audit/audit-1.8-noaudit.patch
2009-02-26 23:50:35 +00:00

121 lines
3.9 KiB
Diff

Index: /trunk/init.d/auditd.init
===================================================================
--- /trunk/init.d/auditd.init (revision 243)
+++ /trunk/init.d/auditd.init (revision 265)
@@ -72,7 +72,7 @@
if test $RETVAL = 0 ; then
touch /var/lock/subsys/auditd
+ # Load the default rules
+ test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
fi
- # Load the default rules
- test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
return $RETVAL
}
@@ -85,9 +85,15 @@
rm -f /var/lock/subsys/auditd
# Remove watches so shutdown works cleanly
- if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" ; then
- /sbin/auditctl -D >/dev/null
+ if test x"$AUDITD_CLEAN_STOP" != "x" ; then
+ if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no"
+ then
+ /sbin/auditctl -D >/dev/null
+ fi
fi
- if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no" ; then
- /sbin/auditctl -e 0 >/dev/null
+ if test x"$AUDITD_STOP_DISABLE" != "x" ; then
+ if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no"
+ then
+ /sbin/auditctl -e 0 >/dev/null
+ fi
fi
return $RETVAL
Index: /trunk/src/auditctl.c
===================================================================
--- /trunk/src/auditctl.c (revision 242)
+++ /trunk/src/auditctl.c (revision 265)
@@ -971,4 +971,6 @@
}
}
+ if (retval == -1 && errno == ECONNREFUSED)
+ fprintf(stderr, "The audit system is disabled\n");
return retval;
}
@@ -1086,4 +1088,10 @@
"There was an error in line %d of %s\n",
lineno, file);
+ else {
+ fprintf(stderr,
+ "The audit system is disabled\n");
+ fclose(f);
+ return 0;
+ }
if (!ignore) {
fclose(f);
@@ -1122,4 +1130,7 @@
"The audit system is in immutable "
"mode, no rules loaded\n");
+ return 0;
+ } else if (errno == ECONNREFUSED) {
+ fprintf(stderr, "The audit system is disabled\n");
return 0;
} else if (fileopt(argv[2]))
@@ -1141,4 +1152,7 @@
"The audit system is in immutable "
"mode, no rules loaded\n");
+ return 0;
+ } else if (errno == ECONNREFUSED) {
+ fprintf(stderr, "The audit system is disabled\n");
return 0;
}
Index: /trunk/src/auditd-event.c
===================================================================
--- /trunk/src/auditd-event.c (revision 258)
+++ /trunk/src/auditd-event.c (revision 265)
@@ -287,6 +287,7 @@
data->tail = NULL;
data->head = data->head->next;
- if (data->head == NULL && stop &&
- cur->reply.type == AUDIT_DAEMON_END)
+ if (data->head == NULL && stop &&
+ ( cur->reply.type == AUDIT_DAEMON_END ||
+ cur->reply.type == AUDIT_DAEMON_ABORT) )
stop_req = 1;
pthread_mutex_unlock(&data->queue_lock);
Index: /trunk/src/auditd.c
===================================================================
--- /trunk/src/auditd.c (revision 256)
+++ /trunk/src/auditd.c (revision 265)
@@ -616,5 +616,5 @@
return 1;
}
- if(getsubj(subj))
+ if (getsubj(subj))
snprintf(start, sizeof(start),
"auditd start, ver=%s format=%s "
@@ -684,5 +684,5 @@
send_audit_event(AUDIT_DAEMON_ABORT, emsg);
audit_msg(LOG_ERR,
- "Unable to set intitial audit startup state to '%s', exiting",
+ "Unable to set initial audit startup state to '%s', exiting",
startup_states[opt_startup]);
close_down();
Index: /trunk/src/autrace.c
===================================================================
--- /trunk/src/autrace.c (revision 1)
+++ /trunk/src/autrace.c (revision 265)
@@ -156,5 +156,10 @@
{
case -1:
- fprintf(stderr, "Error - can't get rule count.\n");
+ if (errno == ECONNREFUSED)
+ fprintf(stderr,
+ "The audit system is disabled\n");
+ else
+ fprintf(stderr,
+ "Error - can't get rule count.\n");
return 1;
case 0: