audit 1.6.4 released

[Steve Grubb]

On Sunday 30 December 2007 11:24:41 am Eric Paris wrote:
> On Sat, 2007-12-29 at 10:44 -0500, Steve Grubb wrote:
> > This release fixes a major bug that got introduced in the last release.
> > The code that fixes a permission problem was using the wrong variable. It
> > happens that the result was applied to /dev/null instead of the audit
> > log. If you had selinux in enforcing mode - nothing happened, for
> > everyone else.../dev/null probably got messed up. Oopsie.
>
> close, so close.
>
> Now auditd is fchmoding /var/log/audit/audit.log to 600 and everything
> works fine.  But run 'service auditd restart' or just reboot and audit
> will refuse to start!

I forgot to change the parser to allow this config. The following patch was
applied to Fedora rawhide. It will be in the 1.6.5 release sometime soon. I
want to fix a couple more things before releasing 1.6.5.

-Steve


diff -urp audit-1.6.5.orig/src/auditd-config.c audit-1.6.5/src/auditd-config.c
--- audit-1.6.5.orig/src/auditd-config.c	2007-12-30 17:01:29.000000000 -0500
+++ audit-1.6.5/src/auditd-config.c	2007-12-30 17:07:45.000000000 -0500
@@ -505,9 +505,9 @@ static int log_file_parser(struct nv_pai
 		audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
 		return 1;
 	}
-	if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != 
-			  (S_IRUSR|S_IWUSR|S_IRGRP)) {
-		audit_msg(LOG_ERR, "%s permissions should be 0640", nv->value);
+	if ( (buf.st_mode & (S_IXUSR|S_IWGRP|S_IXGRP|S_IRWXO)) ) {
+		audit_msg(LOG_ERR, "%s permissions should be 0600 or 0640",
+				nv->value);
 		return 1;
 	}
 	free((void *)config->log_file);