diff --git a/audit-2.8.5.tar.gz b/audit-2.8.5.tar.gz deleted file mode 100644 index 18816cfe8f2dacb84e419279e2dee2cd3a86b34f..0000000000000000000000000000000000000000 Binary files a/audit-2.8.5.tar.gz and /dev/null differ diff --git a/audit-3.0.tar.gz b/audit-3.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7598a6f353456d4178a320127841f394c9daf099 Binary files /dev/null and b/audit-3.0.tar.gz differ diff --git a/audit.spec b/audit.spec index 62d95b7f1113a71164d3d0407d9c43a7b71b78b1..04d3d6cf65e2b415e1762679700750fb03b9ef2e 100644 --- a/audit.spec +++ b/audit.spec @@ -3,17 +3,17 @@ Summary: User space tools for kernel auditing Name: audit Epoch: 1 -Version: 2.8.5 -Release: 3 +Version: 3.0 +Release: 1 License: GPLv2+ and LGPLv2+ URL: https://people.redhat.com/sgrubb/audit/ Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt -Patch0: Fix-memleak-in-auparse-caused-by-corrected-event-ordering.patch -Patch1: bugfix-audit-support-armv7b.patch -Patch2: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch -Patch3: bugfix-audit-reload-coredump.patch +Patch0: bugfix-audit-support-armv7b.patch +Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch +Patch2: bugfix-audit-reload-coredump.patch +Patch3: backport-Fix-the-default-location-for-zos-remote.conf-171.patch BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: openldap-devel krb5-devel libcap-ng-devel @@ -22,7 +22,8 @@ BuildRequires: python2 python-unversioned-command BuildRequires: golang %endif Requires: %{name}-libs = %{epoch}:%{version}-%{release} -Requires(post): systemd coreutils +Requires(pre): pkgconf +Requires(post): systemd coreutils pkgconf Requires(preun): systemd Requires(postun): systemd coreutils @@ -45,6 +46,7 @@ Summary: Plugins for audit event dispatcher License: GPLv2+ Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name}-libs = %{epoch}:%{version}-%{release} +Requires(post): pkgconf %description -n audispd-plugins This package provides plugins for the real-time interface to audispd. @@ -55,6 +57,7 @@ License: GPLv2+ Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: openldap +Requires(post): pkgconf %description -n audispd-plugins-zos This package provides a z/OS plugin for audit event dispatcher that @@ -157,6 +160,19 @@ make check %endif rm -f rules/Makefile* +%pre +if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then + # custom plugins, copy config files from /etc/audisp/plugins.d to /etc/audit/plugins.d + # self-plugins confile files will be overwritten when installing + plugins_config_files=`ls /etc/audisp/plugins.d/*.conf 2>/dev/null | wc -w` + if [ $plugins_config_files -gt 0 ];then + if [ ! -d /etc/audit/plugins.d/ ];then + mkdir -p /etc/audit/plugins.d/ + fi + cp /etc/audisp/plugins.d/*.conf /etc/audit/plugins.d/ + fi +fi + %post /sbin/ldconfig files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` @@ -168,8 +184,83 @@ if [ "$files" -eq 0 ] ; then fi chmod 0600 /etc/audit/rules.d/audit.rules fi + +# merge custom changes to new file +if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then + if [ -s "/etc/audisp/plugins.d/af_unix.conf" ];then + diffrence=`diff /etc/audisp/plugins.d/af_unix.conf /etc/audit/plugins.d/af_unix.conf` + if [ "X$diffrence" != "X" ];then + cp /etc/audisp/plugins.d/af_unix.conf /etc/audit/plugins.d/af_unix.conf + fi + fi +fi + %systemd_post auditd.service +%post -n audispd-plugins +# after installing audispd-plugins +if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then + for file in audisp-remote.conf au-remote.conf syslog.conf + do + # merge custom changes to new file + if [ "$file" == "audisp-remote.conf" ];then + if [ -s "/etc/audisp/$file" ];then + diffrence=`diff /etc/audisp/$file /etc/audit/$file` + if [ "X$diffrence" != "X" ];then + cp /etc/audisp/$file /etc/audit/$file + if [ "X`grep startup_failure_action /etc/audit/$file`" == "X" ];then + # add option in new version + echo "startup_failure_action = warn_once_continue" >> /etc/audit/$file + fi + fi + fi + elif [ "$file" == "syslog.conf" ];then + if [ -s "/etc/audisp/plugins.d/$file" ];then + diffrence=`diff /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file` + if [ "X$diffrence" != "X" ];then + cp /etc/audisp/plugins.d/syslog.conf /etc/audit/plugins.d/syslog.conf + # change options "path" and "type" + sed -i 's/path[ ]*=[ ]*builtin_syslog/path\ =\ \/sbin\/audisp-syslog/g' /etc/audit/plugins.d/syslog.conf + sed -i 's/type[ ]*=[ ]*builtin/type\ =\ always/g' /etc/audit/plugins.d/syslog.conf + fi + fi + else + if [ -s "/etc/audisp/plugins.d/$file" ];then + diffrence=`diff /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file` + if [ "X$diffrence" != "X" ];then + cp /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file + fi + fi + fi + done +fi + +%post -n audispd-plugins-zos +# after installing audispd-plugins-zos +if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then + for file in audispd-zos-remote.conf zos-remote.conf + do + # merge custom changes to new file + if [ "$file" == "zos-remote.conf" ];then + if [ -s "/etc/audisp/$file" ];then + diffrence=`diff /etc/audisp/$file /etc/audit/$file` + if [ "X$diffrence" != "X" ];then + cp /etc/audisp/$file /etc/audit/$file + fi + fi + elif [ "$file" == "audispd-zos-remote.conf" ];then + if [ -s "/etc/audisp/plugins.d/$file" ];then + diffrence=`diff /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file` + if [ "X$diffrence" != "X" ];then + cp /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file + # change option "args" + sed -i 's/\/etc\/audisp\/zos-remote\.conf/\/etc\/audit\/zos-remote\.conf/g' /etc/audit/plugins.d/$file + fi + fi + fi + done +fi + %preun %systemd_preun auditd.service @@ -188,7 +279,6 @@ fi %attr(755,root,root) /sbin/ausearch %attr(755,root,root) /sbin/aureport %attr(750,root,root) /sbin/autrace -%attr(755,root,root) /sbin/audispd %attr(755,root,root) /sbin/augenrules %attr(755,root,root) %{_bindir}/aulast %attr(755,root,root) %{_bindir}/aulastlog @@ -208,14 +298,11 @@ fi %attr(750,root,root) %dir /etc/audit %attr(750,root,root) %dir /etc/audit/rules.d %attr(750,root,root) %dir /etc/audit/plugins.d -%attr(750,root,root) %dir /etc/audisp -%attr(750,root,root) %dir /etc/audisp/plugins.d %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf %ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules %config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules -%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf -%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf %files libs /%{_lib}/libaudit.so.1* @@ -223,15 +310,16 @@ fi %config(noreplace) %attr(640,root,root) /etc/libaudit.conf %files -n audispd-plugins -%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf -%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf -%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf +%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf %attr(750,root,root) /sbin/audisp-remote +%attr(750,root,root) /sbin/audisp-syslog %attr(700,root,root) %dir %{_var}/spool/audit %files -n audispd-plugins-zos -%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf -%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf %attr(750,root,root) /sbin/audispd-zos-remote %files devel @@ -265,12 +353,16 @@ fi %files help %defattr(-,root,root) %doc ChangeLog rules init.d/auditd.cron +%attr(644,root,root) %{_datadir}/%{name}/sample-rules/* %attr(644,root,root) %{_mandir}/man3/*.3.gz %attr(644,root,root) %{_mandir}/man5/*.5.gz %attr(644,root,root) %{_mandir}/man7/*.7.gz %attr(644,root,root) %{_mandir}/man8/*.8.gz %changelog +* Tue May 25 2021 yixiangzhike - 3.0-1 +- update to 3.0 + * Wed May 19 2021 yixiangzhike - 2.8.5-3 - fix directory permissions for /etc/audisp and /etc/audisp/plugins.d diff --git a/backport-Fix-the-default-location-for-zos-remote.conf-171.patch b/backport-Fix-the-default-location-for-zos-remote.conf-171.patch new file mode 100644 index 0000000000000000000000000000000000000000..ade88056686c2d97568e840555022a3b5694afbd --- /dev/null +++ b/backport-Fix-the-default-location-for-zos-remote.conf-171.patch @@ -0,0 +1,37 @@ +From ea21005f1abba62ed4acd7432c6e721504909511 Mon Sep 17 00:00:00 2001 +From: Pythoner +Date: Mon, 19 Apr 2021 14:10:14 -0500 +Subject: [PATCH 2052/2052] Fix the default location for zos-remote.conf (#171) + +--- + audisp/plugins/zos-remote/audispd-zos-remote.conf | 2 +- + docs/zos-remote.conf.5 | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/audisp/plugins/zos-remote/audispd-zos-remote.conf b/audisp/plugins/zos-remote/audispd-zos-remote.conf +index 13aef2c..eda199e 100644 +--- a/audisp/plugins/zos-remote/audispd-zos-remote.conf ++++ b/audisp/plugins/zos-remote/audispd-zos-remote.conf +@@ -10,5 +10,5 @@ active = no + direction = out + path = /sbin/audispd-zos-remote + type = always +-args = /etc/audisp/zos-remote.conf ++args = /etc/audit/zos-remote.conf + format = string +diff --git a/docs/zos-remote.conf.5 b/docs/zos-remote.conf.5 +index 4bf504d..7ee92e3 100644 +--- a/docs/zos-remote.conf.5 ++++ b/docs/zos-remote.conf.5 +@@ -26,7 +26,7 @@ zos\-remote.conf \- the audisp-racf plugin configuration file + controls the configuration for the + .BR audispd\-zos\-remote (8) + Audit dispatcher plugin. The default location for this file is +-.IR /etc/audisp/zos\-remote.conf , ++.IR /etc/audit/zos\-remote.conf , + however, a different file can be specified as the first argument to the + .B audispd\-zos\-remote + plugin. See +-- +1.8.3.1 + diff --git a/bugfix-audit-reload-coredump.patch b/bugfix-audit-reload-coredump.patch index 44186ceba4b59c89af6a84cb3d6fed0b0a545fb5..e183873f863c6fcb1f8bd6810171f73b46a061fd 100644 --- a/bugfix-audit-reload-coredump.patch +++ b/bugfix-audit-reload-coredump.patch @@ -1,7 +1,38 @@ -diff -Nur audit-3.0.org/src/auditd.c audit-3.0/src/auditd.c ---- audit-3.0.org/src/auditd.c 2019-07-30 09:29:49.420000000 +0800 -+++ audit-3.0/src/auditd.c 2019-07-30 09:58:30.484000000 +0800 -@@ -76,6 +76,7 @@ +From 2a7404291e431757bc417c9c3250f2ca84a82d89 Mon Sep 17 00:00:00 2001 +From: Leo Fang +Date: Mon, 24 May 2021 19:16:02 +0800 +Subject: [PATCH] bugfix-audit-reload-coredump + +--- + src/auditd-reconfig.c | 2 ++ + src/auditd.c | 36 +++++++++++++++++++++++++++++------- + 2 files changed, 31 insertions(+), 7 deletions(-) + +diff --git a/src/auditd-reconfig.c b/src/auditd-reconfig.c +index f5b00e6..5ea9126 100644 +--- a/src/auditd-reconfig.c ++++ b/src/auditd-reconfig.c +@@ -35,6 +35,7 @@ + + /* externs we need to know about */ + extern void reconfig_ready(void); ++extern void reconfig_pthread_failed(void); + + /* This is the configuration manager code */ + static pthread_t config_thread; +@@ -122,6 +123,7 @@ static void *config_thread_main(void *arg) + //send_audit_event(AUDIT_DAEMON_CONFIG, txt); + free_config(&new_config); + free(e); ++ reconfig_pthread_failed(); + } + + pthread_mutex_unlock(&config_lock); +diff --git a/src/auditd.c b/src/auditd.c +index fa783a2..0d76e0c 100644 +--- a/src/auditd.c ++++ b/src/auditd.c +@@ -76,6 +76,7 @@ static int hup_info_requested = 0; static int usr1_info_requested = 0, usr2_info_requested = 0; static char subj[SUBJ_LEN]; static uint32_t session; @@ -9,38 +40,45 @@ diff -Nur audit-3.0.org/src/auditd.c audit-3.0/src/auditd.c /* Local function prototypes */ int send_audit_event(int type, const char *str); -@@ -502,12 +503,24 @@ - if (hup_info_requested) { +@@ -519,15 +520,30 @@ static void netlink_handler(struct ev_loop *loop, struct ev_io *io, + char hup[MAX_AUDIT_MESSAGE_LENGTH]; audit_msg(LOG_DEBUG, "HUP detected, starting config manager"); - reconfig_ev = cur_event; - if (start_config_manager(cur_event)) { -- send_audit_event( -- AUDIT_DAEMON_CONFIG, -- "op=reconfigure state=no-change " -- "auid=-1 pid=-1 subj=? res=failed"); + if(hup_flag == 0) + { + hup_flag = 1; + reconfig_ev = cur_event; + if (start_config_manager(cur_event)) { -+ send_audit_event( -+ AUDIT_DAEMON_CONFIG, -+ "op=reconfigure state=no-change " -+ "auid=-1 pid=-1 subj=? res=failed"); -+ hup_flag = 0; ++ audit_format_signal_info(hup, ++ sizeof(hup), ++ "reconfigure state=no-change", ++ &cur_event->reply, ++ "failed"); ++ send_audit_event(AUDIT_DAEMON_CONFIG, ++ hup); ++ hup_flag = 0; + } + } + else + { -+ send_audit_event( -+ AUDIT_DAEMON_CONFIG, -+ "op=reconfigure state=no-change " -+ "auid=-1 pid=-1 subj=? res=failed"); + audit_format_signal_info(hup, +- sizeof(hup), +- "reconfigure state=no-change", +- &cur_event->reply, +- "failed"); ++ sizeof(hup), ++ "reconfigure state=no-change", ++ &cur_event->reply, ++ "failed"); + send_audit_event(AUDIT_DAEMON_CONFIG, +- hup); ++ hup); } cur_event = NULL; hup_info_requested = 0; -@@ -565,9 +578,15 @@ +@@ -571,9 +587,15 @@ static void pipe_handler(struct ev_loop *loop, struct ev_io *io, // Drain the pipe - won't block because libev sets non-blocking mode read(pipefds[0], buf, sizeof(buf)); enqueue_event(reconfig_ev); @@ -56,22 +94,6 @@ diff -Nur audit-3.0.org/src/auditd.c audit-3.0/src/auditd.c void reconfig_ready(void) { const char *msg = "ready\n"; -diff -Nur audit-3.0.org/src/auditd-reconfig.c audit-3.0/src/auditd-reconfig.c ---- audit-3.0.org/src/auditd-reconfig.c 2019-07-30 09:29:49.420000000 +0800 -+++ audit-3.0/src/auditd-reconfig.c 2019-07-30 10:00:05.232000000 +0800 -@@ -35,6 +35,7 @@ - - /* externs we need to know about */ - extern void reconfig_ready(void); -+extern void reconfig_pthread_failed(void); - - /* This is the configuration manager code */ - static pthread_t config_thread; -@@ -125,6 +126,7 @@ - //send_audit_event(AUDIT_DAEMON_CONFIG, txt); - free_config(&new_config); - free(e); -+ reconfig_pthread_failed(); - } - - pthread_mutex_unlock(&config_lock); +-- +1.8.3.1 + diff --git a/bugfix-audit-userspace-missing-syscalls-for-aarm64.patch b/bugfix-audit-userspace-missing-syscalls-for-aarm64.patch index 3d0f31144c269a435db8aa38ccf2de1e0969e404..38f3aff6915dd2be385500f9f151d73171d6397e 100644 --- a/bugfix-audit-userspace-missing-syscalls-for-aarm64.patch +++ b/bugfix-audit-userspace-missing-syscalls-for-aarm64.patch @@ -8,19 +8,17 @@ reason: reconsitution userspace audit missing syscalls for aarm64 Signed-off-by: jinbo --- - lib/aarch64_table.h | 44 +++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 44 insertions(+) + lib/aarch64_table.h | 43 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 43 insertions(+) diff --git a/lib/aarch64_table.h b/lib/aarch64_table.h index c61aa91..ea634c1 100644 --- a/lib/aarch64_table.h +++ b/lib/aarch64_table.h -@@ -295,5 +295,49 @@ _S(287, "pwritev2") - _S(288, "pkey_mprotect") - _S(289, "pkey_alloc") - _S(290, "pkey_free") - _S(291, "statx") - _S(292, "io_pgetevents") +@@ -311,4 +311,47 @@ _S(432, "fsmount") + _S(433, "fspick") + _S(434, "pidfd_open") + _S(435, "clone3") +_S(1024, "open") +_S(1025, "link") +_S(1026, "unlink") @@ -64,7 +62,7 @@ index c61aa91..ea634c1 100644 +_S(1077, "uselib") +_S(1078, "sysctl") +_S(1079, "fork") -+ + -- 1.8.5.6