-# TODO: - revise our auditd.service vs upstream version
-# - add triggers for existing rules
-# look at https://www.redhat.com/archives/linux-audit/2013-May/msg00000.html
-#
# Conditional build:
%bcond_without kerberos5 # do not build with heimdal
-%bcond_without pie # auditd as PIE binary
%bcond_without prelude # prelude audisp plugin
%bcond_without python # don't build python bindings
%bcond_without zos_remote # do not build zos-remote audisp plugin (LDAP dep)
Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do audytu jąder 2.6
Name: audit
Version: 2.3.2
-Release: 0.1
+Release: 1
License: GPL v2+
Group: Daemons
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
# Source0-md5: 4e8d065b5cc16b77b9b61e93a9ed160e
Source2: %{name}d.init
Source3: %{name}d.sysconfig
-Source4: %{name}d.service
Patch0: %{name}-install.patch
Patch1: %{name}-m4.patch
Patch2: %{name}-nolibs.patch
Patch3: %{name}-no_zos_remote.patch
Patch4: %{name}-systemd-notonly.patch
Patch5: %{name}-am.patch
+Patch6: %{name}-no-refusemanualstop.patch
+Patch7: %{name}-cronjob.patch
URL: http://people.redhat.com/sgrubb/audit/
BuildRequires: autoconf >= 2.59
BuildRequires: automake >= 1:1.9
-%{?with_pie:BuildRequires: gcc >= 5:3.4}
BuildRequires: glibc-headers >= 6:2.3.6
%{?with_kerberos5:BuildRequires: heimdal-devel}
BuildRequires: libcap-ng-devel
%{!?with_zos_remote:%patch3 -p1}
%patch4 -p1
%patch5 -p1
+%patch6 -p1
+%patch7 -p1
%if %{without python}
sed 's#swig/Makefile ##' -i configure.ac
--with-apparmor \
--with-libwrap \
%{?with_prelude:--with-prelude}
-# override auditd_{C,LD}FLAGS to avoid -fPIE unsupported by gcc 3.3
-%{__make} \
- %{!?with_pie:auditd_CFLAGS="-D_REENTRANT -D_GNU_SOURCE" auditd_LDFLAGS="-Wl,-z,relro"}
-# temporarily not included in all
-%{__make} -C auparse
+%{__make}
%install
rm -rf $RPM_BUILD_ROOT
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
-# temporarily not included in all
-%{__make} -C auparse install \
- DESTDIR=$RPM_BUILD_ROOT
+install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/auditd
+install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/auditd
install -d $RPM_BUILD_ROOT/%{_lib}
mv -f $RPM_BUILD_ROOT%{_libdir}/libaudit.so.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*) \
$RPM_BUILD_ROOT%{_libdir}/libauparse.so
-# We manually install this since Makefile doesn't
-install -d $RPM_BUILD_ROOT{%{_includedir},%{systemdunitdir}}
-install lib/libaudit.h $RPM_BUILD_ROOT%{_includedir}
-
-install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/auditd
-install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/auditd
-install %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}
-
-# seems RH initscripts-specific
-%{__rm} -r $RPM_BUILD_ROOT%{_libdir}/initscripts
+# RH initscripts-specific
+%{__rm} -r $RPM_BUILD_ROOT%{_libexecdir}/initscripts
%if %{with python}
%py_comp $RPM_BUILD_ROOT%{py_sitedir}
%py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
-%{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.py
+%py_postclean
%{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.{la,a}
%endif
%postun libs -p /sbin/ldconfig
%post
+# Copy default rules into place on new installation
+if [ ! -e %{_sysconfdir}/audit/audit.rules ] ; then
+ cp -a %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules
+fi
/sbin/chkconfig --add auditd
%service auditd restart "audit daemon"
%systemd_post auditd.service
%triggerpostun -- %{name} < 2.2-2
%systemd_trigger auditd.service
+%triggerpostun -- %{name} < 2.3-1
+if [ -e %{_sysconfdir}/audit/audit.rules.rpmsave ] ; then
+ %{__mv} %{_sysconfdir}/audit/audit.rules{.rpmsave,}
+fi
+
%files
%defattr(644,root,root,755)
%doc AUTHORS ChangeLog README THANKS TODO
+%doc contrib/{capp,nispom,lspp,stig}.rules init.d/auditd.cron
%attr(750,root,root) %{_bindir}/aulast
%attr(750,root,root) %{_bindir}/aulastlog
%attr(750,root,root) %{_bindir}/ausyscall
# Source function library
. /etc/rc.d/init.d/functions
-AUDITD_CLEAN_STOP=yes
+AUDITD_CLEAN_STOP="yes"
+AUDITD_STOP_DISABLE="yes"
EXTRAOPTIONS=
AUDIT_RULES=/etc/audit/audit.rules
local rc
msg_starting auditd
+ # Localization for auditd is controlled in /etc/synconfig/auditd
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "C" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ else
+ LANG="$AUDITD_LANG"
+ LC_TIME="$AUDITD_LANG"
+ LC_ALL="$AUDITD_LANG"
+ LC_MESSAGES="$AUDITD_LANG"
+ LC_NUMERIC="$AUDITD_LANG"
+ LC_MONETARY="$AUDITD_LANG"
+ LC_COLLATE="$AUDITD_LANG"
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ fi
unset HOME MAIL USER USERNAME
daemon /sbin/auditd "$EXTRAOPTIONS"
RETVAL=$?
# Load the default rules if daemon started
if [ $RETVAL -eq 0 ] && [ -f $AUDIT_RULES ]; then
+ # Prepare the default rules
+ if is_yes "$USE_AUGENRULES"; then
+ /sbin/augenrules
+ fi
+ # Load the default rules
/sbin/auditctl -R $AUDIT_RULES >/dev/null
rc=$?
# add error code, if it was an error
if ! is_no "$AUDITD_CLEAN_STOP"; then
/sbin/auditctl -D >/dev/null
fi
+ if ! is_no "$AUDITD_STOP_DISABLE"; then
+ /sbin/auditctl -e 0 >/dev/null
+ fi
}
condrestart() {
# Nice level for auditd
#SERVICE_RUN_NICE_LEVEL=0
-# You can set audit locale here
-#LC_ALL=C
-
+# Add extra options here
+EXTRAOPTIONS=""
+#
+# This is the locale information that audit uses.
+# To remove all locale information from audit's environment, set
+# AUDITD_LANG to the empty string or the string "none".
+#AUDITD_LANG="pl_PL"
+#
# This option is used to determine if rules & watches should be deleted on
# shutdown. This is beneficial in most cases so that a watch doesn't linger
# on a drive that is being unmounted. If set to no, it will NOT be cleaned up.
-AUDITD_CLEAN_STOP=yes
-
-# Extra options for auditd
-#EXTRAOPTIONS=
+AUDITD_CLEAN_STOP="yes"
+#
+# This option determines whether the audit system should be disabled when
+# the audit daemon is shutdown
+AUDITD_STOP_DISABLE="yes"
+#
+# This option determines whether or not to call augenrules to compile the
+# audit.rule file from /etc/audit/rules.d. The default is "no" so that nothing
+# happens to existing rules. When setting this up, any existing rules need to
+# be copied into /etc/audit/rules.d or it will be lost when audit.rule gets
+# overwritten.
+USE_AUGENRULES="no"