[packages/audit] - dropped pie bcond (gcc 3.3? really?) - use upstream systemd service file, but without RefuseManual
baggins
baggins at pld-linux.org
Sun Dec 8 12:46:00 CET 2013
commit 738da8d693c76fe19fecc5f1b71b44b6f666707a
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Sun Dec 8 12:41:50 2013 +0100
- dropped pie bcond (gcc 3.3? really?)
- use upstream systemd service file, but without RefuseManualStop
- updated SySv init script and sysconfig with changes from upstream
- make example cron job work with both SysV and systemd init script/service
- cleanup build and install
- added trigger and post for changes location of rules file
- rel 1
audit-cronjob.patch | 12 +++++++++++
audit-no-refusemanualstop.patch | 10 +++++++++
audit.spec | 48 ++++++++++++++++++-----------------------
auditd.init | 24 ++++++++++++++++++++-
auditd.service | 11 ----------
auditd.sysconfig | 27 +++++++++++++++++------
6 files changed, 86 insertions(+), 46 deletions(-)
---
diff --git a/audit.spec b/audit.spec
index 0d45412..dc80580 100644
--- a/audit.spec
+++ b/audit.spec
@@ -1,10 +1,5 @@
-# TODO: - revise our auditd.service vs upstream version
-# - add triggers for existing rules
-# look at https://www.redhat.com/archives/linux-audit/2013-May/msg00000.html
-#
# Conditional build:
%bcond_without kerberos5 # do not build with heimdal
-%bcond_without pie # auditd as PIE binary
%bcond_without prelude # prelude audisp plugin
%bcond_without python # don't build python bindings
%bcond_without zos_remote # do not build zos-remote audisp plugin (LDAP dep)
@@ -13,24 +8,24 @@ Summary: User space tools for 2.6 kernel auditing
Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do audytu jąder 2.6
Name: audit
Version: 2.3.2
-Release: 0.1
+Release: 1
License: GPL v2+
Group: Daemons
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
# Source0-md5: 4e8d065b5cc16b77b9b61e93a9ed160e
Source2: %{name}d.init
Source3: %{name}d.sysconfig
-Source4: %{name}d.service
Patch0: %{name}-install.patch
Patch1: %{name}-m4.patch
Patch2: %{name}-nolibs.patch
Patch3: %{name}-no_zos_remote.patch
Patch4: %{name}-systemd-notonly.patch
Patch5: %{name}-am.patch
+Patch6: %{name}-no-refusemanualstop.patch
+Patch7: %{name}-cronjob.patch
URL: http://people.redhat.com/sgrubb/audit/
BuildRequires: autoconf >= 2.59
BuildRequires: automake >= 1:1.9
-%{?with_pie:BuildRequires: gcc >= 5:3.4}
BuildRequires: glibc-headers >= 6:2.3.6
%{?with_kerberos5:BuildRequires: heimdal-devel}
BuildRequires: libcap-ng-devel
@@ -151,6 +146,8 @@ Pythonowy interfejs do biblioteki libaudit.
%{!?with_zos_remote:%patch3 -p1}
%patch4 -p1
%patch5 -p1
+%patch6 -p1
+%patch7 -p1
%if %{without python}
sed 's#swig/Makefile ##' -i configure.ac
@@ -169,12 +166,8 @@ sed 's/swig//' -i Makefile.am
--with-apparmor \
--with-libwrap \
%{?with_prelude:--with-prelude}
-# override auditd_{C,LD}FLAGS to avoid -fPIE unsupported by gcc 3.3
-%{__make} \
- %{!?with_pie:auditd_CFLAGS="-D_REENTRANT -D_GNU_SOURCE" auditd_LDFLAGS="-Wl,-z,relro"}
-# temporarily not included in all
-%{__make} -C auparse
+%{__make}
%install
rm -rf $RPM_BUILD_ROOT
@@ -183,9 +176,8 @@ install -d $RPM_BUILD_ROOT%{_var}/log/audit
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
-# temporarily not included in all
-%{__make} -C auparse install \
- DESTDIR=$RPM_BUILD_ROOT
+install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/auditd
+install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/auditd
install -d $RPM_BUILD_ROOT/%{_lib}
mv -f $RPM_BUILD_ROOT%{_libdir}/libaudit.so.* $RPM_BUILD_ROOT/%{_lib}
@@ -195,21 +187,13 @@ mv -f $RPM_BUILD_ROOT%{_libdir}/libauparse.so.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*) \
$RPM_BUILD_ROOT%{_libdir}/libauparse.so
-# We manually install this since Makefile doesn't
-install -d $RPM_BUILD_ROOT{%{_includedir},%{systemdunitdir}}
-install lib/libaudit.h $RPM_BUILD_ROOT%{_includedir}
-
-install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/auditd
-install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/auditd
-install %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}
-
-# seems RH initscripts-specific
-%{__rm} -r $RPM_BUILD_ROOT%{_libdir}/initscripts
+# RH initscripts-specific
+%{__rm} -r $RPM_BUILD_ROOT%{_libexecdir}/initscripts
%if %{with python}
%py_comp $RPM_BUILD_ROOT%{py_sitedir}
%py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
-%{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.py
+%py_postclean
%{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.{la,a}
%endif
@@ -220,6 +204,10 @@ rm -rf $RPM_BUILD_ROOT
%postun libs -p /sbin/ldconfig
%post
+# Copy default rules into place on new installation
+if [ ! -e %{_sysconfdir}/audit/audit.rules ] ; then
+ cp -a %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules
+fi
/sbin/chkconfig --add auditd
%service auditd restart "audit daemon"
%systemd_post auditd.service
@@ -237,9 +225,15 @@ fi
%triggerpostun -- %{name} < 2.2-2
%systemd_trigger auditd.service
+%triggerpostun -- %{name} < 2.3-1
+if [ -e %{_sysconfdir}/audit/audit.rules.rpmsave ] ; then
+ %{__mv} %{_sysconfdir}/audit/audit.rules{.rpmsave,}
+fi
+
%files
%defattr(644,root,root,755)
%doc AUTHORS ChangeLog README THANKS TODO
+%doc contrib/{capp,nispom,lspp,stig}.rules init.d/auditd.cron
%attr(750,root,root) %{_bindir}/aulast
%attr(750,root,root) %{_bindir}/aulastlog
%attr(750,root,root) %{_bindir}/ausyscall
diff --git a/audit-cronjob.patch b/audit-cronjob.patch
new file mode 100644
index 0000000..9510fc6
--- /dev/null
+++ b/audit-cronjob.patch
@@ -0,0 +1,12 @@
+--- audit-2.3.2/init.d/auditd.cron.orig 2013-07-29 23:36:59.000000000 +0200
++++ audit-2.3.2/init.d/auditd.cron 2013-12-08 12:29:45.000000000 +0100
+@@ -1,7 +1,8 @@
+ # based on a cron job.
+ ##########
+
+-/sbin/service auditd rotate
++p=$(pidof auditd)
++[ -n "$p" ] && kill -USR1 $p
+ EXITVALUE=$?
+ if [ $EXITVALUE != 0 ]; then
+ /usr/bin/logger -t auditd "ALERT exited abnormally with [$EXITVALUE]"
diff --git a/audit-no-refusemanualstop.patch b/audit-no-refusemanualstop.patch
new file mode 100644
index 0000000..47b843a
--- /dev/null
+++ b/audit-no-refusemanualstop.patch
@@ -0,0 +1,10 @@
+--- a/init.d/auditd.service
++++ b/init.d/auditd.service
+@@ -4,7 +4,6 @@ DefaultDependencies=no
+ After=local-fs.target
+ Conflicts=shutdown.target
+ Before=sysinit.target shutdown.target
+-RefuseManualStop=yes
+
+ [Service]
+ ExecStart=/sbin/auditd -n
diff --git a/auditd.init b/auditd.init
index fdabdbc..d3c279e 100755
--- a/auditd.init
+++ b/auditd.init
@@ -15,7 +15,8 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin
# Source function library
. /etc/rc.d/init.d/functions
-AUDITD_CLEAN_STOP=yes
+AUDITD_CLEAN_STOP="yes"
+AUDITD_STOP_DISABLE="yes"
EXTRAOPTIONS=
AUDIT_RULES=/etc/audit/audit.rules
@@ -30,11 +31,29 @@ start() {
local rc
msg_starting auditd
+ # Localization for auditd is controlled in /etc/synconfig/auditd
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ else
+ LANG="$AUDITD_LANG"
+ LC_TIME="$AUDITD_LANG"
+ LC_ALL="$AUDITD_LANG"
+ LC_MESSAGES="$AUDITD_LANG"
+ LC_NUMERIC="$AUDITD_LANG"
+ LC_MONETARY="$AUDITD_LANG"
+ LC_COLLATE="$AUDITD_LANG"
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ fi
unset HOME MAIL USER USERNAME
daemon /sbin/auditd "$EXTRAOPTIONS"
RETVAL=$?
# Load the default rules if daemon started
if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
+ # Prepare the default rules
+ if is_yes "$USE_AUGENRULES"; then
+ /sbin/augenrules
+ fi
+ # Load the default rules
/sbin/auditctl -R $AUDIT_RULES >/dev/null
rc=$?
# add error code, if it was an error
@@ -56,6 +75,9 @@ stop() {
if ! is_no "$AUDITD_CLEAN_STOP"; then
/sbin/auditctl -D >/dev/null
fi
+ if ! is_no "$AUDITD_STOP_DISABLE"; then
+ /sbin/auditctl -e 0 >/dev/null
+ fi
}
condrestart() {
diff --git a/auditd.service b/auditd.service
deleted file mode 100644
index 04b0b36..0000000
--- a/auditd.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Security Auditing Service
-After=syslog.target
-
-[Service]
-ExecStart=/sbin/auditd -n
-ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/auditd.sysconfig b/auditd.sysconfig
index 51154f4..e46687b 100644
--- a/auditd.sysconfig
+++ b/auditd.sysconfig
@@ -3,13 +3,26 @@
# Nice level for auditd
#SERVICE_RUN_NICE_LEVEL=0
-# You can set audit locale here
-#LC_ALL=C
-
+# Add extra options here
+EXTRAOPTIONS=""
+#
+# This is the locale information that audit uses.
+# To remove all locale information from audit's environment, set
+# AUDITD_LANG to the empty string or the string "none".
+#AUDITD_LANG="pl_PL"
+#
# This option is used to determine if rules & watches should be deleted on
# shutdown. This is beneficial in most cases so that a watch doesn't linger
# on a drive that is being unmounted. If set to no, it will NOT be cleaned up.
-AUDITD_CLEAN_STOP=yes
-
-# Extra options for auditd
-#EXTRAOPTIONS=
+AUDITD_CLEAN_STOP="yes"
+#
+# This option determines whether the audit system should be disabled when
+# the audit daemon is shutdown
+AUDITD_STOP_DISABLE="yes"
+#
+# This option determines whether or not to call augenrules to compile the
+# audit.rule file from /etc/audit/rules.d. The default is "no" so that nothing
+# happens to existing rules. When setting this up, any existing rules need to
+# be copied into /etc/audit/rules.d or it will be lost when audit.rule gets
+# overwritten.
+USE_AUGENRULES="no"
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/audit.git/commitdiff/738da8d693c76fe19fecc5f1b71b44b6f666707a
More information about the pld-cvs-commit
mailing list