- Add prelude IDS plugin for IDMEF alerts

- Add --user option to aulastlog command - Use desktop-file-install for system-config-audit - Avoid touching auditd.conf most of the time (#408501)
2008-01-19 20:59:34 +00:00 · 2008-01-19 20:59:34 +00:00 · 9893d2d877
commit 9893d2d877
parent 597b4aeb16
3 changed files with 37 additions and 14 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -82,3 +82,4 @@ audit-1.6.1.tar.gz
 audit-1.6.2.tar.gz
 audit-1.6.4.tar.gz
 audit-1.6.5.tar.gz
+audit-1.6.6.tar.gz
--- a/audit.spec
+++ b/audit.spec
@ -1,12 +1,12 @@
 %define sca_version 0.4.5
-%define sca_release 7
+%define sca_release 8
 %define selinux_variants mls strict targeted
 %define selinux_policyver 3.2.5 

 Summary: User space tools for 2.6 kernel auditing
 Name: audit
-Version: 1.6.5
-Release: 3%{?dist}
+Version: 1.6.6
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://people.redhat.com/sgrubb/audit/
@ -61,7 +61,10 @@ Summary: Plugins for the audit event dispatcher
 License: GPLv2+
 Group: System Environment/Daemons
 BuildRequires: openldap-devel
-BuildRequires: checkpolicy selinux-policy-devel
+%if "%{selinux_policyver}" != ""
+BuildRequires: checkpolicy selinux-policy-devel >= %{selinux_policyver}
+%endif
+BuildRequires: libprelude-devel >= 0.9.16
 Requires: %{name} = %{version}-%{release}
 Requires: %{name}-libs = %{version}-%{release}
 Requires: openldap
@ -83,6 +86,7 @@ Version: %{sca_version}
 Release: %{sca_release}%{?dist}
 License: GPLv2+
 Group: Applications/System
+BuildRequires: desktop-file-utils
 Requires: pygtk2-libglade usermode usermode-gtk

 %description -n system-config-audit
@ -96,7 +100,7 @@ cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
 %build
 (cd system-config-audit; ./autogen.sh)
 aclocal && autoconf && autoheader && automake
-%configure --sbindir=/sbin --libdir=/%{_lib}
+%configure --sbindir=/sbin --libdir=/%{_lib} --with-prelude
 make
 cd zos-remote-policy
 for selinuxvariant in %{selinux_variants}
@ -149,6 +153,11 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf

 %find_lang system-config-audit

+desktop-file-install					\
+	--dir $RPM_BUILD_ROOT/%{_datadir}/applications	\
+	--delete-original				\
+	system-config-audit/system-config-audit.desktop
+
 # This is a reminder to enable it when tests
 # aren't based on postfix uids
 #% check
@ -171,18 +180,23 @@ done

 %post
 /sbin/chkconfig --add auditd
+# This is to migrate users from audit-1.0.x installations
 if [ -f /etc/auditd.conf ]; then
   mv /etc/auditd.conf /etc/audit/auditd.conf
 fi
 if [ -f /etc/audit.rules ]; then
   mv /etc/audit.rules /etc/audit/audit.rules
 fi
+# This is to enable the dispatcher option which was commented out
 if [ -f /etc/audit/auditd.conf ]; then
-   tmp=`mktemp /etc/audit/auditd-post.XXXXXX`
-   if [ -n $tmp ]; then
-      sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
-      cat $tmp > /etc/audit/auditd.conf
-      rm -f $tmp
+   grep '^dispatcher' /etc/audit/auditd.conf >/dev/null
+   if [ $? -eq 1 ] ; then
+      tmp=`mktemp /etc/audit/auditd-post.XXXXXX`
+      if [ -n $tmp ]; then
+         sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
+         cat $tmp > /etc/audit/auditd.conf
+         rm -f $tmp
+      fi
   fi
 fi

@ -192,8 +206,7 @@ if [ $1 -eq 0 ]; then
   /sbin/chkconfig --del auditd
 fi

-%postun libs
-/sbin/ldconfig 2>/dev/null
+%postun libs -p /sbin/ldconfig

 %postun -n audispd-plugins
 if [ $1 -eq 0 ]; then
@ -262,7 +275,7 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd
 %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
-%attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf

 %files -n audispd-plugins
 %defattr(-,root,root,-)
@ -273,6 +286,9 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
 %attr(750,root,root) /sbin/audispd-zos-remote
 %attr(644,root,root) %{_datadir}/selinux/*/audispd-zos-remote.pp
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-prelude.conf
+%attr(750,root,root) /sbin/audisp-prelude
+%attr(644,root,root) %{_mandir}/man8/audisp-prelude.8.gz

 %files -n system-config-audit -f system-config-audit.lang
 %defattr(-,root,root,-)
@ -290,6 +306,12 @@ fi
 %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server

 %changelog
+* Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1
+- Add prelude IDS plugin for IDMEF alerts
+- Add --user option to aulastlog command
+- Use desktop-file-install for system-config-audit
+- Avoid touching auditd.conf most of the time (#408501)
+
 * Fri Jan 11 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-3
 - Updates for spec file review
 - Adjust permission on selinux policy file
--- a/2
+++ b/2
@ -1 +1 @@
-53ede8c7422cb251d01d06c7a5e3027b  audit-1.6.5.tar.gz
+9ce3c68697084f075928cc226357f242  audit-1.6.6.tar.gz