Enabling auditing. Resolves: #476216
This commit is contained in:
		
							parent
							
								
									d1932ba844
								
							
						
					
					
						commit
						cc6bd97cea
					
				
							
								
								
									
										104
									
								
								bash-3.2-audit.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										104
									
								
								bash-3.2-audit.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,104 @@ | |||||||
|  | --- bash-3.2/lib/readline/readline.c.audit	2008-01-18 13:06:25.000000000 +0100
 | ||||||
|  | +++ bash-3.2/lib/readline/readline.c	2008-01-18 13:06:25.000000000 +0100
 | ||||||
|  | @@ -55,6 +55,12 @@
 | ||||||
|  |  extern int errno; | ||||||
|  |  #endif /* !errno */ | ||||||
|  |   | ||||||
|  | +#if defined (HAVE_DECL_AUDIT_USER_TTY)
 | ||||||
|  | +#  include <sys/socket.h>
 | ||||||
|  | +#  include <linux/audit.h>
 | ||||||
|  | +#  include <linux/netlink.h>
 | ||||||
|  | +#endif
 | ||||||
|  | +
 | ||||||
|  |  /* System-specific feature definitions and include files. */ | ||||||
|  |  #include "rldefs.h" | ||||||
|  |  #include "rlmbutil.h" | ||||||
|  | @@ -292,7 +298,47 @@
 | ||||||
|  |    rl_visible_prompt_length = rl_expand_prompt (rl_prompt); | ||||||
|  |    return 0; | ||||||
|  |  } | ||||||
|  | -  
 | ||||||
|  | +
 | ||||||
|  | +#if defined (HAVE_DECL_AUDIT_USER_TTY)
 | ||||||
|  | +/* Report STRING to the audit system. */
 | ||||||
|  | +static void
 | ||||||
|  | +audit_tty (char *string)
 | ||||||
|  | +{
 | ||||||
|  | +  struct sockaddr_nl addr;
 | ||||||
|  | +  struct msghdr msg;
 | ||||||
|  | +  struct nlmsghdr nlm;
 | ||||||
|  | +  struct iovec iov[2];
 | ||||||
|  | +  size_t size;
 | ||||||
|  | +  int fd;
 | ||||||
|  | +
 | ||||||
|  | +  size = strlen (string) + 1;
 | ||||||
|  | +  fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
 | ||||||
|  | +  if (fd < 0)
 | ||||||
|  | +    return;
 | ||||||
|  | +  nlm.nlmsg_len = NLMSG_LENGTH (size);
 | ||||||
|  | +  nlm.nlmsg_type = AUDIT_USER_TTY;
 | ||||||
|  | +  nlm.nlmsg_flags = NLM_F_REQUEST;
 | ||||||
|  | +  nlm.nlmsg_seq = 0;
 | ||||||
|  | +  nlm.nlmsg_pid = 0;
 | ||||||
|  | +  iov[0].iov_base = &nlm;
 | ||||||
|  | +  iov[0].iov_len = sizeof (nlm);
 | ||||||
|  | +  iov[1].iov_base = string;
 | ||||||
|  | +  iov[1].iov_len = size;
 | ||||||
|  | +  addr.nl_family = AF_NETLINK;
 | ||||||
|  | +  addr.nl_pid = 0;
 | ||||||
|  | +  addr.nl_groups = 0;
 | ||||||
|  | +  msg.msg_name = &addr;
 | ||||||
|  | +  msg.msg_namelen = sizeof (addr);
 | ||||||
|  | +  msg.msg_iov = iov;
 | ||||||
|  | +  msg.msg_iovlen = 2;
 | ||||||
|  | +  msg.msg_control = NULL;
 | ||||||
|  | +  msg.msg_controllen = 0;
 | ||||||
|  | +  msg.msg_flags = 0;
 | ||||||
|  | +  (void)sendmsg (fd, &msg, 0);
 | ||||||
|  | +  close (fd);
 | ||||||
|  | +}
 | ||||||
|  | +#endif
 | ||||||
|  | +
 | ||||||
|  |  /* Read a line of input.  Prompt with PROMPT.  An empty PROMPT means | ||||||
|  |     none.  A return value of NULL means that EOF was encountered. */ | ||||||
|  |  char * | ||||||
|  | @@ -326,6 +372,11 @@
 | ||||||
|  |    rl_clear_signals (); | ||||||
|  |  #endif | ||||||
|  |   | ||||||
|  | +#if defined (HAVE_DECL_AUDIT_USER_TTY)
 | ||||||
|  | +  if (value != NULL)
 | ||||||
|  | +    audit_tty (value);
 | ||||||
|  | +#endif
 | ||||||
|  | +
 | ||||||
|  |    return (value); | ||||||
|  |  } | ||||||
|  |   | ||||||
|  | --- bash-3.2/configure.in.audit	2008-01-18 13:06:25.000000000 +0100
 | ||||||
|  | +++ bash-3.2/configure.in	2008-01-18 13:06:25.000000000 +0100
 | ||||||
|  | @@ -871,6 +871,8 @@
 | ||||||
|  |  BASH_SYS_PGRP_SYNC | ||||||
|  |  BASH_SYS_SIGNAL_VINTAGE | ||||||
|  |   | ||||||
|  | +AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include <linux/audit.h>]])
 | ||||||
|  | +
 | ||||||
|  |  dnl checking for the presence of certain library symbols | ||||||
|  |  BASH_SYS_ERRLIST | ||||||
|  |  BASH_SYS_SIGLIST | ||||||
|  | --- bash-3.2/config.h.in.audit	2008-01-18 13:06:25.000000000 +0100
 | ||||||
|  | +++ bash-3.2/config.h.in	2008-01-18 13:10:19.000000000 +0100
 | ||||||
|  | @@ -1058,6 +1058,14 @@
 | ||||||
|  |   | ||||||
|  |  /* End additions for lib/intl */ | ||||||
|  |   | ||||||
|  | +
 | ||||||
|  | +/* Additions for lib/readline */
 | ||||||
|  | +
 | ||||||
|  | +/* Define if you have <linux/audit.h> and it defines AUDIT_USER_TTY */
 | ||||||
|  | +#undef HAVE_DECL_AUDIT_USER_TTY
 | ||||||
|  | +
 | ||||||
|  | +/* End additions for lib/readline */
 | ||||||
|  | +
 | ||||||
|  |  #include "config-bot.h" | ||||||
|  |   | ||||||
|  |  #endif /* _CONFIG_H_ */ | ||||||
| @ -1,7 +1,7 @@ | |||||||
| Version: 3.2 | Version: 3.2 | ||||||
| Name: bash | Name: bash | ||||||
| Summary: The GNU Bourne Again shell (bash) version %{version} | Summary: The GNU Bourne Again shell (bash) version %{version} | ||||||
| Release: 31%{?dist} | Release: 32%{?dist} | ||||||
| Group: System Environment/Shells | Group: System Environment/Shells | ||||||
| License: GPLv2+ | License: GPLv2+ | ||||||
| Url: http://www.gnu.org/software/bash | Url: http://www.gnu.org/software/bash | ||||||
| @ -87,6 +87,7 @@ Patch141: bash-3.2-patch035.patch | |||||||
| Patch142: bash-3.2-execve_catch_signals.patch | Patch142: bash-3.2-execve_catch_signals.patch | ||||||
| Patch143: bash-3.2-ssh_source_bash.patch | Patch143: bash-3.2-ssh_source_bash.patch | ||||||
| Patch144: bash-3.2-command_not_found.patch | Patch144: bash-3.2-command_not_found.patch | ||||||
|  | Patch145: bash-3.2-audit.patch | ||||||
| 
 | 
 | ||||||
| Requires(post): ncurses-libs | Requires(post): ncurses-libs | ||||||
| BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) | ||||||
| @ -184,6 +185,7 @@ compliance over previous versions. | |||||||
| %patch142 -p1 -b .execve_catch_signals | %patch142 -p1 -b .execve_catch_signals | ||||||
| %patch143 -p1 -b .ssh_source_bash | %patch143 -p1 -b .ssh_source_bash | ||||||
| %patch144 -p1 -b .command_not_found | %patch144 -p1 -b .command_not_found | ||||||
|  | %patch145 -p1 -b .audit | ||||||
| 
 | 
 | ||||||
| echo %{version} > _distribution | echo %{version} > _distribution | ||||||
| echo %{release} > _patchlevel | echo %{release} > _patchlevel | ||||||
| @ -325,6 +327,10 @@ fi | |||||||
| %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt | %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Mon Dec 15 2008 Roman Rakus <rrakus@redhat.com> - 3.2-32 | ||||||
|  | - Enabling auditing | ||||||
|  |   Resolves: #476216 | ||||||
|  | 
 | ||||||
| * Tue Dec 09 2008 Roman Rakus <rrakus@redhat.com> - 3.2-31 | * Tue Dec 09 2008 Roman Rakus <rrakus@redhat.com> - 3.2-31 | ||||||
| - Patchlevel 48 | - Patchlevel 48 | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user