1 # TODO: - revise our auditd.service vs upstream version
2 # - add triggers for existing rules
3 # look at https://www.redhat.com/archives/linux-audit/2013-May/msg00000.html
5 # warning: Installed (but unpackaged) file(s) found:
6 # /usr/lib/initscripts/legacy-actions/auditd/resume
7 # /usr/lib/initscripts/legacy-actions/auditd/rotate
10 %bcond_without kerberos5 # do not build with heimdal
11 %bcond_without pie # auditd as PIE binary
12 %bcond_without prelude # prelude audisp plugin
13 %bcond_without python # don't build python bindings
14 %bcond_without zos_remote # do not build zos-remote audisp plugin (LDAP dep)
16 Summary: User space tools for 2.6 kernel auditing
17 Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do audytu jąder 2.6
23 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
24 # Source0-md5: 82c2c4b1052d7c1e948deafa0d5077fe
25 Source2: %{name}d.init
26 Source3: %{name}d.sysconfig
27 Source4: %{name}d.service
28 Patch0: %{name}-install.patch
29 Patch1: %{name}-m4.patch
30 Patch2: %{name}-nolibs.patch
31 Patch3: %{name}-no_zos_remote.patch
32 Patch4: %{name}-systemd-notonly.patch
33 Patch5: %{name}-am.patch
34 URL: http://people.redhat.com/sgrubb/audit/
35 BuildRequires: autoconf >= 2.59
36 BuildRequires: automake >= 1:1.9
37 %{?with_pie:BuildRequires: gcc >= 5:3.4}
38 BuildRequires: glibc-headers >= 6:2.3.6
39 %{?with_kerberos5:BuildRequires: heimdal-devel}
40 BuildRequires: libcap-ng-devel
41 %{?with_prelude:BuildRequires: libprelude-devel}
42 BuildRequires: libtool
43 BuildRequires: libwrap-devel
44 BuildRequires: linux-libc-headers >= 7:2.6.30
45 %{?with_zos_remote:BuildRequires: openldap-devel}
47 BuildRequires: python-devel >= 1:2.5
48 BuildRequires: rpm-pythonprov
49 BuildRequires: swig-python
51 BuildRequires: rpmbuild(macros) >= 1.623
52 BuildRequires: sed >= 4.0
53 Requires(post,preun): /sbin/chkconfig
54 Requires(post,preun,postun): systemd-units >= 38
55 Requires: %{name}-libs = %{version}-%{release}
57 Requires: systemd-units >= 38
58 Obsoletes: audit-audispd-plugins
59 Obsoletes: audit-systemd
60 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
62 %define _sbindir /sbin
63 # use /lib, because this path is put in /usr/share/.../settings.py
64 %define _libexecdir %{_prefix}/lib
67 The audit package contains the user space utilities for storing and
68 processing the audit records generate by the audit subsystem in the
71 %description -l pl.UTF-8
72 Ten pakiet zawiera narzędzia przestrzeni użytkownika do przechowywania
73 i przetwarzania rekordów audytu generowanych przez podsystem audytu w
77 Summary: Dynamic audit libraries
78 Summary(pl.UTF-8): Biblioteki dynamiczne audit
83 The audit-libs package contains the dynamic libraries needed for
84 applications to use the audit framework.
86 %description libs -l pl.UTF-8
87 Ten pakiet zawiera biblioteki dynamiczne potrzebne dla aplikacji
88 używających środowiska audytu.
91 Summary: Header files for audit libraries
92 Summary(pl.UTF-8): Pliki nagłówkowe bibliotek audit
94 Group: Development/Libraries
95 Requires: %{name}-libs = %{version}-%{release}
96 Requires: linux-libc-headers >= 7:2.6.30
98 %description libs-devel
99 The audit-libs-devel package contains the header files needed for
100 developing applications that need to use the audit framework library.
102 %description libs-devel -l pl.UTF-8
103 Ten pakiet zawiera pliki nagłówkowe potrzebne do tworzenia aplikacji
104 używających biblioteki środowiska audytu.
107 Summary: Static audit libraries
108 Summary(pl.UTF-8): Statyczne biblioteki audit
110 Group: Development/Libraries
111 Requires: %{name}-libs-devel = %{version}-%{release}
113 %description libs-static
114 The audit-libs-static package contains the static libraries for
115 developing applications that need to use the audit framework.
117 %description libs-static -l pl.UTF-8
118 Ten pakiet zawiera statyczne biblioteki do tworzenia aplikacji
119 używających środowiska audytu.
121 %package plugin-prelude
122 Summary: prelude plugin for audispd
123 Summary(pl.UTF-8): Wtyczka prelude dla audispd
125 Requires: %{name} = %{version}-%{release}
127 %description plugin-prelude
128 audisp-prelude is a plugin for the audit event dispatcher daemon,
129 audispd, that uses libprelude to send IDMEF alerts for possible
130 Intrusion Detection events.
132 %description plugin-prelude -l pl.UTF-8
133 audisp-prelude to wtyczka demona audispd przekazującego zdarzenia
134 audytowe wykorzystująca libprelude do wysyłania alarmów IDMEF o
135 prawdopodobnych zdarzeniach IDS.
137 %package -n python-audit
138 Summary: Python interface to libaudit library
139 Summary(pl.UTF-8): Pythonowy interfejs do biblioteki libaudit
141 Group: Libraries/Python
142 Requires: %{name}-libs = %{version}-%{release}
144 %description -n python-audit
145 Python interface to libaudit library.
147 %description -n python-audit -l pl.UTF-8
148 Pythonowy interfejs do biblioteki libaudit.
155 %{!?with_zos_remote:%patch3 -p1}
159 %if %{without python}
160 sed 's#swig/Makefile ##' -i configure.ac
161 sed 's/swig//' -i Makefile.am
171 %{?with_kerberos5:--enable-gssapi-krb5} \
175 %{?with_prelude:--with-prelude}
176 # override auditd_{C,LD}FLAGS to avoid -fPIE unsupported by gcc 3.3
178 %{!?with_pie:auditd_CFLAGS="-D_REENTRANT -D_GNU_SOURCE" auditd_LDFLAGS="-Wl,-z,relro"}
180 # temporarily not included in all
184 rm -rf $RPM_BUILD_ROOT
185 install -d $RPM_BUILD_ROOT%{_var}/log/audit
188 DESTDIR=$RPM_BUILD_ROOT
190 # temporarily not included in all
191 %{__make} -C auparse install \
192 DESTDIR=$RPM_BUILD_ROOT
194 install -d $RPM_BUILD_ROOT/%{_lib}
195 mv -f $RPM_BUILD_ROOT%{_libdir}/libaudit.so.* $RPM_BUILD_ROOT/%{_lib}
196 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*) \
197 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
198 mv -f $RPM_BUILD_ROOT%{_libdir}/libauparse.so.* $RPM_BUILD_ROOT/%{_lib}
199 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*) \
200 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
202 # We manually install this since Makefile doesn't
203 install -d $RPM_BUILD_ROOT{%{_includedir},%{systemdunitdir}}
204 install lib/libaudit.h $RPM_BUILD_ROOT%{_includedir}
206 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/auditd
207 install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/auditd
208 install %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}
211 %py_comp $RPM_BUILD_ROOT%{py_sitedir}
212 %py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
213 %{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.py
214 %{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.{la,a}
218 rm -rf $RPM_BUILD_ROOT
220 %post libs -p /sbin/ldconfig
221 %postun libs -p /sbin/ldconfig
224 /sbin/chkconfig --add auditd
225 %service auditd restart "audit daemon"
226 %systemd_post auditd.service
229 if [ "$1" = "0" ]; then
231 /sbin/chkconfig --del auditd
233 %systemd_preun auditd.service
238 %triggerpostun -- %{name} < 2.2-2
239 %systemd_trigger auditd.service
242 %defattr(644,root,root,755)
243 %doc AUTHORS ChangeLog README THANKS TODO
244 %attr(750,root,root) %{_bindir}/aulast
245 %attr(750,root,root) %{_bindir}/aulastlog
246 %attr(750,root,root) %{_bindir}/ausyscall
247 %attr(750,root,root) %{_bindir}/auvirt
248 %attr(750,root,root) %{_sbindir}/audispd
249 %attr(750,root,root) %{_sbindir}/auditctl
250 %attr(750,root,root) %{_sbindir}/auditd
251 %attr(750,root,root) %{_sbindir}/augenrules
252 %attr(750,root,root) %{_sbindir}/aureport
253 %attr(750,root,root) %{_sbindir}/ausearch
254 %attr(750,root,root) %{_sbindir}/autrace
255 %attr(755,root,root) %{_sbindir}/audisp-remote
256 %{?with_zos_remote:%attr(755,root,root) %{_sbindir}/audispd-zos-remote}
257 %dir %{_sysconfdir}/audisp
258 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audispd.conf
259 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audisp-remote.conf
260 %{?with_zos_remote:%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/zos-remote.conf}
261 %dir %{_sysconfdir}/audisp/plugins.d
262 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
263 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
264 %{?with_zos_remote:%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf}
265 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/syslog.conf
266 %dir %{_sysconfdir}/audit
267 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audit/auditd.conf
268 %dir %{_sysconfdir}/audit/rules.d
269 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audit/rules.d/audit.rules
270 %attr(754,root,root) /etc/rc.d/init.d/auditd
271 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/auditd
272 %{systemdunitdir}/auditd.service
273 %attr(750,root,root) %dir %{_var}/log/audit
274 %{_mandir}/man5/audispd.conf.5*
275 %{_mandir}/man5/audisp-remote.conf.5*
276 %{_mandir}/man5/auditd.conf.5*
277 %{_mandir}/man5/ausearch-expression.5*
278 %{?with_zos_remote:%{_mandir}/man5/zos-remote.conf.5*}
279 %{_mandir}/man7/audit.rules.7*
280 %{_mandir}/man8/audisp-remote.8*
281 %{?with_zos_remote:%{_mandir}/man8/audispd-zos-remote.8*}
282 %{_mandir}/man8/audispd.8*
283 %{_mandir}/man8/auditctl.8*
284 %{_mandir}/man8/auditd.8*
285 %{_mandir}/man8/augenrules.8*
286 %{_mandir}/man8/aulast.8*
287 %{_mandir}/man8/aulastlog.8*
288 %{_mandir}/man8/aureport.8*
289 %{_mandir}/man8/ausearch.8*
290 %{_mandir}/man8/ausyscall.8*
291 %{_mandir}/man8/autrace.8*
292 %{_mandir}/man8/auvirt.8*
295 %defattr(644,root,root,755)
296 %attr(755,root,root) /%{_lib}/libaudit.so.*.*.*
297 %attr(755,root,root) %ghost /%{_lib}/libaudit.so.1
298 %attr(755,root,root) /%{_lib}/libauparse.so.*.*.*
299 %attr(755,root,root) %ghost /%{_lib}/libauparse.so.0
300 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/libaudit.conf
301 %{_mandir}/man5/libaudit.conf.5*
304 %defattr(644,root,root,755)
305 %attr(755,root,root) %{_libdir}/libaudit.so
306 %attr(755,root,root) %{_libdir}/libauparse.so
307 %{_libdir}/libaudit.la
308 %{_libdir}/libauparse.la
309 %{_includedir}/auparse*.h
310 %{_includedir}/libaudit.h
311 %{_mandir}/man3/audit_*.3*
312 %{_mandir}/man3/auparse_*.3*
313 %{_mandir}/man3/ausearch_*.3*
314 %{_mandir}/man3/get_auditfail_action.3*
315 %{_mandir}/man3/set_aumessage_mode.3*
318 %defattr(644,root,root,755)
319 %{_libdir}/libaudit.a
320 %{_libdir}/libauparse.a
323 %files plugin-prelude
324 %defattr(644,root,root,755)
325 %attr(755,root,root) %{_sbindir}/audisp-prelude
326 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audisp-prelude.conf
327 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
328 %{_mandir}/man5/audisp-prelude.conf.5*
329 %{_mandir}/man8/audisp-prelude.8*
333 %files -n python-audit
334 %defattr(644,root,root,755)
335 %attr(755,root,root) %{py_sitedir}/_audit.so
336 %attr(755,root,root) %{py_sitedir}/auparse.so
337 %{py_sitedir}/audit.py[co]