From 8d7eac91354d625ae643b7d33ab2b8e79d0f658d Mon Sep 17 00:00:00 2001 From: Nikolai Kondrashov Date: Wed, 22 Feb 2017 15:04:34 +0100 Subject: [PATCH] Upgrade to upstream v3 release Resolves: Bug#1419225 --- .gitignore | 1 + sources | 2 +- tlog.spec | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 81 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index fba54c0..83671b1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /tlog-2.tar.gz +/tlog-3.tar.gz diff --git a/sources b/sources index 16fac28..bda58ed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ffae154acce9f36ed9419bb4b106a70e tlog-2.tar.gz +SHA512 (tlog-3.tar.gz) = c7ca36d0bc586dfc46f33b93d4ae490ead1573d9c26c5dc604a1ee7e3d19d5365366b620b623fed89a7ee32856b7934ff6f6fbdd8860e3b431e2eae969dec7b8 diff --git a/tlog.spec b/tlog.spec index 38fc0a8..cfe32a9 100644 --- a/tlog.spec +++ b/tlog.spec @@ -1,16 +1,20 @@ Name: tlog -Version: 2 -Release: 2%{?dist} +Version: 3 +Release: 1%{?dist} Summary: Terminal I/O logger Group: Applications/System License: GPLv2+ -URL: https://github.com/Scribery/tlog -Source: https://github.com/Scribery/%{name}/releases/download/v%{version}/tlog-%{version}.tar.gz +URL: https://github.com/Scribery/%{name} +Source: https://github.com/Scribery/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz BuildRequires: json-c-devel BuildRequires: curl-devel BuildRequires: m4 +# If it's not RHEL6 and older +%if 0%{?rhel} == 0 || 0%{?rhel} >= 7 +BuildRequires: systemd-units +%endif Requires(post): sed Requires(postun): sed @@ -34,6 +38,13 @@ make %{?_smp_mflags} %check make %{?_smp_mflags} check +%pre +getent group %{name} >/dev/null || + groupadd -r %{name} +getent passwd %{name} >/dev/null || + useradd -r -g %{name} -d %{_localstatedir}/run/%{name} -s /sbin/nologin \ + -c "Tlog terminal I/O logger" %{name} + %install make install DESTDIR=%{buildroot} rm %{buildroot}/%{_libdir}/*.la @@ -41,15 +52,42 @@ rm %{buildroot}/%{_libdir}/*.la rm %{buildroot}/%{_libdir}/*.so rm -r %{buildroot}/usr/include/%{name} +# If it's not RHEL6 and older +%if 0%{?rhel} == 0 || 0%{?rhel} >= 7 + # Create tmpfiles.d configuration for the lock dir + mkdir -p %{buildroot}%{_tmpfilesdir} + { + echo "# Type Path Mode UID GID Age Argument" + echo "d /run/%{name} 0755 %{name} %{name}" + } > %{buildroot}%{_tmpfilesdir}/%{name}.conf + # Create the lock dir + mkdir -p %{buildroot}/run + install -d -m 0755 %{buildroot}/run/%{name} +# Else, if it's RHEL6 or older +%else + # Create the lock dir + mkdir -p %{buildroot}%{_localstatedir}/run + install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name} +%endif + %files %{!?_licensedir:%global license %doc} %license COPYING %doc %{_defaultdocdir}/%{name} -%{_bindir}/%{name}-* +%attr(6755,%{name},%{name}) %{_bindir}/%{name}-rec +%{_bindir}/%{name}-play %{_libdir}/lib%{name}.so* %{_datadir}/%{name} %{_mandir}/man5/* %{_mandir}/man8/* +# If it's not RHEL6 and older +%if 0%{?rhel} == 0 || 0%{?rhel} >= 7 +%config(noreplace) %{_tmpfilesdir}/%{name}.conf +%dir %attr(-,%{name},%{name}) /run/%{name} +# Else if it's RHEL6 or older +%else +%dir %attr(-,%{name},%{name}) %{_localstatedir}/run/%{name} +%endif %dir %{_sysconfdir}/%{name} %config(noreplace) %{_sysconfdir}/%{name}/%{name}-rec.conf %config(noreplace) %{_sysconfdir}/%{name}/%{name}-play.conf @@ -72,6 +110,42 @@ test -e '%{_sysconfdir}/shells' && %{_sysconfdir}/shells %changelog +* Wed Feb 22 2017 Nikolai Kondrashov - 3-1 +- Release v3. Added features and implemented fixes follow. +- Make each JSON message timing data start with window size. + This makes it possible to pick up the stream from any message and also + combine messages, with window size known and preserved at all times. +- Add "term" field to JSON messages, specifying terminal type. +- Add "ver" field to JSON messages, specifying message format version. +- Set "SHELL" environment variable to actual user shell in tlog-rec. +- Check for locale's charset and abort tlog-rec if it's anything but the only + supported UTF-8. +- Add -v/--version option support to tlog-rec and tlog-play. +- Fix tlog-rec and tlog-play error output by accumulating error messages and + outputting them only after terminal settings are restored, on exit. Output + startup warnings before switching to raw terminal settings. +- Output a newline after restoring terminal settings in tlog-rec and + tlog-play, so that following output is not stuck to the end of the last line + of the raw output. +- Add an Elasticsearch mapping to documentation directory. +- Disable input logging by default to avoid storing passwords. Please enable + it explicitly in configuration, or on the command line, if necessary. +- Close log file written by tlog-rec on executing the shell in the child to + prevent log modification by the recorded user. +- Support running tlog-rec SUID/SGID to prevent recorded users from killing or + modifying it. Make tlog-rec SUID/SGID to user "tlog" in the RPM package. +- Add session locking to tlog-rec. This prevents tlog-rec from recording if + the audit session is already recorded by creating per-audit-session lock + files in /var/run/tlog. This only makes sense with tlog-rec SUID/SGID. + When certain failures occur while creating a lock file, session is assumed + unlocked and is recorded anyway, as it is safer to record a session than + not. Add corresponding setup to the RPM package. +- Reproduce the recorded program (shell) exit status in tlog-rec similarly to + how Bash reproduces the last executed command status. +- Update and expand README.md to describe secure log message filtering with + rsyslog, and playback directly from Elasticsearch, among other, smaller + additions. + * Sat Feb 11 2017 Fedora Release Engineering - 2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild