[PATCH, v3 8/8] audispd-zos-remote plugin - build and packaging infrastructure

Klaus Heinrich Kiwi klausk at linux.vnet.ibm.com
Thu Dec 13 15:49:47 UTC 2007 

This patch brings the Makefiles and spec files integration. The spec
file builds the policy module for strict, targeted and mls modules,
installing the compiled .pp files
into /usr/share/selinux/{mls,strict,targeted}/zos-remote.pp.

The mechanics for doing this is based on
http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules, but
with a little change on how to get the %{selinux_policyver} variable
(reason: wasn't able to load policy built on RHEL5.1 on RHEL5 GA, even
though the policy version is the same - so we must also track for
package releases).

Using rpm to query the selinux-policy package version inside a spec file
is ugly - I know. Please tell me if you think of a better approach.

Signed-off-by: Klaus Heinrich Kiwi <klausk at br.ibm.com>

diff -purN audit-1.6.2/audisp/plugins/Makefile.am audit-1.6.2_zos-remote/audisp/plugins/Makefile.am
--- audit-1.6.2/audisp/plugins/Makefile.am	2007-09-12 14:25:13.000000000 -0300
+++ audit-1.6.2_zos-remote/audisp/plugins/Makefile.am	2007-12-04 12:55:30.000000000 -0200
@@ -22,5 +22,5 @@
 
 CONFIG_CLEAN_FILES = Makefile.in *.loT *.rej *.orig
 
-SUBDIRS = builtins ids remote
+SUBDIRS = builtins ids remote zos-remote
 
diff -purN audit-1.6.2/audisp/plugins/zos-remote/Makefile.am audit-1.6.2_zos-remote/audisp/plugins/zos-remote/Makefile.am
--- audit-1.6.2/audisp/plugins/zos-remote/Makefile.am	1969-12-31 21:00:00.000000000 -0300
+++ audit-1.6.2_zos-remote/audisp/plugins/zos-remote/Makefile.am	2007-12-04 16:32:02.000000000 -0200
@@ -0,0 +1,52 @@
+# Makefile.am--
+# Copyright (C) 2007 International Business Machines  Corp.
+# All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# Authors:
+#   Klaus Heinrich Kiwi <klausk at br.ibm.com>
+#
+
+INCLUDES = -I.. -I${top_srcdir}/lib -I${top_srcdir}/auparse
+CONFIG_CLEAN_FILES = Makefile.in *.rej *.orig
+AUTOMAKE_OPTIONS = no-dependencies
+EXTRA_DIST = zos-remote.conf audispd-zos-remote.conf \
+	policy/audispd-zos-remote.te policy/audispid-zos-remote.fc\
+	policy/audispd-zos-remote.if policy/build.sh policy/install.sh
+LIBS = -L${top_srcdir}/auparse -lauparse
+LDADD = -lpthread -lldap -llber 
+dispatcher_confdir = $(sysconfdir)/audisp
+plugin_confdir=$(dispatcher_confdir)/plugins.d
+plugin_conf = zos-remote.conf
+dispatcher_conf = audispd-zos-remote.conf
+sbin_PROGRAMS = audispd-zos-remote
+
+noinst_HEADERS = zos-remote-log.h zos-remote-ldap.h zos-remote-config.h \
+	zos-remote-queue.h
+audispd_zos_remote_SOURCES = zos-remote-plugin.c zos-remote-log.c \
+	zos-remote-ldap.c zos-remote-config.c zos-remote-queue.c
+audispd_zos_remote_CFLAGS = -W -Wall -Wundef -D_GNU_SOURCE
+
+install-data-hook:
+	mkdir -p -m 0750 ${DESTDIR}${plugin_confdir}
+	$(INSTALL_DATA) -D -m 640 ${srcdir}/$(plugin_conf) \
+	    ${DESTDIR}${dispatcher_confdir}
+	$(INSTALL_DATA) -D -m 640 ${srcdir}/$(dispatcher_conf) \
+	    ${DESTDIR}${plugin_confdir}
+
+uninstall-hook:
+	rm ${DESTDIR}${plugin_confdir}/$(dispatcher_conf)
+	rm ${DESTDIR}${dispatcher_confdir}/$(plugin_conf)
diff -purN audit-1.6.2/audit.spec audit-1.6.2_zos-remote/audit.spec
--- audit-1.6.2/audit.spec	2007-09-25 08:46:49.000000000 -0300
+++ audit-1.6.2_zos-remote/audit.spec	2007-12-13 13:12:46.000000000 -0200
@@ -1,4 +1,6 @@
 %define sca_version 0.4.3
+%define selinux_variants mls strict targeted
+%define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,')
 
 Summary: User space tools for 2.6 kernel auditing
 Name: audit
@@ -53,18 +55,26 @@ Requires: %{name}-libs = %{version}-%{re
 The audit-libs-python package contains the bindings so that libaudit
 and libauparse can be used by python.
 
-##%package -n audispd-plugins
-##Summary: Plugins for the audit event dispatcher
-##License: GPLv2+
-##Group: System Environment/Daemons
-##Requires: %{name} = %{version}-%{release}
-##Requires: %{name}-libs = %{version}-%{release}
-
-##%description -n audispd-plugins
-##The audispd-plugins package provides plugins for the real-time
-##interface to the audit system, audispd. These plugins can do things
-##like relay events to remote machines or analyze events for suspicious
-##behavior.
+%package -n audispd-plugins
+Summary: Plugins for the audit event dispatcher
+License: GPLv2+
+Group: System Environment/Daemons
+BuildRequires: openldap-devel rpm
+BuildRequires: checkpolicy selinux-policy-devel
+Requires: %{name} = %{version}-%{release}
+Requires: %{name}-libs = %{version}-%{release}
+Requires: openldap
+%if "%{selinux_policyver}" != ""
+Requires: selinux-policy >= %{selinux_policyver}
+%endif
+Requires(post): /usr/sbin/semodule /sbin/restorecon
+Requires(postun): /usr/sbin/semodule
+
+%description -n audispd-plugins
+The audispd-plugins package provides plugins for the real-time
+interface to the audit system, audispd. These plugins can do things
+like relay events to remote machines or analyze events for suspicious
+behavior.
 
 %package -n system-config-audit
 Summary: Utility for editing audit configuration
@@ -78,12 +88,22 @@ An utility for editing audit configurati
 
 %prep
 %setup -q
+mkdir zos-remote-policy
+cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
 
 %build
 (cd system-config-audit; ./autogen.sh)
 aclocal && autoconf && autoheader && automake
 %configure --sbindir=/sbin --libdir=/%{_lib}
 make
+cd zos-remote-policy
+for selinuxvariant in %{selinux_variants}
+do
+    make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+    mv audispd-zos-remote.pp audispd-zos-remote.pp.${selinuxvariant}
+    make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+done
+cd -
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -94,6 +114,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audi
 mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit
 make DESTDIR=$RPM_BUILD_ROOT install
 make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora
+for selinuxvariant in %{selinux_variants}
+do
+    install -d $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant}
+    install -p -m 644 zos-remote-policy/audispd-zos-remote.pp.${selinuxvariant} \
+            $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant}/audispd-zos-remote.pp
+done
 
 mkdir -p $RPM_BUILD_ROOT/%{_libdir}
 # This winds up in the wrong place when libtool is involved
@@ -124,13 +150,24 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/et
 # Remove the plugin stuff for now
 rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/au-ids.conf
 rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/remote.conf
+##rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/audispd-zos-remote.conf
+##rm -f $RPM_BUILD_ROOT/etc/audisp/zos-remote.conf
 rm -f $RPM_BUILD_ROOT/sbin/audisp-ids
+##rm -f $RPM_BUILD_ROOT/sbin/audispd-zos-remote
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
 %post libs -p /sbin/ldconfig
 
+%post -n audispd-plugins
+for selinuxvariant in %{selinux_variants}
+do
+    /usr/sbin/semodule -s $selinuxvariant \
+      -i %{_datadir}/selinux/$selinuxvariant/audispd-zos-remote.pp &> /dev/null || :
+done
+/sbin/restorecon -F /sbin/audispd-zos-remote /etc/audisp/zos-remote.conf
+
 %post
 /sbin/chkconfig --add auditd
 if [ -f /etc/auditd.conf ]; then
@@ -157,6 +194,14 @@ fi
 %postun libs
 /sbin/ldconfig 2>/dev/null
 
+%postun -n audispd-plugins
+if [ $1 -eq 0 ]; then
+    for selinuxvariant in %{selinux_variants}
+    do
+        /usr/sbin/semodule -s $selinuxvariant -r audispd-zos-remote &>/dev/null || :
+    done
+fi
+
 %postun
 if [ $1 -ge 1 ]; then
    /sbin/service auditd condrestart > /dev/null 2>&1 || :
@@ -189,8 +234,14 @@ fi
 %files
 %defattr(-,root,root,-)
 %doc  README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron
-%attr(0644,root,root) %{_mandir}/man8/*
-%attr(0644,root,root) %{_mandir}/man5/*
+%attr(0644,root,root) %{_mandir}/man8/audispd.8.gz
+%attr(0644,root,root) %{_mandir}/man8/auditctl.8.gz
+%attr(0644,root,root) %{_mandir}/man8/auditd.8.gz
+%attr(0644,root,root) %{_mandir}/man8/aureport.8.gz
+%attr(0644,root,root) %{_mandir}/man8/ausearch.8.gz
+%attr(0644,root,root) %{_mandir}/man8/autrace.8.gz
+%attr(0644,root,root) %{_mandir}/man5/auditd.conf.5.gz
+%attr(0644,root,root) %{_mandir}/man5/audispd.conf.5.gz
 %attr(750,root,root) /sbin/auditctl
 %attr(750,root,root) /sbin/auditd
 %attr(755,root,root) /sbin/ausearch
@@ -210,11 +261,17 @@ fi
 %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
 %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
 
-##%files -n audispd-plugins
-##%defattr(-,root,root,-)
+%files -n audispd-plugins
+%defattr(-,root,root,-)
+%attr(0644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
+%attr(0644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
 ##%attr(640,root,root) /etc/audisp/plugins.d/au-ids.conf
 ##%attr(640,root,root) /etc/audisp/plugins.d/remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
 ##%attr(750,root,root) /sbin/audisp-ids
+%attr(750,root,root) /sbin/audispd-zos-remote
+%attr(0755,root,root) %{_datadir}/selinux/*/audispd-zos-remote.pp
 
 %files -n system-config-audit -f system-config-audit.lang
 %defattr(-,root,root,-)
diff -purN audit-1.6.2/configure.ac audit-1.6.2_zos-remote/configure.ac
--- audit-1.6.2/configure.ac	2007-09-12 14:26:41.000000000 -0300
+++ audit-1.6.2_zos-remote/configure.ac	2007-12-04 15:14:47.000000000 -0200
@@ -109,7 +109,7 @@ if test x$use_apparmor != xno ; then
       AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi
 
 AC_CONFIG_SUBDIRS([system-config-audit])
-AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile bindings/Makefile bindings/python/Makefile)
+AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile)
 
 echo .
 echo "
diff -purN audit-1.6.2/docs/Makefile.am audit-1.6.2_zos-remote/docs/Makefile.am
--- audit-1.6.2/docs/Makefile.am	2007-09-18 12:31:41.000000000 -0300
+++ audit-1.6.2_zos-remote/docs/Makefile.am	2007-12-04 12:56:13.000000000 -0200
@@ -46,5 +46,5 @@ auparse_node_compare.3 auparse_reset.3 a
 aureport.8 ausearch.8 ausearch_add_item.3 ausearch_add_regex.3 \
 ausearch_clear.3 ausearch_next_event.3 ausearch_set_stop.3 \
 autrace.8 get_auditfail_action.3 set_aumessage_mode.3 \
-audispd.8 audispd.conf.5
+audispd.8 audispd.conf.5 audispd-zos-remote.8 zos-remote.conf.5
 

-- 
Klaus Heinrich Kiwi <klausk at linux.vnet.ibm.com>
IBM STG, Linux Technology Center

More information about the Linux-audit mailing list