Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
@ -1 +1 @@
|
|||||||
45cffb1ded9a57a79b33547f58228131d3eb14a6 SOURCES/audit-3.1.2.tar.gz
|
e58e9ecd90b54b04783e0a1f0c1cfd65880f42f8 SOURCES/audit-3.1.5.tar.gz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/audit-3.1.2.tar.gz
|
SOURCES/audit-3.1.5.tar.gz
|
||||||
|
217
SOURCES/0001-Add-ausysrulevalidate.patch
Normal file
217
SOURCES/0001-Add-ausysrulevalidate.patch
Normal file
@ -0,0 +1,217 @@
|
|||||||
|
From 4011007b445e8f8da9b0cc45eccd793b94f6b5ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sergio Correia <scorreia@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 19:25:43 -0300
|
||||||
|
Subject: [PATCH] Add ausysrulevalidate
|
||||||
|
|
||||||
|
---
|
||||||
|
contrib/ausysrulevalidate | 198 ++++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 198 insertions(+)
|
||||||
|
create mode 100755 contrib/ausysrulevalidate
|
||||||
|
|
||||||
|
diff --git a/contrib/ausysrulevalidate b/contrib/ausysrulevalidate
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000..a251b2c
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/contrib/ausysrulevalidate
|
||||||
|
@@ -0,0 +1,198 @@
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
+# -*- coding: utf-8 -*-
|
||||||
|
+
|
||||||
|
+# ausysrulevalidate - A program that lets you validate the syscalls
|
||||||
|
+# in audit rules.
|
||||||
|
+# Copyright (c) 2021 Red Hat Inc., Durham, North Carolina.
|
||||||
|
+# All Rights Reserved.
|
||||||
|
+#
|
||||||
|
+# This software may be freely redistributed and/or modified under the
|
||||||
|
+# terms of the GNU General Public License as published by the Free
|
||||||
|
+# Software Foundation; either version 2, or (at your option) any
|
||||||
|
+# later version.
|
||||||
|
+#
|
||||||
|
+# This program is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+# GNU General Public License for more details.
|
||||||
|
+#
|
||||||
|
+# You should have received a copy of the GNU General Public License
|
||||||
|
+# along with this program; see the file COPYING. If not, write to the
|
||||||
|
+# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
|
||||||
|
+# Boston, MA 02110-1335, USA.
|
||||||
|
+#
|
||||||
|
+# Authors:
|
||||||
|
+# Sergio Correia <scorreia@redhat.com>
|
||||||
|
+
|
||||||
|
+""" This program lets you validate syscalls in audit rules. """
|
||||||
|
+
|
||||||
|
+import argparse
|
||||||
|
+import os.path
|
||||||
|
+import sys
|
||||||
|
+
|
||||||
|
+import audit
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+class AuSyscallRuleValidate:
|
||||||
|
+ """AuSyscallRuleValidate validates syscalls in audit rules."""
|
||||||
|
+
|
||||||
|
+ def __init__(self):
|
||||||
|
+ self.syscalls_table = {}
|
||||||
|
+ self.invalid_syscalls = {}
|
||||||
|
+ self.machines = {
|
||||||
|
+ "b32": audit.audit_determine_machine("b32"),
|
||||||
|
+ "b64": audit.audit_determine_machine("b64"),
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if self.machines["b32"] == -1 or self.machines["b64"] == -1:
|
||||||
|
+ sys.stderr.write("ERROR: Unable to determine machine type\n")
|
||||||
|
+ sys.exit(1)
|
||||||
|
+
|
||||||
|
+ def validate_syscall(self, arch, syscall):
|
||||||
|
+ """Validates a single syscall."""
|
||||||
|
+
|
||||||
|
+ if syscall == "all":
|
||||||
|
+ return True
|
||||||
|
+
|
||||||
|
+ lookup = "{0}:{1}".format(arch, syscall)
|
||||||
|
+ if lookup in self.syscalls_table:
|
||||||
|
+ return self.syscalls_table[lookup]
|
||||||
|
+
|
||||||
|
+ ret = audit.audit_name_to_syscall(syscall, self.machines[arch])
|
||||||
|
+ self.syscalls_table[lookup] = ret != -1
|
||||||
|
+ if not self.syscalls_table[lookup]:
|
||||||
|
+ self.invalid_syscalls[lookup] = lookup
|
||||||
|
+
|
||||||
|
+ return self.syscalls_table[lookup]
|
||||||
|
+
|
||||||
|
+ def process_syscalls(self, arch, syscalls):
|
||||||
|
+ """Processes a group of syscalls, validating them individually."""
|
||||||
|
+
|
||||||
|
+ scalls = syscalls.split(",")
|
||||||
|
+ processed = []
|
||||||
|
+ for syscall in scalls:
|
||||||
|
+ if self.validate_syscall(arch, syscall):
|
||||||
|
+ processed.append(syscall)
|
||||||
|
+ return ",".join(processed)
|
||||||
|
+
|
||||||
|
+ def parse_line(self, line):
|
||||||
|
+ """Processes a single line from the audit rules file, and returns the
|
||||||
|
+ same line adjusted, if required, by removing invalid syscalls, or even
|
||||||
|
+ removing the rule altogether, if no valid syscall remain after
|
||||||
|
+ validation."""
|
||||||
|
+
|
||||||
|
+ if line.lstrip().startswith("#") or "-S" not in line:
|
||||||
|
+ return line
|
||||||
|
+
|
||||||
|
+ # We do have a rule specifying syscalls, so let's validate them.
|
||||||
|
+ tokens = line.split()
|
||||||
|
+ processed = []
|
||||||
|
+ is_syscall = False
|
||||||
|
+ arch = None
|
||||||
|
+
|
||||||
|
+ for val in tokens:
|
||||||
|
+ if not is_syscall:
|
||||||
|
+ processed.append(val)
|
||||||
|
+
|
||||||
|
+ if val.startswith("arch="):
|
||||||
|
+ archs = val.split("=")
|
||||||
|
+ if len(archs) == 2:
|
||||||
|
+ arch = val.split("=")[1]
|
||||||
|
+ if arch not in self.machines:
|
||||||
|
+ sys.stderr.write("ERROR: unexpected arch '{0}'\n".format(arch))
|
||||||
|
+ continue
|
||||||
|
+
|
||||||
|
+ if val == "-S":
|
||||||
|
+ is_syscall = True
|
||||||
|
+ continue
|
||||||
|
+
|
||||||
|
+ if is_syscall:
|
||||||
|
+ is_syscall = False
|
||||||
|
+ scalls = self.process_syscalls(arch, val)
|
||||||
|
+
|
||||||
|
+ if len(scalls) == 0:
|
||||||
|
+ processed = processed[:-1]
|
||||||
|
+ continue
|
||||||
|
+ processed.append(scalls)
|
||||||
|
+
|
||||||
|
+ if "-S" not in processed:
|
||||||
|
+ # Removing rule altogether, as we have no valid syscalls remaining.
|
||||||
|
+ return None
|
||||||
|
+ return " ".join(processed)
|
||||||
|
+
|
||||||
|
+ def process_rules(self, rules_file):
|
||||||
|
+ """Reads a file with audit rules and returns the rules after
|
||||||
|
+ validation of syscalls/architecture. Invalid syscalls will be removed
|
||||||
|
+ and, if there are no valid remaining syscalls, the rule itself is
|
||||||
|
+ removed."""
|
||||||
|
+
|
||||||
|
+ if not os.path.isfile(rules_file):
|
||||||
|
+ sys.stderr.write("ERROR: rules file '{0}' not found\n".format(rules_file))
|
||||||
|
+ sys.exit(1)
|
||||||
|
+
|
||||||
|
+ with open(rules_file) as rules:
|
||||||
|
+ content = rules.readlines()
|
||||||
|
+
|
||||||
|
+ processed = []
|
||||||
|
+ changed = False
|
||||||
|
+ for line in content:
|
||||||
|
+ validated = self.parse_line(line)
|
||||||
|
+ if validated is None:
|
||||||
|
+ changed = True
|
||||||
|
+ continue
|
||||||
|
+
|
||||||
|
+ if validated.rstrip("\r\n") != line.rstrip("\r\n"):
|
||||||
|
+ changed = True
|
||||||
|
+ processed.append(validated.rstrip("\r\n"))
|
||||||
|
+
|
||||||
|
+ invalid_syscalls = []
|
||||||
|
+ for invalid in self.invalid_syscalls:
|
||||||
|
+ invalid_syscalls.append(invalid)
|
||||||
|
+
|
||||||
|
+ return (processed, changed, invalid_syscalls)
|
||||||
|
+
|
||||||
|
+ def update_rules(self, rules_file):
|
||||||
|
+ """Reads a file with audit rules and updates it after validation of
|
||||||
|
+ syscalls/architecture. Invalid syscalls will be removed and, if
|
||||||
|
+ there are no valid remaining syscalls, the rule itself is removed."""
|
||||||
|
+
|
||||||
|
+ new_rules, changed, invalid_syscalls = self.process_rules(rules_file)
|
||||||
|
+ if changed:
|
||||||
|
+ with open(rules_file, "w") as rules:
|
||||||
|
+ for line in new_rules:
|
||||||
|
+ rules.write("{0}\n".format(line))
|
||||||
|
+
|
||||||
|
+ return (new_rules, changed, invalid_syscalls)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+if __name__ == "__main__":
|
||||||
|
+ parser = argparse.ArgumentParser(description="ausysrulevalidate")
|
||||||
|
+ parser.add_argument(
|
||||||
|
+ "-u", "--update", help="Update rules file if required", action="store_true"
|
||||||
|
+ )
|
||||||
|
+ parser.add_argument(
|
||||||
|
+ "-v", "--verbose", help="Show the resulting rules file", action="store_true"
|
||||||
|
+ )
|
||||||
|
+ required_named = parser.add_argument_group("required named arguments")
|
||||||
|
+ required_named.add_argument(
|
||||||
|
+ "-r", "--rules-file", help="Rules file name", required=True
|
||||||
|
+ )
|
||||||
|
+ args = parser.parse_args()
|
||||||
|
+
|
||||||
|
+ validator = AuSyscallRuleValidate()
|
||||||
|
+
|
||||||
|
+ action = validator.process_rules
|
||||||
|
+ if args.update:
|
||||||
|
+ action = validator.update_rules
|
||||||
|
+
|
||||||
|
+ data, changed, invalid = action(args.rules_file)
|
||||||
|
+ if changed:
|
||||||
|
+ verb = "require"
|
||||||
|
+ if args.update:
|
||||||
|
+ verb += "d"
|
||||||
|
+ sys.stderr.write("Rules in '{0}' {1} changes\n".format(args.rules_file, verb))
|
||||||
|
+ if len(invalid) > 0:
|
||||||
|
+ sys.stderr.write("Invalid syscalls: {0}\n".format(", ".join(invalid)))
|
||||||
|
+
|
||||||
|
+ if args.verbose:
|
||||||
|
+ print(*data, sep="\n")
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
320
SPECS/audit.spec
320
SPECS/audit.spec
@ -1,25 +1,31 @@
|
|||||||
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
|
||||||
|
|
||||||
Summary: User space tools for kernel auditing
|
Summary: User space tools for kernel auditing
|
||||||
Name: audit
|
Name: audit
|
||||||
Version: 3.1.2
|
Version: 3.1.5
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://people.redhat.com/sgrubb/audit/
|
URL: http://people.redhat.com/sgrubb/audit/
|
||||||
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
||||||
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
||||||
|
|
||||||
BuildRequires: gcc swig make
|
Patch1: 0001-Add-ausysrulevalidate.patch
|
||||||
|
|
||||||
|
BuildRequires: make gcc swig
|
||||||
BuildRequires: openldap-devel
|
BuildRequires: openldap-devel
|
||||||
BuildRequires: krb5-devel libcap-ng-devel
|
BuildRequires: krb5-devel libcap-ng-devel
|
||||||
BuildRequires: kernel-headers >= 2.6.29
|
BuildRequires: kernel-headers >= 2.6.29
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
#BuildRequires: autoconf automake libtool
|
BuildRequires: autoconf automake libtool
|
||||||
|
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(post): systemd coreutils
|
Requires(post): systemd coreutils
|
||||||
Requires(preun): systemd initscripts
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd coreutils initscripts
|
Requires(postun): systemd coreutils
|
||||||
|
Recommends: initscripts-service
|
||||||
|
|
||||||
|
# Placing this here under the assumption that anything using the
|
||||||
|
# python libraries expects the system to have an audit daemon
|
||||||
|
Obsoletes: python2-audit < %{version}-%{release}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The audit package contains the user space utilities for
|
The audit package contains the user space utilities for
|
||||||
@ -31,7 +37,7 @@ Summary: Dynamic library for libaudit
|
|||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
The audit-libs package contains the dynamic libraries needed for
|
The audit-libs package contains the dynamic libraries needed for
|
||||||
applications to use the audit framework.
|
applications to use the audit framework.
|
||||||
|
|
||||||
%package libs-devel
|
%package libs-devel
|
||||||
@ -48,6 +54,7 @@ developing applications that need to use the audit framework libraries.
|
|||||||
Summary: Python3 bindings for libaudit
|
Summary: Python3 bindings for libaudit
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
|
BuildRequires: make
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Provides: audit-libs-python3 = %{version}-%{release}
|
Provides: audit-libs-python3 = %{version}-%{release}
|
||||||
Provides: audit-libs-python3%{?_isa} = %{version}-%{release}
|
Provides: audit-libs-python3%{?_isa} = %{version}-%{release}
|
||||||
@ -84,14 +91,19 @@ Management Facility) database, through an IBM Tivoli Directory Server
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
#autoreconf -fv --install
|
%patch -P 1 -p1
|
||||||
|
|
||||||
|
autoreconf -fv --install
|
||||||
|
|
||||||
|
# Remove the ids code, its not ready
|
||||||
|
sed -i 's/ ids / /' audisp/plugins/Makefile.in
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --with-python=no \
|
%configure --with-python=no \
|
||||||
--with-python3=yes \
|
--with-python3=yes \
|
||||||
--enable-gssapi-krb5=yes --with-arm --with-aarch64 \
|
--enable-gssapi-krb5=yes --with-arm --with-aarch64 \
|
||||||
--with-libcap-ng=yes --without-golang --enable-zos-remote \
|
--with-libcap-ng=yes --enable-zos-remote --without-golang \
|
||||||
--enable-systemd
|
--enable-systemd --enable-experimental --with-io_uring
|
||||||
|
|
||||||
make CFLAGS="%{optflags}" %{?_smp_mflags}
|
make CFLAGS="%{optflags}" %{?_smp_mflags}
|
||||||
|
|
||||||
@ -102,14 +114,23 @@ mkdir -p $RPM_BUILD_ROOT/%{_lib}
|
|||||||
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
|
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
|
||||||
mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
|
mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
|
mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_datadir}
|
||||||
make DESTDIR=$RPM_BUILD_ROOT install
|
make DESTDIR=$RPM_BUILD_ROOT install
|
||||||
|
|
||||||
|
# Validate sample rules shipped.
|
||||||
|
for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do
|
||||||
|
PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \
|
||||||
|
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \
|
||||||
|
%{_builddir}/%{name}-%{version}/contrib/ausysrulevalidate \
|
||||||
|
--update --rules-file "${r}"
|
||||||
|
done
|
||||||
|
|
||||||
# Remove these items so they don't get picked up.
|
# Remove these items so they don't get picked up.
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
|
||||||
|
|
||||||
find $RPM_BUILD_ROOT -name '*.la' -delete
|
find $RPM_BUILD_ROOT -name '*.la' -delete
|
||||||
find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete || true
|
find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete
|
||||||
|
|
||||||
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
||||||
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
||||||
@ -121,27 +142,39 @@ make check
|
|||||||
rm -f rules/Makefile*
|
rm -f rules/Makefile*
|
||||||
|
|
||||||
%post
|
%post
|
||||||
|
%systemd_post auditd.service
|
||||||
|
|
||||||
# Copy default rules into place on new installation
|
# Copy default rules into place on new installation
|
||||||
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
|
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
|
||||||
if [ "$files" -eq 0 ] ; then
|
if [ "$files" -eq 0 ] ; then
|
||||||
if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then
|
if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then
|
||||||
cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
|
cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
|
||||||
else
|
else
|
||||||
touch /etc/audit/rules.d/audit.rules
|
touch /etc/audit/rules.d/audit.rules
|
||||||
fi
|
fi
|
||||||
chmod 0600 /etc/audit/rules.d/audit.rules
|
chmod 0600 /etc/audit/rules.d/audit.rules
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If upgrading, restart the daemon if it's running
|
||||||
|
if [ $1 -eq 2 ]; then
|
||||||
|
state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
|
||||||
|
|
||||||
|
if [ $state = "active" ] ; then
|
||||||
|
auditctl --signal stop || true
|
||||||
|
systemctl start auditd
|
||||||
|
fi
|
||||||
|
# if installing, start it since preset says we should be running
|
||||||
|
elif [ $1 -eq 1 ]; then
|
||||||
|
systemctl start auditd
|
||||||
fi
|
fi
|
||||||
%systemd_post auditd.service
|
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%systemd_preun auditd.service
|
%systemd_preun auditd.service
|
||||||
|
# if uninstalling stop the daemon
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
/sbin/service auditd stop > /dev/null 2>&1
|
auditctl --signal stop || true
|
||||||
fi
|
# also delete loaded rules if uninstalling
|
||||||
|
auditctl -D || true
|
||||||
%postun
|
|
||||||
if [ $1 -ge 1 ]; then
|
|
||||||
/sbin/service auditd condrestart > /dev/null 2>&1 || :
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
@ -206,7 +239,6 @@ fi
|
|||||||
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
|
||||||
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
|
||||||
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
|
||||||
%attr(750,root,root) %{_libexecdir}/audit-functions
|
|
||||||
%ghost %{_localstatedir}/run/auditd.state
|
%ghost %{_localstatedir}/run/auditd.state
|
||||||
%attr(-,root,-) %dir %{_var}/log/audit
|
%attr(-,root,-) %dir %{_var}/log/audit
|
||||||
%attr(750,root,root) %dir /etc/audit
|
%attr(750,root,root) %dir /etc/audit
|
||||||
@ -216,21 +248,24 @@ fi
|
|||||||
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
|
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
|
||||||
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
|
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
|
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
|
|
||||||
|
|
||||||
%files -n audispd-plugins
|
%files -n audispd-plugins
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
|
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
|
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf
|
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf
|
||||||
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
|
||||||
%attr(750,root,root) %{_sbindir}/audisp-remote
|
%attr(750,root,root) %{_sbindir}/audisp-remote
|
||||||
%attr(750,root,root) %{_sbindir}/audisp-syslog
|
%attr(750,root,root) %{_sbindir}/audisp-syslog
|
||||||
%attr(750,root,root) %{_sbindir}/audisp-af_unix
|
%attr(750,root,root) %{_sbindir}/audisp-af_unix
|
||||||
|
%attr(750,root,root) %{_sbindir}/audisp-statsd
|
||||||
%attr(700,root,root) %dir %{_var}/spool/audit
|
%attr(700,root,root) %dir %{_var}/spool/audit
|
||||||
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
|
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
|
||||||
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
|
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
|
||||||
%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
|
%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
|
||||||
%attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
|
%attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
|
||||||
|
%attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz
|
||||||
|
|
||||||
%files -n audispd-plugins-zos
|
%files -n audispd-plugins-zos
|
||||||
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
|
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
|
||||||
@ -240,100 +275,205 @@ fi
|
|||||||
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
|
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Sat Oct 21 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-1
|
* Tue Jul 09 2024 Attila Lakatos <alakatos@redhat.com> - 3.1.5-1
|
||||||
- Rebase audit to latest upstream release
|
- New upstream maintenance release, 3.1.4
|
||||||
Resolves: RHEL-15001
|
- Prevent scriplets from failing
|
||||||
|
- When upgrading, restart the daemon if it's running
|
||||||
|
- If uninstalling, stop the daemon
|
||||||
|
- auditctl: use pidfd_send_signal for signaling auditd
|
||||||
|
Resolves: RHEL-45865
|
||||||
|
- Minor doc update
|
||||||
|
Resolves: RHEL-5186
|
||||||
|
- augenrules: do not exit with failure if in immutable mode
|
||||||
|
Resolves: RHEL-40110
|
||||||
|
- auditd.service: Disable ProtectControlGroups
|
||||||
|
Resolves: RHEL-5197
|
||||||
|
- auditctl: correct output when displaying rules with exe/path/dir
|
||||||
|
Resolves: RHEL-40243
|
||||||
|
|
||||||
* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-5
|
* Wed Nov 08 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-2
|
||||||
|
- Remove %systemd_preun from %preun scriptlet, as it was causing troubles when removing audit
|
||||||
|
Related: RHEL-14896
|
||||||
|
|
||||||
|
* Fri Oct 27 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-1
|
||||||
|
- New upstream release, 3.1.2
|
||||||
|
Resolves: RHEL-14896
|
||||||
|
|
||||||
|
* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-104
|
||||||
- Introduce new fanotify record fields
|
- Introduce new fanotify record fields
|
||||||
Resolves: rhbz#2216668
|
Resolves: rhbz#2216666
|
||||||
- invalid use of flexible array member
|
|
||||||
Resolves: rhbz#2116867
|
|
||||||
|
|
||||||
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-4
|
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
|
||||||
- Drop ProtectHome from auditd.service as it interferes with rules
|
- Drop ProtectHome from auditd.service as it interferes with rules
|
||||||
Resolves: rhbz#2071727 - Default systemd service config blocks audit watch rules in some directories
|
Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]
|
||||||
|
|
||||||
* Mon Mar 14 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-3
|
* Sun Mar 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-102
|
||||||
- Fix path normalization in auparse
|
- Fix path normalization in auparse
|
||||||
Resolves: rhbz#2062612 - auparse missing information when used with --format-text
|
Resolves: rhbz#2062824 - auparse missing information when used with --format-text
|
||||||
|
|
||||||
* Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-2
|
* Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101
|
||||||
- Adjust sample-rules dir permissions
|
- Adjust sample-rules dir permissions
|
||||||
Resolves: rhbz#2054727 - /usr/share/audit/sample-rules is no longer readable by non-root users
|
Resolves: rhbz#2054432 - /usr/share/audit/sample-rules is no longer readable by non-root users
|
||||||
|
|
||||||
* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-1
|
* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-100
|
||||||
- New upstream release - 3.0.7
|
- New upstream release, 3.0.7
|
||||||
Related: rhbz#1939406
|
Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages
|
||||||
|
|
||||||
* Thu Jan 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.5-1
|
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-5
|
||||||
- Rebase audit package on 8.6
|
- auparse: refact nvlist cleanup code
|
||||||
Resolves: rhbz#1939406
|
Resolves: rhbz#2008965
|
||||||
Resolves: rhbz#1906065
|
|
||||||
Resolves: rhbz#1921447
|
|
||||||
Resolves: rhbz#1927884
|
|
||||||
Resolves: rhbz#1921658
|
|
||||||
|
|
||||||
* Wed Jan 08 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.17.20191104git1c2f876
|
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-4
|
||||||
resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates (bpf patch)
|
- When interpreting, if val is NULL return an empty string
|
||||||
|
Resolves: rhbz#2004420
|
||||||
|
|
||||||
* Thu Nov 28 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.16.20191104git1c2f876
|
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-3
|
||||||
resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin
|
- Update dependency to initscripts-service instead of initscripts
|
||||||
|
Resolves: rhbz#2000933
|
||||||
|
|
||||||
* Mon Nov 04 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.15.20191104git1c2f876
|
* Tue Aug 17 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-2
|
||||||
resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates
|
- Fix timestamp parsing
|
||||||
resolves: rhbz#1767054 - move audit rules to shared data directory
|
Related: rhbz#1938680
|
||||||
resolves: rhbz#1746018 - Breakup 30-ospp-v42.rules into more granular files
|
|
||||||
resolves: rhbz#1740798 - auditctl(8) needs clarification for backlog_limit
|
|
||||||
resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin
|
|
||||||
|
|
||||||
* Thu Jul 25 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.13.20190607gitf58ec40
|
* Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-1
|
||||||
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes
|
- New upstream release, 3.0.5
|
||||||
|
Related: rhbz#1938680
|
||||||
|
|
||||||
* Sat Jul 13 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.12.20190607gitf58ec40
|
* Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-3
|
||||||
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes
|
- Validates the sample rules we ship
|
||||||
|
Resolves: rhbz#1985630
|
||||||
|
|
||||||
* Mon Jun 10 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.11.20190607gitf58ec40
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-2
|
||||||
resolves: rhbz#1643567 - service auditd stop exits prematurely
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
resolves: rhbz#1693470 - libauparse memory leak
|
Related: rhbz#1991688
|
||||||
resolves: rhbz#1694071 - ausearch doesn't record device/inode details checkpointing a single file
|
|
||||||
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes
|
|
||||||
resolves: rhbz#1705894 - aureport aborts when using a specific input
|
|
||||||
resolves: rhbz#1706045 - RFE: Backport support for new audit record types
|
|
||||||
resolves: rhbz#1715852 - RFE: provide a way to filter on network address family
|
|
||||||
|
|
||||||
* Wed Jan 09 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.10.20180831git0047a6c
|
* Tue Jun 22 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-1
|
||||||
resolves: rhbz#1655270] Message "audit: backlog limit exceeded" reported
|
- New upstream release, 3.0.2.
|
||||||
- Fix annobin failure
|
Fix issues detected by static analyzers
|
||||||
|
Resolves: rhbz#1938680
|
||||||
|
|
||||||
* Fri Dec 07 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.8.20180831git0047a6c
|
* Mon Jun 21 2021 Sergio Correia <scorreia@redhat.com> - 3.0.1-4
|
||||||
resolves: rhbz#1639745 - build requires go-toolset-7 which is not available
|
- Enable default RHEL configuration
|
||||||
resolves: rhbz#1643567 - service auditd stop exits prematurely
|
This enables syscall auditing by default.
|
||||||
resolves: rhbz#1616428 - Update git snapshot of audit package
|
Resolves: rhbz#1924561
|
||||||
- Remove static libs subpackage
|
|
||||||
|
|
||||||
* Fri Aug 31 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.5.20180831git0047a6c
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.1-3
|
||||||
resolves: rhbz#1616428 - Update git snapshot of audit package
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Thu Feb 18 2021 Steve Grubb <sgrubb@redhat.com> 3.0.1-2
|
||||||
|
- Add patch fixing segafult in the audisp-statsd plugin
|
||||||
|
|
||||||
|
* Fri Feb 12 2021 Steve Grubb <sgrubb@redhat.com> 3.0.1-1
|
||||||
|
- New upstream feature and bugfix release
|
||||||
|
- Enable building the audisp-statsd plugin
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Dec 16 2020 Steve Grubb <sgrubb@redhat.com> 3.0-1
|
||||||
|
- New upstream feature and bugfix release
|
||||||
|
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.21.20191104git1c2f876
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.20.20191104git1c2f876
|
||||||
|
- Rebuilt for Python 3.9
|
||||||
|
|
||||||
|
* Thu Mar 12 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.19.20191104git1c2f876
|
||||||
|
- Add Obsolete python2-audit (#1783061)
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.18.20191104git1c2f876
|
||||||
|
- Fix multiple definition of `event_node_list' (#1794446)
|
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.17.20191104git1c2f876
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Nov 22 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.16.20191104git1c2f876
|
||||||
|
- Drop python2 subpackage (#1775076)
|
||||||
|
|
||||||
|
* Mon Nov 04 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.14.20191104git1c2f876
|
||||||
|
- New upstream git snapshot prerelease
|
||||||
|
|
||||||
|
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.14.20190507gitf58ec40
|
||||||
|
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||||
|
|
||||||
|
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.13.20190507gitf58ec40
|
||||||
|
- Rebuilt for Python 3.8
|
||||||
|
|
||||||
|
* Wed Jul 31 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.12.20190507gitf58ec40
|
||||||
|
- Fix 1734953 - audit: FTBFS in Fedora rawhide/f31
|
||||||
|
|
||||||
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.11.20190507gitf58ec40
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 05 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.10.20190507gitf58ec40
|
||||||
|
- Add initscripts package to the requires (bz #1727058)
|
||||||
|
|
||||||
|
* Mon Jun 10 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.9.20190507gitf58ec40
|
||||||
|
- New upstream git snapshot prerelease which fixes several problems
|
||||||
|
- Fixed 1698130 - removing audit.rpm doesn't stop auditd
|
||||||
|
|
||||||
|
* Tue Mar 26 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.7.20190326git03e7489
|
||||||
|
- New upstream git snapshot prerelease which fixes a memory leak
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.6.20181218gitbdb72c0
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Dec 18 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.5.20181218gitbdb72c0
|
||||||
|
- New upstream git snapshot prerelease
|
||||||
|
- Remove historical ldconfig scriptlet (#1644056)
|
||||||
|
|
||||||
|
* Fri Aug 31 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.4.20180831git0047a6c
|
||||||
|
- New upstream feature prerelease
|
||||||
|
|
||||||
* Wed Aug 08 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.2.20180808git77fbcf3
|
* Wed Aug 08 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.2.20180808git77fbcf3
|
||||||
resolves: rhbz#1567357 New upstream feature prerelease
|
- New upstream feature prerelease
|
||||||
|
|
||||||
* Tue Jul 17 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.1.20180717gitacd53d1
|
* Tue Jul 17 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.1.20180717gitacd53d1
|
||||||
- New upstream feature prerelease
|
- New upstream feature prerelease
|
||||||
|
|
||||||
* Tue Jun 26 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-2
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-4
|
||||||
- Fix segfault on shutdown
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.8.4-3
|
||||||
|
- Remove unused sys V initscripts legacy bits
|
||||||
|
|
||||||
|
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8.4-2
|
||||||
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
* Tue Jun 19 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-1
|
* Tue Jun 19 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-1
|
||||||
- New upstream bugfix release
|
- New upstream bugfix release
|
||||||
|
|
||||||
* Wed May 30 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-1
|
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8.3-4
|
||||||
- New upstream bugfix release
|
- Rebuilt for Python 3.7
|
||||||
- Remove Python2 support
|
|
||||||
|
|
||||||
* Fri Apr 13 2018 Tom Stellard <tstellar@redhat.com> - 2.7.8-2
|
* Tue Apr 10 2018 Pete Walter <pwalter@fedoraproject.org> - 2.8.3-3
|
||||||
- Use go-toolset-7 instead of golang
|
- Rename Python 2 and 3 subpackages to python2-audit and python3-audit as per guidelines
|
||||||
- Package now must be built with: rhpkg --release rhel-8.0-go-toolset
|
|
||||||
|
* Mon Mar 26 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-2
|
||||||
|
- Fix Obsoletion of audit-libs-python not handled properly (#1559674)
|
||||||
|
|
||||||
|
* Sat Mar 10 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-1
|
||||||
|
- New upstream bugfix release
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.2-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Feb 05 2018 Steve Grubb <sgrubb@redhat.com> 2.8.2-3
|
||||||
|
- Add a Provides audit-libs-python (#1537864)
|
||||||
|
- Remove tcp_wrappers support?
|
||||||
|
|
||||||
|
* Thu Dec 14 2017 Steve Grubb <sgrubb@redhat.com> 2.8.2-2
|
||||||
|
- Rename things from python to python2
|
||||||
|
|
||||||
|
* Thu Dec 14 2017 Steve Grubb <sgrubb@redhat.com> 2.8.2-1
|
||||||
|
- New upstream bugfix release
|
||||||
|
|
||||||
|
* Thu Oct 12 2017 Steve Grubb <sgrubb@redhat.com> 2.8.1-1
|
||||||
|
- New upstream bugfix release
|
||||||
|
|
||||||
|
* Tue Oct 10 2017 Steve Grubb <sgrubb@redhat.com> 2.8-1
|
||||||
|
- New upstream feature release
|
||||||
|
|
||||||
* Mon Sep 18 2017 Steve Grubb <sgrubb@redhat.com> 2.7.8-1
|
* Mon Sep 18 2017 Steve Grubb <sgrubb@redhat.com> 2.7.8-1
|
||||||
- New upstream bugfix release
|
- New upstream bugfix release
|
||||||
|
Loading…
Reference in New Issue
Block a user