audit/SOURCES/augenrules-immutable.patch

diff -up audit-3.1.2/init.d/augenrules.orig audit-3.1.2/init.d/augenrules
--- audit-3.1.2/init.d/augenrules.orig	2025-03-31 12:33:04.141223438 +0200
+++ audit-3.1.2/init.d/augenrules	2025-03-31 12:33:29.280457333 +0200
@@ -32,10 +32,11 @@ ASuffix="prev"
 OnlyCheck=0
 LoadRules=0
 RETVAL=0
-usage="Usage: $0 [--check|--load]"
+cmd="$0"
+usage="Usage: $cmd [--check|--load]"
 
 # Delete the interim file on faults
-trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15
+trap 'rm -f ${TmpRules}; exit 1' HUP INT QUIT PIPE TERM
 
 try_load() {
 	if [ $LoadRules -eq 1 ] ; then
@@ -44,6 +45,14 @@ try_load() {
 	fi
 }
 
+# Check if audit is in immutable mode - exit if so
+check_immutable () {
+    if [ "$(auditctl -s | awk '$1 == "enabled" { print $2 }')" = "2" ] ; then
+	echo "$cmd: Audit system is in immutable mode - exiting with no changes"
+	exit 0
+    fi
+}
+
 while [ $# -ge 1 ]
 do
 	if [ "$1" = "--check" ] ; then
@@ -59,7 +68,7 @@ done
 
 # Check environment
 if [ ! -d ${SourceRulesDir} ]; then
-	echo "$0: No rules directory - ${SourceRulesDir}"
+	echo "$cmd: No rules directory - ${SourceRulesDir}"
 	rm -f "${TmpRules}"
 	try_load
 	exit 1
@@ -101,7 +110,7 @@ END     {
 
 # If empty then quit
 if [ ! -s "${TmpRules}" ]; then
-	echo "$0: No rules"
+	echo "$cmd: No rules"
 	rm -f "${TmpRules}"
 	try_load
 	exit $RETVAL
@@ -110,17 +119,19 @@ fi
 # If the same then quit
 cmp -s "${TmpRules}" ${DestinationFile} > /dev/null 2>&1
 if [ $? -eq 0 ]; then
-	echo "$0: No change"
+	echo "$cmd: No change"
 	rm -f "${TmpRules}"
+	check_immutable
 	try_load
 	exit $RETVAL
 elif [ $OnlyCheck -eq 1 ] ; then
-	echo "$0: Rules have changed and should be updated"
+	echo "$cmd: Rules have changed and should be updated"
 	rm -f "${TmpRules}"
 	exit 0
 fi
 
 # Otherwise we install the new file
+check_immutable
 if [ -f ${DestinationFile} ]; then
 	cp ${DestinationFile} ${DestinationFile}.${ASuffix}
 fi
@@ -135,3 +146,4 @@ rm -f "${TmpRules}"
 
 try_load
 exit $RETVAL
+