From b322838199d2df2175361c7b5976189fa7b76af7 Mon Sep 17 00:00:00 2001 From: Cropi <alakatos@redhat.com> Date: Wed, 8 Jan 2025 10:14:40 +0100 Subject: [PATCH] Rebase to 4.0.3 - Pluginst must have .conf suffix, otherwise skipped Resolves: RHEL-58838 - ausearch checkpoint inode fix Resolves: RHEL-58838 - Audisp-filter: filter audit events and forward them to other plugins Resolves: RHEL-5199 - Log to console when system is halted due to audit not having enough storage Resolves: RHEL-990 - auditctl: remove misleasing error with --input file Resolves: RHEL-5200 - Remove ProtectKernelModules=true from service file Resolves: RHEL-5200 - Update syscall tables to reflect current kernel Resolves: RHEL-46969 - af_unix: Restore old behavior Resolves: RHEL-39955 - Add systemd-tempfiles.d for audit when root fs is read-only Resolves: RHEL-45311 - ausearch fix error reporting Resolves: RHEL-45311 --- .gitignore | 1 + audit-4.0-attributes.patch | 45 ----------------------------------- audit.spec | 48 ++++++++++++++++++++++++++++++-------- sources | 2 +- 4 files changed, 40 insertions(+), 56 deletions(-) delete mode 100644 audit-4.0-attributes.patch diff --git a/.gitignore b/.gitignore index 63de530..0602930 100644 --- a/.gitignore +++ b/.gitignore @@ -178,3 +178,4 @@ audit-2.0.4.tar.gz /audit-3.1.1.tar.gz /audit-3.1.2.tar.gz /audit-4.0.tar.gz +/v4.0.3.tar.gz diff --git a/audit-4.0-attributes.patch b/audit-4.0-attributes.patch deleted file mode 100644 index 6ef90f6..0000000 --- a/audit-4.0-attributes.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0db6e0960a5c55b468f21f9841bbc7e67832b66a Mon Sep 17 00:00:00 2001 -From: Steve Grubb <ausearch.1@gmail.com> -Date: Wed, 17 Jan 2024 12:07:25 -0500 -Subject: [PATCH] Update function attributes - ---- - auparse/auparse.h | 2 +- - lib/libaudit.h | 10 +++++----- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/auparse/auparse.h b/auparse/auparse.h -index c27f1ff96..0b3f68c35 100644 ---- a/auparse/auparse.h -+++ b/auparse/auparse.h -@@ -68,7 +68,7 @@ void auparse_add_callback(auparse_state_t *au, auparse_callback_ptr callback, - void *user_data, user_destroy user_destroy_func); - void auparse_set_escape_mode(auparse_state_t *au, auparse_esc_t mode); - int auparse_reset(auparse_state_t *au); --char *auparse_metrics(const auparse_state_t *au); -+char *auparse_metrics(const auparse_state_t *au) __attr_dealloc_free; - - /* Functions that are part of the search interface */ - int ausearch_add_expression(auparse_state_t *au, const char *expression, -diff --git a/lib/libaudit.h b/lib/libaudit.h -index 34b337a7c..15ea2e6f4 100644 ---- a/lib/libaudit.h -+++ b/lib/libaudit.h -@@ -248,12 +248,12 @@ int audit_set_enabled(int fd, uint32_t enabled) __wur; - int audit_set_failure(int fd, uint32_t failure) __wur; - int audit_set_rate_limit(int fd, uint32_t limit); - int audit_set_backlog_limit(int fd, uint32_t limit); --int audit_set_backlog_wait_time(int fd, uint32_t bwt); --int audit_reset_lost(int fd); --int audit_reset_backlog_wait_time_actual(int fd); -+int audit_set_backlog_wait_time(int fd, uint32_t bwt); -+int audit_reset_lost(int fd); -+int audit_reset_backlog_wait_time_actual(int fd); - int audit_set_feature(int fd, unsigned feature, unsigned value, -- unsigned lock); --int audit_set_loginuid_immutable(int fd); -+ unsigned lock) __wur; -+int audit_set_loginuid_immutable(int fd) __wur; - - /* AUDIT_LIST_RULES */ - int audit_request_rules_list_data(int fd); diff --git a/audit.spec b/audit.spec index d9cb699..083c65e 100644 --- a/audit.spec +++ b/audit.spec @@ -1,14 +1,14 @@ Summary: User space tools for kernel auditing Name: audit -Version: 4.0 -Release: 10%{?dist} +Version: 4.0.3 +Release: 1%{?dist} License: GPL-2.0-or-later AND LGPL-2.0-or-later -URL: http://people.redhat.com/sgrubb/audit/ -Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz +URL: https://github.com/linux-audit/audit-userspace/ +Source0: https://github.com/linux-audit/audit-userspace/archive/refs/tags/v%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt -Patch1: audit-4.0-attributes.patch BuildRequires: make gcc +BuildRequires: autoconf automake libtool BuildRequires: kernel-headers >= 5.0 BuildRequires: systemd @@ -95,20 +95,20 @@ Recommends: %{name} = %{version}-%{release} The audit rules package contains the rules and utilities to load audit rules. %prep -%setup -q -%patch 1 -p1 +%setup -q -n %{name}-userspace-%{version} cp %{SOURCE1} . +%build +autoreconf -fv --install # Remove the ids code, its not ready sed -i 's/ ids / /' audisp/plugins/Makefile.am sed -i 's/ ids / /' audisp/plugins/Makefile.in -%build %configure --with-python=no \ --with-python3=yes \ - --enable-gssapi-krb5=yes --with-arm --with-aarch64 \ + --enable-gssapi-krb5=yes --with-arm --with-aarch64 --with-riscv \ --with-libcap-ng=yes --without-golang --enable-zos-remote \ - --enable-systemd --enable-experimental --with-io_uring + --enable-experimental --with-io_uring make CFLAGS="%{optflags}" %{?_smp_mflags} @@ -237,6 +237,7 @@ fi %attr(755,root,root) %{_bindir}/aulastlog %attr(755,root,root) %{_bindir}/ausyscall %attr(644,root,root) %{_unitdir}/auditd.service +%attr(640,root,root) %{_tmpfilesdir}/audit.conf %attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload @@ -272,16 +273,20 @@ fi %config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf +%config(noreplace) %attr(640,root,root) /etc/audit/audisp-filter.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/filter.conf %attr(750,root,root) %{_sbindir}/audisp-remote %attr(750,root,root) %{_sbindir}/audisp-syslog %attr(750,root,root) %{_sbindir}/audisp-af_unix %attr(750,root,root) %{_sbindir}/audisp-statsd +%attr(750,root,root) %{_sbindir}/audisp-filter %attr(700,root,root) %dir %{_var}/spool/audit %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz +%attr(644,root,root) %{_mandir}/man8/audisp-filter.8.gz %files -n audispd-plugins-zos %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz @@ -291,6 +296,29 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Wed Jan 08 2025 Attila Lakatos <alakatos@redhat.com> - 4.0.3-1 +- Rebase to 4.0.3 +- Pluginst must have .conf suffix, otherwise skipped + Resolves: RHEL-58838 +- ausearch checkpoint inode fix + Resolves: RHEL-62333 +- Audisp-filter: filter audit events and forward them to other plugins + Resolves: RHEL-5199 +- Log to console when system is halted due to audit not having enough storage + Resolves: RHEL-990 +- auditctl: remove misleasing error with --input file + Resolves: RHEL-5200 +- Remove ProtectKernelModules=true from service file + Resolves: RHEL-59571 +- Update syscall tables to reflect current kernel + Resolves: RHEL-46969 +- af_unix: Restore old behavior + Resolves: RHEL-39955 +- Add systemd-tempfiles.d for audit when root fs is read-only + Resolves: RHEL-45311 +- ausearch fix error reporting + Resolves: RHEL-32808 + * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.0-10 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 diff --git a/sources b/sources index 1cff9b0..b48a140 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (audit-4.0.tar.gz) = 4ed5b216c75c655fd40a74b909d591922a66690bdf2cc5c69a23be3e9b10c8d341fd9b4f496f3ce2a8f99b7d86f0dda13e36387edd845b590ab767a82b4315cc +SHA512 (v4.0.3.tar.gz) = a20d2f832632fa844764086aac98c80f7fcb120ceeaae7472248e04eec0493981e31fd59f22c3f0dbff81ccbcd132b8297812f2b4cdb87b866c59aedf3611342