b/.cvsignore @@ -78,3 +78,4 @@ audit-1.5.3.tar.gz audit-1.5.5.tar.gz audit-1.5.6.tar.gz audit-1.6.tar.gz +audit-1.6.1.tar.gz diff --git a/audit-1.6-audispd.patch b/audit-1.6-audispd.patch deleted file mode 100644 index 40d452e..0000000 --- a/audit-1.6-audispd.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -urp audit-1.6.orig/audisp/audispd.c audit-1.6/audisp/audispd.c ---- audit-1.6.orig/audisp/audispd.c 2007-08-29 12:57:42.000000000 -0400 -+++ audit-1.6/audisp/audispd.c 2007-08-29 12:58:19.000000000 -0400 -@@ -306,10 +306,10 @@ static void event_loop(void) - } - - if (daemon_config.node_name_format != N_NONE) { -- asprintf(&v, "node=%s type=%s msg=%.*s", -+ asprintf(&v, "node=%s type=%s msg=%.*s\n", - name, type, e->hdr.size, e->data); - } else -- asprintf(&v, "type=%s msg=%.*s", -+ asprintf(&v, "type=%s msg=%.*s\n", - type, e->hdr.size, e->data); - - // Got event, now distribute it to the plugins - builtins first diff --git a/audit.spec b/audit.spec index 61b018a..0107cd4 100644 --- a/audit.spec +++ b/audit.spec @@ -1,16 +1,14 @@ %define sca_version 0.4.3 -%define sca_release 2 +%define sca_release 3 Summary: User space tools for 2.6 kernel auditing Name: audit -Version: 1.6 -Release: 3%{?dist} +Version: 1.6.1 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: %{name}-%{version}.tar.gz -Patch1: s-c-audit-0.4.3.patch -Patch2: audit-1.6-audispd.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gettext-devel intltool libtool swig python-devel BuildRequires: kernel-headers >= 2.6.18 @@ -69,8 +67,6 @@ An utility for editing audit configuration. %prep %setup -q -%patch1 -p1 -%patch2 -p1 %build (cd system-config-audit; ./autogen.sh) @@ -158,6 +154,7 @@ fi %files libs-devel %defattr(-,root,root) +%doc contrib/skeleton.c contrib/plugin %{_libdir}/libaudit.a %{_libdir}/libauparse.a %{_libdir}/libaudit.so @@ -175,7 +172,7 @@ fi %files %defattr(-,root,root,-) -%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron +%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron %attr(0644,root,root) %{_mandir}/man8/* %attr(0644,root,root) %{_mandir}/man5/* %attr(750,root,root) /sbin/auditctl @@ -194,7 +191,7 @@ fi %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules %config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf -%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/* +%attr(640,root,root) /etc/audisp/plugins.d/* %files -n system-config-audit -f system-config-audit.lang %defattr(-,root,root,-) @@ -212,6 +209,11 @@ fi %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %changelog +* Sun Sep 2 2007 Steve Grubb 1.6.1-1 +- External plugin support in place +- Fix reference counting in auparse python bindings (#263961) +- Moved default af_unix plugin socket to /var/run/audispd_events + * Wed Aug 29 2007 Steve Grubb 1.6-3 - Add newline to audispd string formatted events diff --git a/s-c-audit-0.4.3.patch b/s-c-audit-0.4.3.patch deleted file mode 100644 index 07c9331..0000000 --- a/s-c-audit-0.4.3.patch +++ /dev/null @@ -1,124 +0,0 @@ -diff -ur audit-1.5.6.orig/system-config-audit/ChangeLog audit-1.5.6/system-config-audit/ChangeLog ---- audit-1.5.6.orig/system-config-audit/ChangeLog 2007-08-28 14:08:15.000000000 -0400 -+++ audit-1.5.6/system-config-audit/ChangeLog 2007-08-28 14:20:16.000000000 -0400 -@@ -1,3 +1,21 @@ -+2007-08-28 Miloslav Trmač -+ -+ * configure.ac: Release 0.4.3. -+ * NEWS: Update. -+ -+ * src/audit_rules.py (Field.option_text): New parameter rule. Use -+ -p only in rules with -w, -F perm= otherwise. -+ (Rule.command_text): Add -k only after -S. -+ -+2007-08-02 Miloslav Trmač -+ -+ * src/main_window.py (N_): Remove useless definition. -+ -+2007-07-23 Miloslav Trmač -+ -+ * src/watch_list_dialog.py (_WatchTable._validate_rule): Fix a -+ crash when the rule has no AUDIT_WATCH or AUDIT_PERM field. -+ - 2007-07-17 Miloslav Trmač - - * system-config-audit.desktop.in (Categories): Add System, to move the -diff -ur audit-1.5.6.orig/system-config-audit/configure.ac audit-1.5.6/system-config-audit/configure.ac ---- audit-1.5.6.orig/system-config-audit/configure.ac 2007-08-28 14:08:15.000000000 -0400 -+++ audit-1.5.6/system-config-audit/configure.ac 2007-08-28 14:08:59.000000000 -0400 -@@ -1,5 +1,5 @@ - # Process this file with autoconf to produce a configure script. --AC_INIT([system-config-audit], [0.4.2], [mitr@redhat.com]) -+AC_INIT([system-config-audit], [0.4.3], [mitr@redhat.com]) - AC_COPYRIGHT( - [Copyright (C) 2007 Red Hat, Inc. All rights reserved. - -diff -ur audit-1.5.6.orig/system-config-audit/NEWS audit-1.5.6/system-config-audit/NEWS ---- audit-1.5.6.orig/system-config-audit/NEWS 2007-08-28 14:08:15.000000000 -0400 -+++ audit-1.5.6/system-config-audit/NEWS 2007-08-28 14:08:59.000000000 -0400 -@@ -1,5 +1,10 @@ -+Changes in release 0.4.3: -+* Fix order of -k and -S, and using -p without -w, in audit rules -+* Fix a crash validating a non-watch rule -+* Move the menu entry to the Administration submenu in GNOME -+ - Changes in release 0.4.2: --* Modify to run on RHEL 5. -+* Modify to run on RHEL 5 - - Changes in release 0.4.1: - * Add an install-fedora Makefile target -diff -ur audit-1.5.6.orig/system-config-audit/src/audit_rules.py audit-1.5.6/system-config-audit/src/audit_rules.py ---- audit-1.5.6.orig/system-config-audit/src/audit_rules.py 2007-08-28 14:08:15.000000000 -0400 -+++ audit-1.5.6/system-config-audit/src/audit_rules.py 2007-08-28 14:08:59.000000000 -0400 -@@ -347,13 +347,18 @@ - self.op = self.OP_EQ - self.value = self.get_field_type(self.var).parse_value(string, self.op) - -- def option_text(self): -- '''Return a string representing this field as an auditctl option.''' -+ def option_text(self, rule): -+ '''Return a string representing this field as an auditctl option. -+ -+ Use rule to determine the correct syntax. -+ -+ ''' - val = self._value_text() - if self.var == audit.AUDIT_FILTERKEY: - assert self.op == self.OP_EQ - return '-k %s' % val -- elif self.var == audit.AUDIT_PERM: -+ elif (self.var == audit.AUDIT_PERM and -+ len([f for f in rule.fields if f.var == audit.AUDIT_WATCH]) == 1): - assert self.op == self.OP_EQ - return '-p %s' % val - else: -@@ -443,16 +448,21 @@ - o.append('-w %s' % watches[0].value) - watch_used = True - # Add fields before syscalls because -F arch=... may change the meaning -- # of syscall names -+ # of syscall names. But add AUDIT_FILTERKEY only after -S, auditctl -+ # stubbornly insists on that order. - for f in self.fields: -- if f.var != audit.AUDIT_WATCH or not watch_used: -- o.append(f.option_text()) -+ if (f.var != audit.AUDIT_FILTERKEY and -+ (f.var != audit.AUDIT_WATCH or not watch_used)): -+ o.append(f.option_text(self)) - if list is not rules.exclude_rules: - for s in self.syscalls: - if s == self.SYSCALLS_ALL: - o.append('-S all') - else: - o.append('-S %s' % util.syscall_string(s, self.machine)) -+ for f in self.fields: -+ if f.var == audit.AUDIT_FILTERKEY: -+ o.append(f.option_text(self)) - return ' '.join(o) - - def __eq__(self, rule): -diff -ur audit-1.5.6.orig/system-config-audit/src/main_window.py audit-1.5.6/system-config-audit/src/main_window.py ---- audit-1.5.6.orig/system-config-audit/src/main_window.py 2007-08-28 14:08:15.000000000 -0400 -+++ audit-1.5.6/system-config-audit/src/main_window.py 2007-08-28 14:08:59.000000000 -0400 -@@ -32,8 +32,6 @@ - import settings - import util - --def N_(s): return s -- - def exit_watch_rules(rules): - '''Split exit rules to lists for WatchListDialog and RuleListDialog. - -diff -ur audit-1.5.6.orig/system-config-audit/src/server.c audit-1.5.6/system-config-audit/src/server.c ---- audit-1.5.6.orig/system-config-audit/src/server.c 2007-08-28 14:08:15.000000000 -0400 -+++ audit-1.5.6/system-config-audit/src/server.c 2007-08-28 14:08:59.000000000 -0400 -@@ -200,7 +200,7 @@ - err = errno; - goto err_fd; - } -- if (st.st_size > SIZE_MAX) -+ if (st.st_size > (off_t)SIZE_MAX) - { - err = EFBIG; - goto err_fd; diff --git a/sources b/sources index 4b8e2e3..0e3f8bb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -538b2fc33878e420da1daabc769d1e1b audit-1.6.tar.gz +ce393ed76e25dd95f2d54ae27e7a25be audit-1.6.1.tar.gz