rpms/audit/F-8 audit-1.7.2-avc.patch, NONE, 1.1 audit-1.7.3-cmd.patch, NONE, 1.1 audit-1.7.3-prelude.patch, NONE, 1.1 .cvsignore, 1.84, 1.85 audit.spec, 1.157, 1.158 sources, 1.106, 1.107 audit-1.6.8-audispd-memleak.patch, 1.2, NONE audit-1.7-ausearch.patch, 1.1, NONE audit-1.7.1-log-cmd-overflow.patch, 1.1, NONE audit-1.7.1-lsb-headers.patch, 1.1, NONE
Steve Grubb (sgrubb)
fedora-extras-commits at redhat.com
Thu Apr 17 20:54:48 UTC 2008
Author: sgrubb
Update of /cvs/pkgs/rpms/audit/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8026
Modified Files:
.cvsignore audit.spec sources
Added Files:
audit-1.7.2-avc.patch audit-1.7.3-cmd.patch
audit-1.7.3-prelude.patch
Removed Files:
audit-1.6.8-audispd-memleak.patch audit-1.7-ausearch.patch
audit-1.7.1-log-cmd-overflow.patch
audit-1.7.1-lsb-headers.patch
Log Message:
* Thu Apr 17 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-1
- New upstream version
- Update system-config-audit to version 0.4.6 (Miloslav Trmac)
- audisp-prelude alerts now controlled by config file
- Updated syscall table for 2.6.25 kernel
- Add basic remote logging plugin - only sends & no flow control
- Add support in auditctl for virtual keys
- Add example STIG rules file
- ausyscall program added for cross referencing syscall name and number info
- Add string table lookup performance improvement patch (Miloslav Trmac)
audit-1.7.2-avc.patch:
--- NEW FILE audit-1.7.2-avc.patch ---
diff -urp audit-1.7.2.orig/src/ausearch-parse.c audit-1.7.2/src/ausearch-parse.c
--- audit-1.7.2.orig/src/ausearch-parse.c 2008-04-09 14:26:27.000000000 -0400
+++ audit-1.7.2/src/ausearch-parse.c 2008-04-17 10:44:10.000000000 -0400
@@ -1208,6 +1212,17 @@ static int parse_avc(const lnode *n, sea
term = str + 6;
}
}
+ if (event_filename) {
+ // do we have a path?
+ str = strstr(term, " path=");
+ if (str) {
+ str += 6;
+ rc = common_path_parser(s, str);
+ if (rc)
+ goto err;
+ term += 7;
+ }
+ }
if (event_subject) {
// scontext
str = strstr(term, "scontext=");
audit-1.7.3-cmd.patch:
--- NEW FILE audit-1.7.3-cmd.patch ---
diff -urp audit-1.7.2/lib/audit_logging.c audit-1.7.3/lib/audit_logging.c
--- audit-1.7.2/lib/audit_logging.c 2008-04-01 12:25:33.000000000 -0400
+++ audit-1.7.3/lib/audit_logging.c 2008-04-11 17:07:24.000000000 -0400
@@ -633,7 +633,6 @@ int audit_log_user_command(int audit_fd,
// We borrow the commname buffer
if (getcwd(commname, PATH_MAX) == NULL)
strcpy(commname, "?");
- strcpy(cwdname, commname);
p = commname;
len = strlen(commname);
while (*p) {
@@ -644,6 +643,8 @@ int audit_log_user_command(int audit_fd,
}
p++;
}
+ if (cwdenc == 0)
+ strcpy(cwdname, commname);
len = strlen(cmd);
// Trim the trailing carriage return and spaces
@@ -665,6 +666,8 @@ int audit_log_user_command(int audit_fd,
}
p++;
}
+ if (cmdenc == 0)
+ strcpy(commname, cmd);
free(cmd);
// Make the format string
audit-1.7.3-prelude.patch:
--- NEW FILE audit-1.7.3-prelude.patch ---
diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c
--- audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c 2008-04-07 16:57:12.000000000 -0400
+++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c 2008-04-17 16:27:51.000000000 -0400
@@ -228,7 +228,8 @@ int main(int argc, char *argv[])
return -1;
}
- syslog(LOG_INFO, "audisp-prelude is ready for events");
+ if (mode != M_TEST)
+ syslog(LOG_INFO, "audisp-prelude is ready for events");
do {
/* Load configuration */
if (hup) {
@@ -248,9 +249,10 @@ int main(int argc, char *argv[])
/* Flush any accumulated events from queue */
auparse_flush_feed(au);
- syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
if (mode == M_TEST)
puts("audisp-prelude is exiting on stop request");
+ else
+ syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
/* Cleanup subsystems */
if (client)
@@ -1938,6 +1940,7 @@ static void handle_event(auparse_state_t
break;
case AUDIT_SYSCALL:
handle_watched_syscalls(au, &idmef, &alert);
+ goto_record_type(au, AUDIT_SYSCALL);
break;
default:
break;
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/audit/F-8/.cvsignore,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- .cvsignore 7 Jan 2008 21:17:26 -0000 1.84
+++ .cvsignore 17 Apr 2008 20:54:12 -0000 1.85
@@ -81,3 +81,4 @@
audit-1.6.1.tar.gz
audit-1.6.2.tar.gz
audit-1.6.5.tar.gz
+audit-1.7.2.tar.gz
Index: audit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audit/F-8/audit.spec,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158
--- audit.spec 2 Apr 2008 22:22:30 -0000 1.157
+++ audit.spec 17 Apr 2008 20:54:12 -0000 1.158
@@ -1,21 +1,21 @@
-%define sca_version 0.4.5
-%define sca_release 7
+%define sca_version 0.4.6
+%define sca_release 1
%define selinux_variants mls strict targeted
%define selinux_policyver 3.0.8
+%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
Summary: User space tools for 2.6 kernel auditing
Name: audit
-Version: 1.6.8
-Release: 4%{?dist}
+Version: 1.7.2
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Patch0: audit-1.6.8-zos.patch
-Patch1: audit-1.6.8-audispd-memleak.patch
-Patch2: audit-1.7.1-lsb-headers.patch
-Patch3: audit-1.7.1-log-cmd-overflow.patch
-Patch4: audit-1.7-ausearch.patch
+Patch1: audit-1.7.3-cmd.patch
+Patch2: audit-1.7.2-avc.patch
+Patch3: audit-1.7.3-prelude.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gettext-devel intltool libtool swig python-devel
BuildRequires: kernel-headers >= 2.6.18
@@ -102,8 +102,6 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1
-%patch3 -p1
-%patch4 -p1
mkdir zos-remote-policy
cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
@@ -115,9 +113,14 @@
cd zos-remote-policy
for selinuxvariant in %{selinux_variants}
do
- make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+ if [ "${selinuxvariant}" = "mls" ]; then
+ TYPE=mls-mls
+ else
+ TYPE=${selinuxvariant}-mcs
+ fi
+ make -f /usr/share/selinux/devel/Makefile
mv audispd-zos-remote.pp audispd-zos-remote.pp.${selinuxvariant}
- make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+ make -f /usr/share/selinux/devel/Makefile clean
done
cd -
@@ -247,16 +250,17 @@
%{_includedir}/auparse.h
%{_includedir}/auparse-defs.h
%{_mandir}/man3/*
+%{_mandir}/man5/ausearch-expression.5.gz
%files libs-python
%defattr(-,root,root)
-%{_libdir}/python?.?/site-packages/_audit.so
-%{_libdir}/python?.?/site-packages/auparse.so
-/usr/lib/python?.?/site-packages/audit.py*
+%attr(755,root,root) %{_libdir}/python?.?/site-packages/_audit.so
+%attr(755,root,root) %{_libdir}/python?.?/site-packages/auparse.so
+%{python_sitelib}/audit.py*
%files
%defattr(-,root,root,-)
-%doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron
+%doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron
%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
@@ -264,6 +268,7 @@
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
+%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
%attr(750,root,root) /sbin/auditctl
@@ -272,7 +277,8 @@
%attr(755,root,root) /sbin/aureport
%attr(750,root,root) /sbin/autrace
%attr(750,root,root) /sbin/audispd
-%attr(750,root,root) /sbin/aulastlog
+%attr(750,root,root) %{_bindir}/aulastlog
+%attr(755,root,root) %{_bindir}/ausyscall
%attr(755,root,root) /etc/rc.d/init.d/auditd
%attr(750,root,root) %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit
@@ -295,8 +301,15 @@
%attr(750,root,root) /sbin/audispd-zos-remote
%attr(644,root,root) %{_datadir}/selinux/*/audispd-zos-remote.pp
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-prelude.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-prelude.conf
%attr(750,root,root) /sbin/audisp-prelude
+%attr(644,root,root) %{_mandir}/man5/audisp-prelude.conf.5.gz
%attr(644,root,root) %{_mandir}/man8/audisp-prelude.8.gz
+%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
+%attr(750,root,root) /sbin/audisp-remote
+%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
+%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
%files -n system-config-audit -f system-config-audit.lang
%defattr(-,root,root,-)
@@ -314,6 +327,17 @@
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
%changelog
+* Thu Apr 17 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-1
+- New upstream version
+- Update system-config-audit to version 0.4.6 (Miloslav Trmac)
+- audisp-prelude alerts now controlled by config file
+- Updated syscall table for 2.6.25 kernel
+- Add basic remote logging plugin - only sends & no flow control
+- Add support in auditctl for virtual keys
+- Add example STIG rules file
+- ausyscall program added for cross referencing syscall name and number info
+- Add string table lookup performance improvement patch (Miloslav Trmac)
+
* Wed Apr 02 2008 Steve Grubb <sgrubb at redhat.com> 1.6.8-4
- Fix overflow in audit_log_user_command bz 438840
- Remove LSB headers from init scripts
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/audit/F-8/sources,v
retrieving revision 1.106
retrieving revision 1.107
diff -u -r1.106 -r1.107
--- sources 15 Feb 2008 17:03:59 -0000 1.106
+++ sources 17 Apr 2008 20:54:12 -0000 1.107
@@ -1 +1 @@
-67cd6d2995bbb0a8b3c37ce484d758f5 audit-1.6.8.tar.gz
+1415749e73fbee34ff5f5f78ab92386a audit-1.7.2.tar.gz
--- audit-1.6.8-audispd-memleak.patch DELETED ---
--- audit-1.7-ausearch.patch DELETED ---
--- audit-1.7.1-log-cmd-overflow.patch DELETED ---
--- audit-1.7.1-lsb-headers.patch DELETED ---
More information about the fedora-extras-commits
mailing list