Bug 1117953 - Per fesco#1311, please disable syscall auditing by default

This commit is contained in:
sgrubb 2014-07-22 15:08:04 -04:00
parent ff9bb330e4
commit 97cac88aaf
2 changed files with 24 additions and 1 deletions

View File

@ -6,12 +6,14 @@
Summary: User space tools for 2.6 kernel auditing
Name: audit
Version: 2.3.7
Release: 3%{?dist}
Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
# FESCO asked for audit to be off by default. #1117953
Patch1: never-audit.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: swig python-devel
BuildRequires: tcp_wrappers-devel krb5-devel libcap-ng-devel
@ -91,6 +93,7 @@ behavior.
%prep
%setup -q
cp %{SOURCE1} .
%patch1 -p1
%build
%configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes --with-libwrap --enable-gssapi-krb5=yes --with-libcap-ng=yes --with-arm --with-aarch64 \
@ -280,6 +283,9 @@ fi
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
%changelog
* Tue Jun 03 2014 Steve Grubb <sgrubb@redhat.com> 2.3.7-4
- Bug 1117953 - Per fesco#1311, please disable syscall auditing by default
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> - 2.3.7-3
- mark license files properly

17
never-audit.patch Normal file
View File

@ -0,0 +1,17 @@
diff -ur audit.orig/init.d/audit.rules audit/init.d/audit.rules
--- audit.orig/init.d/audit.rules 2014-07-20 10:43:44.724841702 -0400
+++ audit/init.d/audit.rules 2014-07-22 14:55:50.856253189 -0400
@@ -6,9 +6,8 @@
# First rule - delete all
-D
-# Increase the buffers to survive stress events.
-# Make this bigger for busy systems
--b 320
-
-# Feel free to add below this line. See auditctl man page
+# This suppresses syscall auditing for all tasks started
+# with this rule in effect. Remove it if you need syscall
+# auditing.
+-a task,never