3 %bcond_without kerberos5 # Kerberos V support via heimdal
4 %bcond_without prelude # prelude audisp plugin
5 %bcond_without golang # Go language bindings
6 %bcond_with gccgo # use GCC go frontend instead of golang implementation
7 %bcond_without python # Python bindings (any)
8 %bcond_without python3 # Python 3 bindings
9 %bcond_without zos_remote # zos-remote audisp plugin (LDAP dep)
11 %ifnarch %{ix86} %{x8664} %{arm} aarch64 mips64 mips64le ppc64 ppc64le s390x
16 %undefine with_python3
18 Summary: User space tools for 2.6 kernel auditing
19 Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do audytu jąder 2.6
25 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
26 # Source0-md5: ec9510312564c3d9483bccf8dbda4779
27 Source2: %{name}d.init
28 Source3: %{name}d.sysconfig
29 Patch0: %{name}-install.patch
30 Patch1: %{name}-m4.patch
31 Patch2: %{name}-nolibs.patch
32 Patch3: %{name}-systemd-notonly.patch
33 Patch4: %{name}-am.patch
34 Patch5: %{name}-no-refusemanualstop.patch
35 Patch6: %{name}-cronjob.patch
36 Patch7: golang-paths.patch
37 URL: http://people.redhat.com/sgrubb/audit/
38 BuildRequires: autoconf >= 2.59
39 BuildRequires: automake >= 1:1.12.6
40 BuildRequires: glibc-headers >= 6:2.3.6
41 %{?with_kerberos5:BuildRequires: heimdal-devel}
42 BuildRequires: libcap-ng-devel
43 %{?with_prelude:BuildRequires: libprelude-devel}
44 BuildRequires: libtool
45 BuildRequires: libwrap-devel
46 BuildRequires: linux-libc-headers >= 7:2.6.30
47 %{?with_zos_remote:BuildRequires: openldap-devel}
49 BuildRequires: python-devel >= 1:2.5
50 BuildRequires: rpm-pythonprov
51 BuildRequires: swig-python
54 BuildRequires: python3-devel
55 BuildRequires: rpm-pythonprov
56 BuildRequires: swig-python
58 BuildRequires: rpmbuild(macros) >= 1.623
59 BuildRequires: sed >= 4.0
61 %{?with_gccgo:BuildRequires: gcc-go >= 5.1}
62 %{!?with_gccgo:BuildRequires: golang >= 1.4}
64 Requires(post,preun): /sbin/chkconfig
65 Requires(post,preun,postun): systemd-units >= 38
66 Requires: %{name}-libs = %{version}-%{release}
68 Requires: systemd-units >= 38
69 Obsoletes: audit-audispd-plugins
70 Obsoletes: audit-systemd
71 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
73 %define _sbindir /sbin
74 # use /lib, because this path is put in /usr/share/.../settings.py
75 %define _libexecdir %{_prefix}/lib
78 The audit package contains the user space utilities for storing and
79 processing the audit records generate by the audit subsystem in the
82 %description -l pl.UTF-8
83 Ten pakiet zawiera narzędzia przestrzeni użytkownika do przechowywania
84 i przetwarzania rekordów audytu generowanych przez podsystem audytu w
88 Summary: Dynamic audit libraries
89 Summary(pl.UTF-8): Biblioteki dynamiczne audit
94 The audit-libs package contains the dynamic libraries needed for
95 applications to use the audit framework.
97 %description libs -l pl.UTF-8
98 Ten pakiet zawiera biblioteki dynamiczne potrzebne dla aplikacji
99 używających środowiska audytu.
102 Summary: Header files for audit libraries
103 Summary(pl.UTF-8): Pliki nagłówkowe bibliotek audit
105 Group: Development/Libraries
106 Requires: %{name}-libs = %{version}-%{release}
107 Requires: linux-libc-headers >= 7:2.6.30
108 Requires: libcap-ng-devel
110 %description libs-devel
111 The audit-libs-devel package contains the header files needed for
112 developing applications that need to use the audit framework library.
114 %description libs-devel -l pl.UTF-8
115 Ten pakiet zawiera pliki nagłówkowe potrzebne do tworzenia aplikacji
116 używających biblioteki środowiska audytu.
119 Summary: Static audit libraries
120 Summary(pl.UTF-8): Statyczne biblioteki audit
122 Group: Development/Libraries
123 Requires: %{name}-libs-devel = %{version}-%{release}
125 %description libs-static
126 The audit-libs-static package contains the static libraries for
127 developing applications that need to use the audit framework.
129 %description libs-static -l pl.UTF-8
130 Ten pakiet zawiera statyczne biblioteki do tworzenia aplikacji
131 używających środowiska audytu.
133 %package plugin-prelude
134 Summary: prelude plugin for audispd
135 Summary(pl.UTF-8): Wtyczka prelude dla audispd
137 Requires: %{name} = %{version}-%{release}
139 %description plugin-prelude
140 audisp-prelude is a plugin for the audit event dispatcher daemon,
141 audispd, that uses libprelude to send IDMEF alerts for possible
142 Intrusion Detection events.
144 %description plugin-prelude -l pl.UTF-8
145 audisp-prelude to wtyczka demona audispd przekazującego zdarzenia
146 audytowe wykorzystująca libprelude do wysyłania alarmów IDMEF o
147 prawdopodobnych zdarzeniach IDS.
149 %package -n golang-audit
150 Summary: Go language interface to libaudit library
151 Summary(pl.UTF-8): Interfejs języka Go do biblioteki libaudit
153 Group: Development/Languages
154 Requires: %{name}-libs = %{version}-%{release}
156 Requires: gcc-go >= 5.1
158 Requires: golang >= 1.4
161 %description -n golang-audit
162 Go language interface to libaudit library.
164 %description -n golang-audit -l pl.UTF-8
165 Interfejs języka Go do biblioteki libaudit.
167 %package -n python-audit
168 Summary: Python 2.x interface to libaudit library
169 Summary(pl.UTF-8): Interfejs Pythona 2.x do biblioteki libaudit
171 Group: Libraries/Python
172 Requires: %{name}-libs = %{version}-%{release}
174 %description -n python-audit
175 Python 2.x interface to libaudit library.
177 %description -n python-audit -l pl.UTF-8
178 Interfejs Pythona 2.x do biblioteki libaudit.
180 %package -n python3-audit
181 Summary: Python 3.x interface to libaudit library
182 Summary(pl.UTF-8): Interfejs Pythona 3.x do biblioteki libaudit
184 Group: Libraries/Python
185 Requires: %{name}-libs = %{version}-%{release}
187 %description -n python3-audit
188 Python 3.x interface to libaudit library.
190 %description -n python3-audit -l pl.UTF-8
191 Interfejs Pythona 3.x do biblioteki libaudit.
204 %if %{without python}
205 sed 's#swig/Makefile ##' -i configure.ac
206 sed 's/swig//' -i Makefile.am
216 %{?with_kerberos5:--enable-gssapi-krb5} \
220 %{?with_prelude:--with-prelude} \
221 %{!?with_zos_remote:--disable-zos-remote}
226 rm -rf $RPM_BUILD_ROOT
227 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/audit/rules.d,%{_var}/log/audit}
230 DESTDIR=$RPM_BUILD_ROOT
232 # default to no audit (and no overhead)
233 cp -p rules/10-no-audit.rules $RPM_BUILD_ROOT%{_sysconfdir}/audit/rules.d
235 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/auditd
236 install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/auditd
238 install -d $RPM_BUILD_ROOT/%{_lib}
239 mv -f $RPM_BUILD_ROOT%{_libdir}/libaudit.so.* $RPM_BUILD_ROOT/%{_lib}
240 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*) \
241 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
242 mv -f $RPM_BUILD_ROOT%{_libdir}/libauparse.so.* $RPM_BUILD_ROOT/%{_lib}
243 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*) \
244 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
246 # RH initscripts-specific
247 %{__rm} -r $RPM_BUILD_ROOT%{_libexecdir}/initscripts
250 %py_comp $RPM_BUILD_ROOT%{py_sitedir}
251 %py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
253 %{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.{la,a}
257 %{__rm} $RPM_BUILD_ROOT%{py3_sitedir}/*.{la,a}
261 rm -rf $RPM_BUILD_ROOT
263 %post libs -p /sbin/ldconfig
264 %postun libs -p /sbin/ldconfig
267 # Copy default rules into place on new installation
268 if [ ! -e %{_sysconfdir}/audit/audit.rules ] ; then
269 cp -a %{_sysconfdir}/audit/rules.d/10-no-audit.rules %{_sysconfdir}/audit/audit.rules
271 /sbin/chkconfig --add auditd
272 %service auditd restart "audit daemon"
273 %systemd_post auditd.service
276 if [ "$1" = "0" ]; then
278 /sbin/chkconfig --del auditd
280 %systemd_preun auditd.service
285 %triggerpostun -- %{name} < 2.2-2
286 %systemd_trigger auditd.service
288 %triggerpostun -- %{name} < 2.3-1
289 if [ -e %{_sysconfdir}/audit/audit.rules.rpmsave ] ; then
290 %{__mv} %{_sysconfdir}/audit/audit.rules{.rpmsave,}
292 %service auditd restart "audit daemon"
293 %systemd_post auditd.service
295 %triggerpostun -- %{name} < 2.5-1
296 if [ -f %{_sysconfdir}/audit/rules.d/audit.rules.rpmsave ]; then
297 %banner %{name} -e <<EOF
298 Since audit 2.5 %{_sysconfdir}/audit/rules.d/audit.rules file (now saved
299 as audit.rules.rpmnew) is replaced by a set of numbered rule files - remember
300 to update your configuration!
305 %defattr(644,root,root,755)
306 %doc AUTHORS ChangeLog README THANKS rules/{README-rules,*.rules} init.d/auditd.cron
307 %attr(750,root,root) %{_bindir}/aulast
308 %attr(750,root,root) %{_bindir}/aulastlog
309 %attr(750,root,root) %{_bindir}/ausyscall
310 %attr(750,root,root) %{_bindir}/auvirt
311 %attr(750,root,root) %{_sbindir}/audispd
312 %attr(750,root,root) %{_sbindir}/auditctl
313 %attr(750,root,root) %{_sbindir}/auditd
314 %attr(750,root,root) %{_sbindir}/augenrules
315 %attr(750,root,root) %{_sbindir}/aureport
316 %attr(750,root,root) %{_sbindir}/ausearch
317 %attr(750,root,root) %{_sbindir}/autrace
318 %attr(755,root,root) %{_sbindir}/audisp-remote
319 %{?with_zos_remote:%attr(755,root,root) %{_sbindir}/audispd-zos-remote}
320 %dir %{_sysconfdir}/audisp
321 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audispd.conf
322 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audisp-remote.conf
323 %{?with_zos_remote:%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/zos-remote.conf}
324 %dir %{_sysconfdir}/audisp/plugins.d
325 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
326 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
327 %{?with_zos_remote:%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf}
328 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/syslog.conf
329 %dir %{_sysconfdir}/audit
330 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audit/audit-stop.rules
331 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audit/auditd.conf
332 %dir %{_sysconfdir}/audit/rules.d
333 %attr(640,root,root) %config(noreplace,missingok) %verify(not md5 mtime size) %{_sysconfdir}/audit/rules.d/10-no-audit.rules
334 %attr(754,root,root) /etc/rc.d/init.d/auditd
335 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/auditd
336 %{systemdunitdir}/auditd.service
337 %attr(750,root,root) %dir %{_var}/log/audit
338 %{_mandir}/man5/audispd.conf.5*
339 %{_mandir}/man5/audisp-remote.conf.5*
340 %{_mandir}/man5/auditd.conf.5*
341 %{_mandir}/man5/ausearch-expression.5*
342 %{?with_zos_remote:%{_mandir}/man5/zos-remote.conf.5*}
343 %{_mandir}/man7/audit.rules.7*
344 %{_mandir}/man8/audisp-remote.8*
345 %{?with_zos_remote:%{_mandir}/man8/audispd-zos-remote.8*}
346 %{_mandir}/man8/audispd.8*
347 %{_mandir}/man8/auditctl.8*
348 %{_mandir}/man8/auditd.8*
349 %{_mandir}/man8/augenrules.8*
350 %{_mandir}/man8/aulast.8*
351 %{_mandir}/man8/aulastlog.8*
352 %{_mandir}/man8/aureport.8*
353 %{_mandir}/man8/ausearch.8*
354 %{_mandir}/man8/ausyscall.8*
355 %{_mandir}/man8/autrace.8*
356 %{_mandir}/man8/auvirt.8*
359 %defattr(644,root,root,755)
360 %attr(755,root,root) /%{_lib}/libaudit.so.*.*.*
361 %attr(755,root,root) %ghost /%{_lib}/libaudit.so.1
362 %attr(755,root,root) /%{_lib}/libauparse.so.*.*.*
363 %attr(755,root,root) %ghost /%{_lib}/libauparse.so.0
364 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/libaudit.conf
365 %{_mandir}/man5/libaudit.conf.5*
368 %defattr(644,root,root,755)
369 %attr(755,root,root) %{_libdir}/libaudit.so
370 %attr(755,root,root) %{_libdir}/libauparse.so
371 %{_libdir}/libaudit.la
372 %{_libdir}/libauparse.la
373 %{_includedir}/auparse*.h
374 %{_includedir}/libaudit.h
375 %{_pkgconfigdir}/audit.pc
376 %{_pkgconfigdir}/auparse.pc
377 %{_aclocaldir}/audit.m4
378 %{_mandir}/man3/audit_*.3*
379 %{_mandir}/man3/auparse_*.3*
380 %{_mandir}/man3/ausearch_*.3*
381 %{_mandir}/man3/get_auditfail_action.3*
382 %{_mandir}/man3/set_aumessage_mode.3*
385 %defattr(644,root,root,755)
386 %{_libdir}/libaudit.a
387 %{_libdir}/libauparse.a
390 %files plugin-prelude
391 %defattr(644,root,root,755)
392 %attr(755,root,root) %{_sbindir}/audisp-prelude
393 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audisp-prelude.conf
394 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
395 %{_mandir}/man5/audisp-prelude.conf.5*
396 %{_mandir}/man8/audisp-prelude.8*
400 %files -n golang-audit
401 %defattr(644,root,root,755)
402 %dir %{_libdir}/golang/src/redhat.com
403 %{_libdir}/golang/src/redhat.com/audit
407 %files -n python-audit
408 %defattr(644,root,root,755)
409 %attr(755,root,root) %{py_sitedir}/_audit.so
410 %attr(755,root,root) %{py_sitedir}/auparse.so
411 %{py_sitedir}/audit.py[co]
415 %files -n python3-audit
416 %defattr(644,root,root,755)
417 %attr(755,root,root) %{py3_sitedir}/_audit.so
418 %attr(755,root,root) %{py3_sitedir}/auparse.so
419 %{py3_sitedir}/audit.py
420 %{py3_sitedir}/__pycache__/audit.cpython-*.py[co]