[PATCH 0/5] Build time disabling of auditd network listener

[Steve Grubb]

On Wednesday, August 01, 2012 12:00:19 AM Tyler Hicks wrote:
> Hello Steve - This is a patch set that allows --disable-listener to be
> passed to the configure script to disable the auditd network listener code
> at build time. The reasoning is that a large number of users do not need
> centralized audit logging and removing the network listening code from a
> root-owned auditd process is appealing from a security perspective.
> 
> The existing implementation clearly does not initialize the listener when
> tcp_listen_port is undefined in auditd.conf, but I still think there is
> value in not having the listening code present in all auditd installations.
> 
> The first three patches in the set are refactoring patches to move nearly
> all of the listening code into auditd-listen.c in order to minimize the
> number of ifdefs that would need to be scattered throughout C source files.
> The fourth patch is an optional cleanup patch. The last patch introduces
> the  --disable-listener option.
> 
> The auditd listener code is still enabled by default so that existing distro
> packaging recipes will not need to be updated.

Applied.

-Steve