Revisions of audit
Enzo Matsumiya (ematsumiya)
accepted
request 920360
from
Enzo Matsumiya (ematsumiya)
(revision 130)
Use tarball from source URL.
Enzo Matsumiya (ematsumiya)
accepted
request 920348
from
Enzo Matsumiya (ematsumiya)
(revision 129)
- Fix hardened auditd.service (bsc#1181400)
* add fix-hardened-service.patch
Make /etc/audit read-write from the service.
Remove PrivateDevices=true to expose /dev/* to auditd.service.
- Enable stop rules for audit.service (cf. bsc#1190227)
* add enable-stop-rules.patch
- Change default log_format from ENRICHED to RAW (bsc#1190500):
* add change-default-log_format.patch (SUSE-specific patch)
- Update to version 3.0.5:
* In auditd, flush uid/gid caches when user/group added/deleted/modified
* Fixed various issues when dealing with corrupted logs
* In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
* Apply performance speedups to auparse library
* Optimize rule loading in auditctl
* Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
* Update syscall table to the 5.14 kernel
* Fixed various issues when dealing with corrupted logs
- Update to version 3.0.5:
* In auditd, flush uid/gid caches when user/group added/deleted/modified
* Fixed various issues when dealing with corrupted logs
* In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
* Apply performance speedups to auparse library
* Optimize rule loading in auditctl
* Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
* Update syscall table to the 5.14 kernel
* Fixed various issues when dealing with corrupted logs
Marcus Meissner (msmeissn)
committed
(revision 128)
- harden_auditd.service.patch: automatic hardening applied to systemd services
Marcus Meissner (msmeissn)
accepted
request 911452
from
Johannes Segitz (jsegitz)
(revision 127)
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Marcus Meissner (msmeissn)
accepted
request 909447
from
Enzo Matsumiya (ematsumiya)
(revision 124)
- Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
buildservice-autocommit
accepted
request 900607
from
Enzo Matsumiya (ematsumiya)
(revision 123)
Enzo Matsumiya (ematsumiya)
(revision 123)
baserev update by copy to link target
Enzo Matsumiya (ematsumiya)
accepted
request 900606
from
Enzo Matsumiya (ematsumiya)
(revision 122)
- Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomáš Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Removes audit-fno-common.patch: fixed in upstream - Removes audit-python3.patch: fixed in upstream
Enzo Matsumiya (ematsumiya)
accepted
request 900442
from
Enzo Matsumiya (ematsumiya)
(revision 121)
- Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomáš Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Removes audit-fno-common.patch: fixed in upstream - Removes audit-python3.patch: fixed in upstream
Enzo Matsumiya (ematsumiya)
accepted
request 900437
from
Enzo Matsumiya (ematsumiya)
(revision 120)
Mention libev patch in changelogs
Enzo Matsumiya (ematsumiya)
accepted
request 900434
from
Enzo Matsumiya (ematsumiya)
(revision 119)
- Adjust spec files to support new version
- Include one fix for libev
- Update to version 3.0.2
- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
- Optionally interpret auid in auditctl -l
- Update some syscall argument interpretations
- In auditd, do not allow spaces in the hostname name format
- Big documentation cleanup (MIZUTA Takeshi)
- Update syscall table to the 5.12 kernel
- Update the auparse normalizer for new event types
- Fix compiler warnings in ids subsystem
- Block a couple signals from flush & reconfigure threads
- In auditd, don't wait on flush thread when exiting
- Output error message if the path of input files are too long ausearch/report
Included fixes from 3.0.1
- Update syscall table to the 5.11 kernel
- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
- Only enable periodic timers when listening on the network
- Upgrade libev to 4.33
- Add auparse_new_buffer function to auparse library
- Use the select libev backend unless aggregating events
- Add sudoers to some base audit rules
- Update the auparse normalizer for some new syscalls and event types
Included fixes from 3.0
- Generate checkpoint file even when no results are returned (Burn Alting)
- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
- Convert auparse_test to run with python3 (Tomáš Chvátal)
- Drop support for prelude
- Adjust backlog_wait_time in rules to the kernel default (#1482848)
- Remove ids key syntax checking of rules in auditctl
- Use SIGCONT to dump auditd internal state (#1504251)
- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
- Fix parsing of uid & success for ausearch
- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
- Hide lru symbols in auparse
- Add systemd process protections
- Fix aureport summary time range reporting
- Allow unlimited retries on startup for remote logging
- Add queue_depth to remote logging stats and increase default queue_depth size
- Fix segfault on shutdown
- Merge auditd and audispd code
- Close on execute init_pipe fd (#1587995)
- Breakout audisp syslog plugin to be standalone program
- Create a common internal library to reduce code
- Move all audispd config files under /etc/audit/
- Move audispd.conf settings into auditd.conf
- Add queue depth statistics to internal state dump report
- Add network statistics to internal state dump report
- SIGUSR now also restarts queue processing if its suspended
- Update lookup tables for the 4.18 kernel
- Add auparse_normalizer support for SOFTWARE_UPDATE event
- Add 30-ospp-v42.rules to meet new Common Criteria requirements
- Deprecate enable_krb and replace with transport config opt for remote logging
- Mark netlabel events as simple events so that get processed quicker
- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
- In aureport, fix segfault in file report
- Add auparse_normalizer support for labeled networking events
- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
- In ausearch/auparse, event aging is off by a second
- In ausearch/auparse, correct event ordering to process oldest first
- Migrate auparse python test to python3
- auparse_reset was not clearing everything it should
- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
- In ausearch/report, lightly parse selinux portion of USER_AVC events
- Add bpf syscall command argument interpretation to auparse
- In ausearch/report, limit record size when malformed
- Port af_unix plugin to libev
- In auditd, fix extract_type function for network originating events
- In auditd, calculate right size and location for network originating events
- Make legacy script wait for auditd to terminate (#1643567)
- Treat all network originating events as VER2 so dispatcher doesn't format it
- If an event has a node name make it VER2 so dispatcher doesnt format it
- In audisp-remote do an initial connection attempt (#1625156)
- In auditd, allow expression of space left as a percentage (#1650670)
- On PPC64LE systems, only allow 64 bit rules (#1462178)
- Make some parts of auditd state report optional based on config
- Update to libev-4.25
- Fix ausearch when checkpointing a single file (Burn Alting)
- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
- In ausearch, do not checkpt if stdin is input source
- In libev, remove __cold__ attribute for functions to allow proper hardening
- Add tests to configure.ac for openldap support
- Make systemd support files use /run rather than /var/run (Christian Hesse)
- Fix minor memory leak in auditd kerberos credentials code
- Allow exclude and user filter by executable name (Ondrej Mosnacek)
- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
- In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Add substitue functions for strndupa & rawmemchr
- Fix memleak in auparse caused by corrected event ordering
- Fix legacy reload script to reload audit rules when daemon is reloaded
- Support for unescaping in trusted messages (Dmitry Voronin)
- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
- In aureport, fix segfault for malformed USER_CMD events
- Add exe field to audit_log_user_command in libaudit
- In auditctl support filter on socket address families (Richard Guy Briggs)
- Deprecate support for Alpha & IA64 processors
- If space_left_action is rotate, allow it every time (#1718444)
- In auparse, drop standalone EOE events
- Add milliseconds column for ausearch extra time csv format
- Fix aureport first event reporting when no start given
- In audisp-remote, add new config item for startup connection errors
- Remove dependency on chkconfig
- Install rules to /usr/share/audit/sample-rules/
- Split up ospp rules to make SCAP scanning easier (#1746018)
- In audisp-syslog, support interpreting records (#1497279)
- Audit USER events now sends msg as name value pair
- Add support for AUDIT_BPF event
- Auditd should not process AUDIT_REPLACE events
- Update syscall tables to the 5.5 kernel
- Improve personality interpretation by using PERS_MASK
- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
- Change auparse python bindings to shared object (Issue #121)
- Add error messages for watch permissions
- If audit rules file doesn't exist log error message instead of info message
- Revise error message for unmatched options in auditctl
- In audisp-remote, fixup remote endpoint disappearin in ascii format
- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
- In auditctl, add support for sending a signal to auditd
- Remove audit-fno-common.patch: fixed in upstream
- Remove audit-python3.patch: fixed in upstream
old: security/audit
new: home:ematsumiya:branches:security/audit rev None
Index: audit-no-gss.patch
===================================================================
--- audit-no-gss.patch (revision 118)
+++ audit-no-gss.patch (revision 17)
@@ -11,11 +11,12 @@
--- a/init.d/auditd.conf
+++ b/init.d/auditd.conf
-@@ -30,7 +30,4 @@ tcp_listen_queue = 5
- tcp_max_per_addr = 1
+@@ -30,8 +30,6 @@ tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
--enable_krb5 = no
+ transport = TCP
-krb5_principal = auditd
-##krb5_key_file = /etc/audit/audit.key
distribute_network = no
+ q_depth = 400
+ overflow_action = SYSLOG
Index: audit-plugins-path.patch
===================================================================
--- audit-plugins-path.patch (revision 118)
+++ audit-plugins-path.patch (revision 17)
@@ -5,19 +5,8 @@
Adjust location of plugins built by audit-secondary. These should never have
been in /sbin plus some (for SUSE) require lib dependancies on /usr/lib
---- audit-1.7.2/audisp/plugins/prelude/au-prelude.conf.orig 2008-04-23 11:56:11.946681000 +0200
-+++ audit-1.7.2/audisp/plugins/prelude/au-prelude.conf 2008-04-23 11:56:22.789827000 +0200
-@@ -5,7 +5,7 @@
-
- active = no
- direction = out
--path = /sbin/audisp-prelude
-+path = /usr/sbin/audisp-prelude
- type = always
- #args =
- format = string
---- audit-1.7.2/audisp/plugins/remote/au-remote.conf.orig 2008-04-23 11:56:11.976660000 +0200
-+++ audit-1.7.2/audisp/plugins/remote/au-remote.conf 2008-04-23 11:56:30.958657000 +0200
+--- a/audisp/plugins/remote/au-remote.conf
++++ b/audisp/plugins/remote/au-remote.conf
@@ -5,7 +5,7 @@
active = no
@@ -27,8 +16,8 @@
type = always
#args =
format = string
---- audit-1.7.2/audisp/plugins/zos-remote/audispd-zos-remote.conf.orig 2008-04-23 11:56:11.993637000 +0200
-+++ audit-1.7.2/audisp/plugins/zos-remote/audispd-zos-remote.conf 2008-04-23 11:56:40.533070000 +0200
+--- a/audisp/plugins/zos-remote/audispd-zos-remote.conf
++++ b/audisp/plugins/zos-remote/audispd-zos-remote.conf
@@ -8,7 +8,7 @@
active = no
@@ -36,5 +25,5 @@
-path = /sbin/audispd-zos-remote
+path = /usr/sbin/audispd-zos-remote
type = always
- args = /etc/audisp/zos-remote.conf
+ args = /etc/audit/zos-remote.conf
format = string
Index: audit-secondary.changes
===================================================================
--- audit-secondary.changes (revision 118)
+++ audit-secondary.changes (revision 17)
@@ -1,4 +1,129 @@
-------------------------------------------------------------------
+Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Update to version 3.0.2
+- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
+- Optionally interpret auid in auditctl -l
+- Update some syscall argument interpretations
+- In auditd, do not allow spaces in the hostname name format
+- Big documentation cleanup (MIZUTA Takeshi)
+- Update syscall table to the 5.12 kernel
+- Update the auparse normalizer for new event types
+- Fix compiler warnings in ids subsystem
+- Block a couple signals from flush & reconfigure threads
+- In auditd, don't wait on flush thread when exiting
+- Output error message if the path of input files are too long ausearch/report
+
+Included fixes from 3.0.1
+- Update syscall table to the 5.11 kernel
+- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
+- Only enable periodic timers when listening on the network
+- Upgrade libev to 4.33
+- Add auparse_new_buffer function to auparse library
+- Use the select libev backend unless aggregating events
+- Add sudoers to some base audit rules
+- Update the auparse normalizer for some new syscalls and event types
+
+Included fixes from 3.0
+- Generate checkpoint file even when no results are returned (Burn Alting)
+- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
+- Convert auparse_test to run with python3 (Tomáš Chvátal)
+- Drop support for prelude
+- Adjust backlog_wait_time in rules to the kernel default (#1482848)
+- Remove ids key syntax checking of rules in auditctl
+- Use SIGCONT to dump auditd internal state (#1504251)
+- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
+- Fix parsing of uid & success for ausearch
+- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
+- Hide lru symbols in auparse
+- Add systemd process protections
+- Fix aureport summary time range reporting
+- Allow unlimited retries on startup for remote logging
+- Add queue_depth to remote logging stats and increase default queue_depth size
+- Fix segfault on shutdown
+- Merge auditd and audispd code
+- Close on execute init_pipe fd (#1587995)
+- Breakout audisp syslog plugin to be standalone program
+- Create a common internal library to reduce code
+- Move all audispd config files under /etc/audit/
+- Move audispd.conf settings into auditd.conf
+- Add queue depth statistics to internal state dump report
+- Add network statistics to internal state dump report
+- SIGUSR now also restarts queue processing if its suspended
+- Update lookup tables for the 4.18 kernel
+- Add auparse_normalizer support for SOFTWARE_UPDATE event
+- Add 30-ospp-v42.rules to meet new Common Criteria requirements
+- Deprecate enable_krb and replace with transport config opt for remote logging
+- Mark netlabel events as simple events so that get processed quicker
+- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
+- In aureport, fix segfault in file report
+- Add auparse_normalizer support for labeled networking events
+- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
+- In ausearch/auparse, event aging is off by a second
+- In ausearch/auparse, correct event ordering to process oldest first
+- Migrate auparse python test to python3
+- auparse_reset was not clearing everything it should
+- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
+- In ausearch/report, lightly parse selinux portion of USER_AVC events
+- Add bpf syscall command argument interpretation to auparse
+- In ausearch/report, limit record size when malformed
+- Port af_unix plugin to libev
+- In auditd, fix extract_type function for network originating events
+- In auditd, calculate right size and location for network originating events
+- Make legacy script wait for auditd to terminate (#1643567)
+- Treat all network originating events as VER2 so dispatcher doesn't format it
+- If an event has a node name make it VER2 so dispatcher doesnt format it
+- In audisp-remote do an initial connection attempt (#1625156)
+- In auditd, allow expression of space left as a percentage (#1650670)
+- On PPC64LE systems, only allow 64 bit rules (#1462178)
+- Make some parts of auditd state report optional based on config
+- Update to libev-4.25
+- Fix ausearch when checkpointing a single file (Burn Alting)
+- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
+- In ausearch, do not checkpt if stdin is input source
+- In libev, remove __cold__ attribute for functions to allow proper hardening
+- Add tests to configure.ac for openldap support
+- Make systemd support files use /run rather than /var/run (Christian Hesse)
+- Fix minor memory leak in auditd kerberos credentials code
+- Allow exclude and user filter by executable name (Ondrej Mosnacek)
+- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
+- In ausearch/report fix --end to use midnight time instead of now (#1671338)
+- Add substitue functions for strndupa & rawmemchr
+- Fix memleak in auparse caused by corrected event ordering
+- Fix legacy reload script to reload audit rules when daemon is reloaded
+- Support for unescaping in trusted messages (Dmitry Voronin)
+- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
+- In aureport, fix segfault for malformed USER_CMD events
+- Add exe field to audit_log_user_command in libaudit
+- In auditctl support filter on socket address families (Richard Guy Briggs)
+- Deprecate support for Alpha & IA64 processors
+- If space_left_action is rotate, allow it every time (#1718444)
+- In auparse, drop standalone EOE events
+- Add milliseconds column for ausearch extra time csv format
+- Fix aureport first event reporting when no start given
+- In audisp-remote, add new config item for startup connection errors
+- Remove dependency on chkconfig
+- Install rules to /usr/share/audit/sample-rules/
+- Split up ospp rules to make SCAP scanning easier (#1746018)
+- In audisp-syslog, support interpreting records (#1497279)
+- Audit USER events now sends msg as name value pair
+- Add support for AUDIT_BPF event
+- Auditd should not process AUDIT_REPLACE events
+- Update syscall tables to the 5.5 kernel
+- Improve personality interpretation by using PERS_MASK
+- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
+- Change auparse python bindings to shared object (Issue #121)
+- Add error messages for watch permissions
+- If audit rules file doesn't exist log error message instead of info message
+- Revise error message for unmatched options in auditctl
+- In audisp-remote, fixup remote endpoint disappearin in ascii format
+- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
+- In auditctl, add support for sending a signal to auditd
+
+- Removes audit-fno-common.patch: fixed in upstream
+- Removes audit-python3.patch: fixed in upstream
+
+-------------------------------------------------------------------
Mon Feb 1 18:13:18 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Do not explicitly provide group(audit) in system-users-audit:
@@ -24,7 +149,7 @@
-------------------------------------------------------------------
Mon Jan 13 17:39:03 UTC 2020 - Tony Jones <tonyj@suse.com>
-- Update to version 2.6.5:
+- Update to version 2.8.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
Index: audit-secondary.spec
===================================================================
--- audit-secondary.spec (revision 118)
+++ audit-secondary.spec (revision 17)
@@ -22,7 +22,7 @@
# The seperation is required to minimize unnecessary build cycles.
%define _name audit
Name: audit-secondary
-Version: 2.8.5
+Version: 3.0.2
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later
@@ -34,9 +34,8 @@
Patch2: audit-no-gss.patch
Patch3: audit-allow-manual-stop.patch
Patch4: audit-ausearch-do-not-require-tclass.patch
-Patch5: audit-python3.patch
-Patch6: audit-fno-common.patch
-Patch7: change-default-log_group.patch
+Patch5: change-default-log_group.patch
+Patch6: libev-werror.patch
BuildRequires: audit-devel = %{version}
BuildRequires: autoconf >= 2.12
BuildRequires: gcc-c++
@@ -55,6 +54,7 @@
BuildRequires: sysuser-tools
BuildRequires: tcpd-devel
BuildRequires: pkgconfig(libcap-ng)
+Provides: bundled(libev) = 4.33
%description
The audit package contains the user space utilities for storing and
@@ -127,14 +127,13 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
-%patch7 -p1
%if %{without python2} && %{with python3}
# Fix python env call in tests if we only have Python3.
# If both versions are present, python2 bindings are preferred by the tests and
# unconditionally using /usr/bin/python3 breaks the tests
# Probably the correct solution is to run the tests twice if both are present.
-sed -i -e 's:#!/usr/bin/env python:#!/usr/bin/python3:g' auparse/test/auparse_test.py
+perl -i -lpe 's{#!/usr/bin/env python\S+}{#!/usr/bin/python3}' auparse/test/auparse_test.py
%endif
%build
@@ -144,15 +143,18 @@
export LDFLAGS="-Wl,-z,relro,-z,now"
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
%configure \
+%ifarch aarch64
+ --with-aarch64 \
+%endif
--enable-systemd \
--libexecdir=%{_libexecdir}/%{_name} \
--with-apparmor \
--with-libwrap \
--with-libcap-ng=yes \
-%ifarch aarch64
- --with-aarch64 \
-%endif
- --disable-static
+ --disable-static \
+ %{?_with_python3} \
+ %{?_without_python}
+
make %{?_smp_mflags}
%sysusers_generate_pre %{SOURCE1} audit
@@ -197,7 +199,7 @@
#USR-MERGE
%if !0%{?usrmerged}
mkdir %{buildroot}/sbin/
-for prog in auditctl auditd ausearch autrace audispd aureport augenrules; do
+for prog in auditctl auditd ausearch autrace aureport augenrules; do
ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog
done
%endif
@@ -235,8 +237,7 @@
%files -n audit
%license COPYING
-%doc README ChangeLog rules/[0-9]* rules/README-rules init.d/auditd.cron
-%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
+%doc README ChangeLog rules init.d/auditd.cron
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
@@ -247,7 +248,6 @@
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
-%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
@@ -256,7 +256,6 @@
/sbin/auditd
/sbin/ausearch
/sbin/autrace
-/sbin/audispd
/sbin/augenrules
/sbin/aureport
%endif
@@ -265,29 +264,28 @@
%attr(755,root,root) %{_sbindir}/ausearch
%attr(750,root,root) %{_sbindir}/autrace
%attr(750,root,root) %{_sbindir}/augenrules
-%attr(750,root,root) %{_sbindir}/audispd
+%attr(750,root,root) %{_sbindir}/audisp-syslog
%attr(755,root,root) %{_bindir}/aulast
%attr(755,root,root) %{_bindir}/aulastlog
%attr(755,root,root) %{_bindir}/ausyscall
%attr(755,root,root) %{_sbindir}/aureport
%attr(755,root,root) %{_bindir}/auvirt
%dir %attr(750,root,root) %{_sysconfdir}/audit
-%attr(750,root,root) %dir %{_sysconfdir}/audisp
-%attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
+%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/syslog.conf
%ghost %{_sysconfdir}/auditd.conf
%ghost %{_sysconfdir}/audit.rules
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf
%dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
%dir %attr(750,root,audit) %{_localstatedir}/log/audit
%ghost %config(noreplace) %attr(640,root,audit) %{_localstatedir}/log/audit/audit.log
%dir %attr(700,root,root) %{_localstatedir}/spool/audit
%{_unitdir}/auditd.service
%{_sbindir}/rcauditd
+%{_datadir}/audit/
%files -n system-group-audit
%{_sysusersdir}/system-group-audit.conf
@@ -301,23 +299,24 @@
%if %{with python3}
%files -n python3-audit
-%attr(755,root,root) %{python3_sitearch}/_audit.so
-%attr(755,root,root) %{python3_sitearch}/auparse.so
-%{python3_sitearch}/audit.py*
+%defattr(-,root,root,-)
+%attr(755,root,root) %{python3_sitearch}/*
%endif
%files -n audit-audispd-plugins
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
+%attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
-%attr(750,root,root) %dir %{_sysconfdir}/audisp
-%attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
+%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
+%attr(750,root,root) %dir %{_sysconfdir}/audit
+%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/audispd-zos-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/zos-remote.conf
%attr(750,root,root) %{_sbindir}/audisp-remote
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audisp-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/au-remote.conf
%changelog
Index: audit.changes
===================================================================
--- audit.changes (revision 118)
+++ audit.changes (revision 17)
@@ -1,4 +1,129 @@
-------------------------------------------------------------------
+Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Update to version 3.0.2
+- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
+- Optionally interpret auid in auditctl -l
+- Update some syscall argument interpretations
+- In auditd, do not allow spaces in the hostname name format
+- Big documentation cleanup (MIZUTA Takeshi)
+- Update syscall table to the 5.12 kernel
+- Update the auparse normalizer for new event types
+- Fix compiler warnings in ids subsystem
+- Block a couple signals from flush & reconfigure threads
+- In auditd, don't wait on flush thread when exiting
+- Output error message if the path of input files are too long ausearch/report
+
+Included fixes from 3.0.1
+- Update syscall table to the 5.11 kernel
+- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
+- Only enable periodic timers when listening on the network
+- Upgrade libev to 4.33
+- Add auparse_new_buffer function to auparse library
+- Use the select libev backend unless aggregating events
+- Add sudoers to some base audit rules
+- Update the auparse normalizer for some new syscalls and event types
+
+Included fixes from 3.0
+- Generate checkpoint file even when no results are returned (Burn Alting)
+- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
+- Convert auparse_test to run with python3 (Tomáš Chvátal)
+- Drop support for prelude
+- Adjust backlog_wait_time in rules to the kernel default (#1482848)
+- Remove ids key syntax checking of rules in auditctl
+- Use SIGCONT to dump auditd internal state (#1504251)
+- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
+- Fix parsing of uid & success for ausearch
+- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
+- Hide lru symbols in auparse
+- Add systemd process protections
+- Fix aureport summary time range reporting
+- Allow unlimited retries on startup for remote logging
+- Add queue_depth to remote logging stats and increase default queue_depth size
+- Fix segfault on shutdown
+- Merge auditd and audispd code
+- Close on execute init_pipe fd (#1587995)
+- Breakout audisp syslog plugin to be standalone program
+- Create a common internal library to reduce code
+- Move all audispd config files under /etc/audit/
+- Move audispd.conf settings into auditd.conf
+- Add queue depth statistics to internal state dump report
+- Add network statistics to internal state dump report
+- SIGUSR now also restarts queue processing if its suspended
+- Update lookup tables for the 4.18 kernel
+- Add auparse_normalizer support for SOFTWARE_UPDATE event
+- Add 30-ospp-v42.rules to meet new Common Criteria requirements
+- Deprecate enable_krb and replace with transport config opt for remote logging
+- Mark netlabel events as simple events so that get processed quicker
+- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
+- In aureport, fix segfault in file report
+- Add auparse_normalizer support for labeled networking events
+- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
+- In ausearch/auparse, event aging is off by a second
+- In ausearch/auparse, correct event ordering to process oldest first
+- Migrate auparse python test to python3
+- auparse_reset was not clearing everything it should
+- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
+- In ausearch/report, lightly parse selinux portion of USER_AVC events
+- Add bpf syscall command argument interpretation to auparse
+- In ausearch/report, limit record size when malformed
+- Port af_unix plugin to libev
+- In auditd, fix extract_type function for network originating events
+- In auditd, calculate right size and location for network originating events
+- Make legacy script wait for auditd to terminate (#1643567)
+- Treat all network originating events as VER2 so dispatcher doesn't format it
+- If an event has a node name make it VER2 so dispatcher doesnt format it
+- In audisp-remote do an initial connection attempt (#1625156)
+- In auditd, allow expression of space left as a percentage (#1650670)
+- On PPC64LE systems, only allow 64 bit rules (#1462178)
+- Make some parts of auditd state report optional based on config
+- Update to libev-4.25
+- Fix ausearch when checkpointing a single file (Burn Alting)
+- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
+- In ausearch, do not checkpt if stdin is input source
+- In libev, remove __cold__ attribute for functions to allow proper hardening
+- Add tests to configure.ac for openldap support
+- Make systemd support files use /run rather than /var/run (Christian Hesse)
+- Fix minor memory leak in auditd kerberos credentials code
+- Allow exclude and user filter by executable name (Ondrej Mosnacek)
+- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
+- In ausearch/report fix --end to use midnight time instead of now (#1671338)
+- Add substitue functions for strndupa & rawmemchr
+- Fix memleak in auparse caused by corrected event ordering
+- Fix legacy reload script to reload audit rules when daemon is reloaded
+- Support for unescaping in trusted messages (Dmitry Voronin)
+- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
+- In aureport, fix segfault for malformed USER_CMD events
+- Add exe field to audit_log_user_command in libaudit
+- In auditctl support filter on socket address families (Richard Guy Briggs)
+- Deprecate support for Alpha & IA64 processors
+- If space_left_action is rotate, allow it every time (#1718444)
+- In auparse, drop standalone EOE events
+- Add milliseconds column for ausearch extra time csv format
+- Fix aureport first event reporting when no start given
+- In audisp-remote, add new config item for startup connection errors
+- Remove dependency on chkconfig
+- Install rules to /usr/share/audit/sample-rules/
+- Split up ospp rules to make SCAP scanning easier (#1746018)
+- In audisp-syslog, support interpreting records (#1497279)
+- Audit USER events now sends msg as name value pair
+- Add support for AUDIT_BPF event
+- Auditd should not process AUDIT_REPLACE events
+- Update syscall tables to the 5.5 kernel
+- Improve personality interpretation by using PERS_MASK
+- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
+- Change auparse python bindings to shared object (Issue #121)
+- Add error messages for watch permissions
+- If audit rules file doesn't exist log error message instead of info message
+- Revise error message for unmatched options in auditctl
+- In audisp-remote, fixup remote endpoint disappearin in ascii format
+- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
+- In auditctl, add support for sending a signal to auditd
+
+- Remove audit-fno-common.patch: fixed in upstream
+- Remove audit-python3.patch: fixed in upstream
+
+-------------------------------------------------------------------
Wed Dec 2 11:49:28 UTC 2020 - Alexander Bergmann <abergmann@suse.com>
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
@@ -12,7 +137,7 @@
-------------------------------------------------------------------
Mon Jan 13 17:39:03 UTC 2020 - Tony Jones <tonyj@suse.com>
-- Update to version 2.6.5:
+- Update to version 2.8.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
Index: audit.spec
===================================================================
--- audit.spec (revision 118)
+++ audit.spec (revision 17)
@@ -17,7 +17,7 @@
Name: audit
-Version: 2.8.5
+Version: 3.0.2
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later
@@ -35,6 +35,7 @@
BuildRequires: tcpd-devel
Requires: libaudit1 = %{version}
Requires: libauparse0 = %{version}
+Provides: bundled(libev) = 4.33
%description
The audit package contains the user space utilities for storing and
@@ -79,27 +80,30 @@
%build
autoreconf -fi
+cp INSTALL.tmp INSTALl
export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS"
export LDFLAGS="-Wl,-z,relro,-z,now"
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
%configure \
+%ifarch aarch64
+ --with-aarch64 \
+%endif
--enable-systemd \
--libexecdir=%{_libexecdir}/%{name} \
--with-apparmor \
- --with-libwrap \
- --without-libcap-ng \
+ --with-libcap-ng=no \
--disable-static \
- --without-python \
-%ifarch aarch64
- --with-aarch64 \
-%endif
+ --with-python=no \
--disable-zos-remote
+
+make %{?_smp_mflags} -C common
make %{?_smp_mflags} -C lib
make %{?_smp_mflags} -C auparse
make %{?_smp_mflags} -C docs
%install
+%make_install -C common
%make_install -C lib
%make_install -C auparse
%make_install -C docs
@@ -134,7 +138,7 @@
%{_libdir}/libauparse.so.*
%files -n audit-devel
-%doc contrib/skeleton.c contrib/plugin
+%doc contrib/plugin
%{_libdir}/libaudit.so
%{_libdir}/libauparse.so
%{_includedir}/libaudit.h
Index: change-default-log_group.patch
===================================================================
--- change-default-log_group.patch (revision 118)
+++ change-default-log_group.patch (revision 17)
@@ -16,6 +16,6 @@
log_file = /var/log/audit/audit.log
-log_group = root
+log_group = audit
- log_format = RAW
+ log_format = ENRICHED
flush = INCREMENTAL_ASYNC
freq = 50
Index: audit-3.0.2.tar.gz
===================================================================
Binary file audit-3.0.2.tar.gz (revision 17) added
Index: libev-werror.patch
===================================================================
--- libev-werror.patch (added)
+++ libev-werror.patch (revision 17)
@@ -0,0 +1,26 @@
+From: Jan Engelhardt <jengelh@inai.de>
+Date: 2021-06-02 16:18:03.256597842 +0200
+
+Cherry-pick http://cvs.schmorp.de/libev/ev_iouring.c?view=log&r1=1.25
+to fix some terrible code.
+
+[ 50s] ev_iouring.c: In function 'iouring_sqe_submit':
+[ 50s] ev_iouring.c:300:1: error: no return statement in function returning non-void [-Werror=return-type]
+
+---
+ src/libev/ev_iouring.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: audit-3.0.1/src/libev/ev_iouring.c
+===================================================================
+--- audit-3.0.1.orig/src/libev/ev_iouring.c
++++ audit-3.0.1/src/libev/ev_iouring.c
+@@ -287,7 +287,7 @@ iouring_sqe_get (EV_P)
+ }
+
+ inline_size
+-struct io_uring_sqe *
++void
+ iouring_sqe_submit (EV_P_ struct io_uring_sqe *sqe)
+ {
+ unsigned idx = sqe - EV_SQES;
Index: audit-2.8.5.tar.gz
===================================================================
Binary file audit-2.8.5.tar.gz (revision 118) deleted
Index: audit-fno-common.patch
===================================================================
--- audit-fno-common.patch (revision 118)
+++ audit-fno-common.patch (deleted)
@@ -1,24 +0,0 @@
-From: Tony Jones <tonyj@suse.de>
-Subject: Resolve errors when compiling with -fno-common
-Git-commmit: 017e6c6ab95df55f34e339d2139def83e5dada1f
-References: bsc#1160384
-Upsteam: pending
-
-Header definitios need to be external when building with -fno-common (which
-is default in GCC 10).
-
-Fixes: ff25054df7ed
-Signed-off-by: Tony Jones <tonyj@suse.de>
-
---- a/src/ausearch-common.h
-+++ b/src/ausearch-common.h
-@@ -50,7 +50,7 @@ extern pid_t event_pid;
- extern int event_exact_match;
- extern uid_t event_uid, event_euid, event_loginuid;
- extern const char *event_tuid, *event_teuid, *event_tauid;
--slist *event_node_list;
-+extern slist *event_node_list;
- extern const char *event_comm;
- extern const char *event_filename;
- extern const char *event_hostname;
-
Index: audit-python3.patch
===================================================================
--- audit-python3.patch (revision 118)
+++ audit-python3.patch (deleted)
@@ -1,292 +0,0 @@
-From: Tomas Chvatal <tchvatal@suse.com>
-Date: Wed Feb 7 09:26:35 UTC 2018
-Subject: Convert tests to run under python3
-References: https://github.com/linux-audit/audit-userspace/pull/39
-Patch-mainline: no; pending with maintainer
-
-Adjust auparse_test to run with python3 and python2
-
-Index: audit-2.8.1/auparse/test/auparse_test.py
-===================================================================
---- audit-2.8.1.orig/auparse/test/auparse_test.py
-+++ audit-2.8.1/auparse/test/auparse_test.py
-@@ -1,5 +1,7 @@
- #!/usr/bin/env python
-
-+from __future__ import print_function
-+
- import os
- srcdir = os.getenv('srcdir')
-
-@@ -30,29 +32,29 @@ def walk_test(au):
- au.reset()
- while True:
- if not au.first_record():
-- print "Error getting first record"
-+ print("Error getting first record")
- sys.exit(1)
-
-- print "event %d has %d records" % (event_cnt, au.get_num_records())
-+ print("event %d has %d records" % (event_cnt, au.get_num_records()))
-
- record_cnt = 1
- while True:
-- print " record %d of type %d(%s) has %d fields" % \
-+ print(" record %d of type %d(%s) has %d fields" % \
- (record_cnt,
- au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
-- au.get_num_fields())
-- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
-+ au.get_num_fields()))
-+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
- event = au.get_timestamp()
- if event is None:
-- print "Error getting timestamp - aborting"
-+ print("Error getting timestamp - aborting")
- sys.exit(1)
-
-- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
-+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
- au.first_field()
- while True:
-- print " %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
-+ print(" %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
- if not au.next_field(): break
-- print
-+ print("")
- record_cnt += 1
- if not au.next_record(): break
- event_cnt += 1
-@@ -62,25 +64,25 @@ def walk_test(au):
- def light_test(au):
- while True:
- if not au.first_record():
-- print "Error getting first record"
-+ print("Error getting first record")
- sys.exit(1)
-
-- print "event has %d records" % (au.get_num_records())
-+ print("event has %d records" % (au.get_num_records()))
-
- record_cnt = 1
- while True:
-- print " record %d of type %d(%s) has %d fields" % \
-+ print(" record %d of type %d(%s) has %d fields" % \
- (record_cnt,
- au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
-- au.get_num_fields())
-- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
-+ au.get_num_fields()))
-+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
- event = au.get_timestamp()
- if event is None:
-- print "Error getting timestamp - aborting"
-+ print("Error getting timestamp - aborting")
- sys.exit(1)
-
-- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
-- print
-+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
-+ print("")
- record_cnt += 1
- if not au.next_record(): break
- if not au.parse_next_event(): break
-@@ -97,9 +99,9 @@ def simple_search(au, source, where):
- au.search_add_item("auid", "=", val, auparse.AUSEARCH_RULE_CLEAR)
- au.search_set_stop(where)
- if not au.search_next_event():
-- print "Error searching for auid"
-+ print("Error searching for auid")
- else:
-- print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
-+ print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
-
- def compound_search(au, how):
- au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
-@@ -115,119 +117,119 @@ def compound_search(au, how):
-
- au.search_set_stop(auparse.AUSEARCH_STOP_FIELD)
- if not au.search_next_event():
-- print "Error searching for auid"
-+ print("Error searching for auid")
- else:
-- print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
-+ print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
-
- def feed_callback(au, cb_event_type, event_cnt):
- if cb_event_type == auparse.AUPARSE_CB_EVENT_READY:
- if not au.first_record():
-- print "Error getting first record"
-+ print("Error getting first record")
- sys.exit(1)
-
-- print "event %d has %d records" % (event_cnt[0], au.get_num_records())
-+ print("event %d has %d records" % (event_cnt[0], au.get_num_records()))
-
- record_cnt = 1
- while True:
-- print " record %d of type %d(%s) has %d fields" % \
-+ print(" record %d of type %d(%s) has %d fields" % \
- (record_cnt,
- au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
-- au.get_num_fields())
-- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
-+ au.get_num_fields()))
-+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
- event = au.get_timestamp()
- if event is None:
-- print "Error getting timestamp - aborting"
-+ print("Error getting timestamp - aborting")
- sys.exit(1)
-
-- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
-+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
- au.first_field()
- while True:
-- print " %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
-+ print(" %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
- if not au.next_field(): break
-- print
-+ print("")
- record_cnt += 1
- if not au.next_record(): break
- event_cnt[0] += 1
-
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
-
--print "Starting Test 1, iterate..."
-+print("Starting Test 1, iterate...")
- while au.parse_next_event():
- if au.find_field("auid"):
-- print "%s=%s" % (au.get_field_name(), au.get_field_str())
-- print "interp auid=%s" % (au.interpret_field())
-+ print("%s=%s" % (au.get_field_name(), au.get_field_str()))
-+ print("interp auid=%s" % (au.interpret_field()))
- else:
-- print "Error iterating to auid"
--print "Test 1 Done\n"
-+ print("Error iterating to auid")
-+print("Test 1 Done\n")
-
- # Reset, now lets go to beginning and walk the list manually */
--print "Starting Test 2, walk events, records, and fields..."
-+print("Starting Test 2, walk events, records, and fields...")
- au.reset()
- walk_test(au)
--print "Test 2 Done\n"
-+print("Test 2 Done\n")
-
- # Reset, now lets go to beginning and walk the list manually */
--print "Starting Test 3, walk events, records of 1 buffer..."
-+print("Starting Test 3, walk events, records of 1 buffer...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER, buf[1])
- au.reset()
- light_test(au);
--print "Test 3 Done\n"
-+print("Test 3 Done\n")
-
--print "Starting Test 4, walk events, records of 1 file..."
-+print("Starting Test 4, walk events, records of 1 file...")
- au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
- walk_test(au);
--print "Test 4 Done\n"
-+print("Test 4 Done\n")
-
--print "Starting Test 5, walk events, records of 2 files..."
-+print("Starting Test 5, walk events, records of 2 files...")
- au = auparse.AuParser(auparse.AUSOURCE_FILE_ARRAY, files);
- walk_test(au);
--print "Test 5 Done\n"
-+print("Test 5 Done\n")
-
--print "Starting Test 6, search..."
-+print("Starting Test 6, search...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
- au.search_add_item("auid", "=", "500", auparse.AUSEARCH_RULE_CLEAR)
- au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
- if au.search_next_event():
-- print "Error search found something it shouldn't have"
-+ print("Error search found something it shouldn't have")
- else:
-- print "auid = 500 not found...which is correct"
-+ print("auid = 500 not found...which is correct")
- au.search_clear()
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
- #au.search_add_item("auid", "exists", None, auparse.AUSEARCH_RULE_CLEAR)
- au.search_add_item("auid", "exists", "", auparse.AUSEARCH_RULE_CLEAR)
- au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
- if not au.search_next_event():
-- print "Error searching for existence of auid"
--print "auid exists...which is correct"
--print "Testing BUFFER_ARRAY, stop on field"
-+ print("Error searching for existence of auid")
-+print("auid exists...which is correct")
-+print("Testing BUFFER_ARRAY, stop on field")
- simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_FIELD)
--print "Testing BUFFER_ARRAY, stop on record"
-+print("Testing BUFFER_ARRAY, stop on record")
- simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_RECORD)
--print "Testing BUFFER_ARRAY, stop on event"
-+print("Testing BUFFER_ARRAY, stop on event")
- simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_EVENT)
--print "Testing test.log, stop on field"
-+print("Testing test.log, stop on field")
- simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_FIELD)
--print "Testing test.log, stop on record"
-+print("Testing test.log, stop on record")
- simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_RECORD)
--print "Testing test.log, stop on event"
-+print("Testing test.log, stop on event")
- simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_EVENT)
--print "Test 6 Done\n"
-+print("Test 6 Done\n")
-
--print "Starting Test 7, compound search..."
-+print("Starting Test 7, compound search...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
- compound_search(au, auparse.AUSEARCH_RULE_AND)
- compound_search(au, auparse.AUSEARCH_RULE_OR)
--print "Test 7 Done\n"
-+print("Test 7 Done\n")
-
--print "Starting Test 8, regex search..."
-+print("Starting Test 8, regex search...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
--print "Doing regex match...\n"
-+print("Doing regex match...\n")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
--print "Test 8 Done\n"
-+print("Test 8 Done\n")
-
- # Note: this should match Test 2 exactly
- # Note: this should match Test 2 exactly
--print "Starting Test 9, buffer feed..."
-+print("Starting Test 9, buffer feed...")
- au = auparse.AuParser(auparse.AUSOURCE_FEED);
- event_cnt = 1
- au.add_callback(feed_callback, [event_cnt])
-@@ -241,10 +243,10 @@ for s in buf:
- beg += chunk_len
- au.feed(data)
- au.flush_feed()
--print "Test 9 Done\n"
-+print("Test 9 Done\n")
-
- # Note: this should match Test 4 exactly
--print "Starting Test 10, file feed..."
-+print("Starting Test 10, file feed...")
- au = auparse.AuParser(auparse.AUSOURCE_FEED);
- event_cnt = 1
- au.add_callback(feed_callback, [event_cnt])
-@@ -254,9 +256,9 @@ while True:
- if not data: break
- au.feed(data)
- au.flush_feed()
--print "Test 10 Done\n"
-+print("Test 10 Done\n")
-
--print "Finished non-admin tests\n"
-+print("Finished non-admin tests\n")
-
- au = None
- sys.exit(0)
buildservice-autocommit
accepted
request 868681
from
Marcus Meissner (msmeissn)
(revision 118)
Marcus Meissner (msmeissn)
(revision 118)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 868443
from
Dominique Leuenberger (dimstar)
(revision 117)
- Do not explicitly provide group(audit) in system-users-audit: this is automatically handled by rpm/providers. - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
Marcus Meissner (msmeissn)
accepted
request 867563
from
Enzo Matsumiya (ematsumiya)
(revision 116)
- Create new "audit" group for read access to logs (bsc#1178154) * add change-default-log_group.patch * update audit-secondary.spec
buildservice-autocommit
accepted
request 854217
from
Marcus Meissner (msmeissn)
(revision 115)
Marcus Meissner (msmeissn)
(revision 115)
baserev update by copy to link target
Marcus Meissner (msmeissn)
committed
(revision 114)
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
buildservice-autocommit
accepted
request 851328
from
Enzo Matsumiya (ematsumiya)
(revision 113)
Enzo Matsumiya (ematsumiya)
(revision 113)
baserev update by copy to link target
Enzo Matsumiya (ematsumiya)
accepted
request 849560
from
Ludwig Nussel (lnussel)
(revision 112)
- prepare usrmerge (boo#1029961)
buildservice-autocommit
accepted
request 810662
from
Enzo Matsumiya (ematsumiya)
(revision 111)
Enzo Matsumiya (ematsumiya)
(revision 111)
baserev update by copy to link target
Displaying revisions 21 - 40 of 150
