rpms/audit
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Drop ProtectHome from auditd.service as it interferes with rules

Browse Source 
Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]
This commit is contained in:
Sergio Correia 2022-05-02 06:37:55 -03:00
parent c5b6e5e335
commit e8da66900e
No known key found for this signature in database
GPG Key ID: D0D219ED1F7E762C
4 changed files with 98 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
audit-3.0.8-drop-protecthome.patch Normal file
View File

@ -0,0 +1,26 @@
From c426507a501efde0367a09a81e917d1d10722b78 Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Thu, 31 Mar 2022 15:00:57 -0300
Subject: [PATCH] Drop ProtectHome from auditd.service as it interferes with
rules
Upstream: https://github.com/linux-audit/audit-userspace/commit/12cf14ed
---
init.d/auditd.service | 1 -
1 file changed, 1 deletion(-)
diff --git a/init.d/auditd.service b/init.d/auditd.service
index e801281..0a4c498 100644
--- a/init.d/auditd.service
+++ b/init.d/auditd.service
@@ -36,7 +36,6 @@ MemoryDenyWriteExecute=true
LockPersonality=true
ProtectControlGroups=true
ProtectKernelModules=true
-ProtectHome=true
RestrictRealtime=true
[Install]
--
2.35.1

39
audit-3.0.8-flex-array-workaround.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
index 21aafca..8c48123 100644
--- a/bindings/swig/src/auditswig.i
+++ b/bindings/swig/src/auditswig.i
@@ -39,7 +39,7 @@ signed
#define __attribute(X) /*nothing*/
typedef unsigned __u32;
typedef unsigned uid_t;
-%include "/usr/include/linux/audit.h"
+%include "../lib/audit.h"
#define __extension__ /*nothing*/
%include <stdint.i>
%include "../lib/libaudit.h"
diff --git a/lib/audit.h b/lib/audit.h
index 51d7f2b..b2f306d 100644
--- a/lib/audit.h
+++ b/lib/audit.h
@@ -514,7 +514,7 @@ struct audit_rule_data {
__u32 values[AUDIT_MAX_FIELDS];
__u32 fieldflags[AUDIT_MAX_FIELDS];
__u32 buflen; /* total length of string fields */
- char buf[]; /* string fields buffer */
+ char buf[0]; /* string fields buffer */
};
#endif /* _LINUX_AUDIT_H_ */
diff --git a/lib/libaudit.h b/lib/libaudit.h
index 08b7d22..6b7408c 100644
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -32,7 +32,7 @@ extern "C" {
#include <stdint.h>
#include <sys/socket.h>
#include <linux/netlink.h>
-#include <linux/audit.h>
+#include "audit.h"
#include <stdarg.h>
#include <syslog.h>

13
audit-3.0.8-undo-flex-array.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/usr/include/libaudit.h b/usr/include/libaudit.h
index 6b7408c..08b7d22 100644
--- a/usr/include/libaudit.h
+++ b/usr/include/libaudit.h
@@ -32,7 +32,7 @@ extern "C" {
#include <stdint.h>
#include <sys/socket.h>
#include <linux/netlink.h>
-#include "audit.h"
+#include <linux/audit.h>
#include <stdarg.h>
#include <syslog.h>

21
audit.spec
View File

@ -2,7 +2,7 @@
Summary: User space tools for kernel auditing Summary: User space tools for kernel auditing
Name: audit Name: audit
Version: 3.0.7 Version: 3.0.7
Release: 102%{?dist} Release: 103%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -11,6 +11,9 @@ Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch1: 0001-Add-ausysrulevalidate.patch Patch1: 0001-Add-ausysrulevalidate.patch
Patch2: audit-3.0.7-gcc-flags.patch Patch2: audit-3.0.7-gcc-flags.patch
Patch3: audit-3.0.8-auparse-path-norm.patch Patch3: audit-3.0.8-auparse-path-norm.patch
Patch4: audit-3.0.8-drop-protecthome.patch
Patch5: audit-3.0.8-flex-array-workaround.patch
Patch6: audit-3.0.8-undo-flex-array.patch
BuildRequires: make gcc swig BuildRequires: make gcc swig
BuildRequires: openldap-devel BuildRequires: openldap-devel
@ -95,6 +98,11 @@ cp %{SOURCE1} .
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
cp /usr/include/linux/audit.h lib/
%patch5 -p1
autoreconf -fv --install autoreconf -fv --install
# Remove the ids code, its not ready # Remove the ids code, its not ready
@ -137,6 +145,13 @@ find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
# undo the workaround
cur=`pwd`
cd $RPM_BUILD_ROOT
patch -p1 < %{PATCH6}
find . -name '*.orig' -delete
cd $cur
%check %check
make check make check
# Get rid of make files so that they don't get packaged. # Get rid of make files so that they don't get packaged.
@ -263,6 +278,10 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog %changelog
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
- Drop ProtectHome from auditd.service as it interferes with rules
Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]
* Sun Mar 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-102 * Sun Mar 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-102
- Fix path normalization in auparse - Fix path normalization in auparse
Resolves: rhbz#2062824 - auparse missing information when used with --format-text Resolves: rhbz#2062824 - auparse missing information when used with --format-text