3 %bcond_without kerberos5 # Kerberos V support via heimdal
4 %bcond_without prelude # prelude audisp plugin
5 %bcond_without golang # Go language bindings
6 %bcond_without python # Python bindings (any)
7 %bcond_without python3 # Python 3 bindings
8 %bcond_without zos_remote # zos-remote audisp plugin (LDAP dep)
10 %ifnarch %{ix86} %{x8664} %{arm}
15 %undefine with_python3
17 Summary: User space tools for 2.6 kernel auditing
18 Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do audytu jąder 2.6
24 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
25 # Source0-md5: 274ebe4bc5fbee837cd783d5ff597e78
26 Source2: %{name}d.init
27 Source3: %{name}d.sysconfig
28 Patch0: %{name}-install.patch
29 Patch1: %{name}-m4.patch
30 Patch2: %{name}-nolibs.patch
31 Patch3: %{name}-no_zos_remote.patch
32 Patch4: %{name}-systemd-notonly.patch
33 Patch5: %{name}-am.patch
34 Patch6: %{name}-no-refusemanualstop.patch
35 Patch7: %{name}-cronjob.patch
36 Patch8: golang-paths.patch
37 URL: http://people.redhat.com/sgrubb/audit/
38 BuildRequires: autoconf >= 2.59
39 BuildRequires: automake >= 1:1.9
40 BuildRequires: glibc-headers >= 6:2.3.6
41 %{?with_golang:BuildRequires: golang >= 1.4}
42 %{?with_kerberos5:BuildRequires: heimdal-devel}
43 BuildRequires: libcap-ng-devel
44 %{?with_prelude:BuildRequires: libprelude-devel}
45 BuildRequires: libtool
46 BuildRequires: libwrap-devel
47 BuildRequires: linux-libc-headers >= 7:2.6.30
48 %{?with_zos_remote:BuildRequires: openldap-devel}
50 BuildRequires: python-devel >= 1:2.5
51 BuildRequires: rpm-pythonprov
52 BuildRequires: swig-python
55 BuildRequires: python3-devel
56 BuildRequires: rpm-pythonprov
57 BuildRequires: swig-python
59 BuildRequires: rpmbuild(macros) >= 1.623
60 BuildRequires: sed >= 4.0
61 Requires(post,preun): /sbin/chkconfig
62 Requires(post,preun,postun): systemd-units >= 38
63 Requires: %{name}-libs = %{version}-%{release}
65 Requires: systemd-units >= 38
66 Obsoletes: audit-audispd-plugins
67 Obsoletes: audit-systemd
68 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
70 %define _sbindir /sbin
71 # use /lib, because this path is put in /usr/share/.../settings.py
72 %define _libexecdir %{_prefix}/lib
75 The audit package contains the user space utilities for storing and
76 processing the audit records generate by the audit subsystem in the
79 %description -l pl.UTF-8
80 Ten pakiet zawiera narzędzia przestrzeni użytkownika do przechowywania
81 i przetwarzania rekordów audytu generowanych przez podsystem audytu w
85 Summary: Dynamic audit libraries
86 Summary(pl.UTF-8): Biblioteki dynamiczne audit
91 The audit-libs package contains the dynamic libraries needed for
92 applications to use the audit framework.
94 %description libs -l pl.UTF-8
95 Ten pakiet zawiera biblioteki dynamiczne potrzebne dla aplikacji
96 używających środowiska audytu.
99 Summary: Header files for audit libraries
100 Summary(pl.UTF-8): Pliki nagłówkowe bibliotek audit
102 Group: Development/Libraries
103 Requires: %{name}-libs = %{version}-%{release}
104 Requires: linux-libc-headers >= 7:2.6.30
105 Requires: libcap-ng-devel
107 %description libs-devel
108 The audit-libs-devel package contains the header files needed for
109 developing applications that need to use the audit framework library.
111 %description libs-devel -l pl.UTF-8
112 Ten pakiet zawiera pliki nagłówkowe potrzebne do tworzenia aplikacji
113 używających biblioteki środowiska audytu.
116 Summary: Static audit libraries
117 Summary(pl.UTF-8): Statyczne biblioteki audit
119 Group: Development/Libraries
120 Requires: %{name}-libs-devel = %{version}-%{release}
122 %description libs-static
123 The audit-libs-static package contains the static libraries for
124 developing applications that need to use the audit framework.
126 %description libs-static -l pl.UTF-8
127 Ten pakiet zawiera statyczne biblioteki do tworzenia aplikacji
128 używających środowiska audytu.
130 %package plugin-prelude
131 Summary: prelude plugin for audispd
132 Summary(pl.UTF-8): Wtyczka prelude dla audispd
134 Requires: %{name} = %{version}-%{release}
136 %description plugin-prelude
137 audisp-prelude is a plugin for the audit event dispatcher daemon,
138 audispd, that uses libprelude to send IDMEF alerts for possible
139 Intrusion Detection events.
141 %description plugin-prelude -l pl.UTF-8
142 audisp-prelude to wtyczka demona audispd przekazującego zdarzenia
143 audytowe wykorzystująca libprelude do wysyłania alarmów IDMEF o
144 prawdopodobnych zdarzeniach IDS.
146 %package -n golang-audit
147 Summary: Go language interface to libaudit library
148 Summary(pl.UTF-8): Interfejs języka Go do biblioteki libaudit
150 Group: Development/Languages
151 Requires: %{name}-libs = %{version}-%{release}
152 Requires: golang >= 1.4
154 %description -n golang-audit
155 Go language interface to libaudit library.
157 %description -n golang-audit -l pl.UTF-8
158 Interfejs języka Go do biblioteki libaudit.
160 %package -n python-audit
161 Summary: Python 2.x interface to libaudit library
162 Summary(pl.UTF-8): Interfejs Pythona 2.x do biblioteki libaudit
164 Group: Libraries/Python
165 Requires: %{name}-libs = %{version}-%{release}
167 %description -n python-audit
168 Python 2.x interface to libaudit library.
170 %description -n python-audit -l pl.UTF-8
171 Interfejs Pythona 2.x do biblioteki libaudit.
173 %package -n python3-audit
174 Summary: Python 3.x interface to libaudit library
175 Summary(pl.UTF-8): Interfejs Pythona 3.x do biblioteki libaudit
177 Group: Libraries/Python
178 Requires: %{name}-libs = %{version}-%{release}
180 %description -n python3-audit
181 Python 3.x interface to libaudit library.
183 %description -n python3-audit -l pl.UTF-8
184 Interfejs Pythona 3.x do biblioteki libaudit.
191 %{!?with_zos_remote:%patch3 -p1}
198 %if %{without python}
199 sed 's#swig/Makefile ##' -i configure.ac
200 sed 's/swig//' -i Makefile.am
210 %{?with_kerberos5:--enable-gssapi-krb5} \
214 %{?with_prelude:--with-prelude}
219 rm -rf $RPM_BUILD_ROOT
220 install -d $RPM_BUILD_ROOT{%{_sysconfdir}/audit/rules.d,%{_var}/log/audit}
223 DESTDIR=$RPM_BUILD_ROOT
225 # default to no audit (and no overhead)
226 cp -p rules/10-no-audit.rules $RPM_BUILD_ROOT%{_sysconfdir}/audit/rules.d
228 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/auditd
229 install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/auditd
231 install -d $RPM_BUILD_ROOT/%{_lib}
232 mv -f $RPM_BUILD_ROOT%{_libdir}/libaudit.so.* $RPM_BUILD_ROOT/%{_lib}
233 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*) \
234 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
235 mv -f $RPM_BUILD_ROOT%{_libdir}/libauparse.so.* $RPM_BUILD_ROOT/%{_lib}
236 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*) \
237 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
239 # RH initscripts-specific
240 %{__rm} -r $RPM_BUILD_ROOT%{_libexecdir}/initscripts
243 %py_comp $RPM_BUILD_ROOT%{py_sitedir}
244 %py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
246 %{__rm} $RPM_BUILD_ROOT%{py_sitedir}/*.{la,a}
250 %{__rm} $RPM_BUILD_ROOT%{py3_sitedir}/*.{la,a}
254 rm -rf $RPM_BUILD_ROOT
256 %post libs -p /sbin/ldconfig
257 %postun libs -p /sbin/ldconfig
260 # Copy default rules into place on new installation
261 if [ ! -e %{_sysconfdir}/audit/audit.rules ] ; then
262 cp -a %{_sysconfdir}/audit/rules.d/10-no-audit.rules %{_sysconfdir}/audit/audit.rules
264 /sbin/chkconfig --add auditd
265 %service auditd restart "audit daemon"
266 %systemd_post auditd.service
269 if [ "$1" = "0" ]; then
271 /sbin/chkconfig --del auditd
273 %systemd_preun auditd.service
278 %triggerpostun -- %{name} < 2.2-2
279 %systemd_trigger auditd.service
281 %triggerpostun -- %{name} < 2.3-1
282 if [ -e %{_sysconfdir}/audit/audit.rules.rpmsave ] ; then
283 %{__mv} %{_sysconfdir}/audit/audit.rules{.rpmsave,}
285 %service auditd restart "audit daemon"
286 %systemd_post auditd.service
288 %triggerpostun -- %{name} < 2.5-1
289 if [ -f %{_sysconfdir}/audit/rules.d/audit.rules.rpmsave ]; then
290 %banner %{name} -e <<EOF
291 Since audit 2.5 %{_sysconfdir}/audit/rules.d/audit.rules file (now saved
292 as audit.rules.rpmnew) is replaced by a set of numbered rule files - remember
293 to update your configuration!
298 %defattr(644,root,root,755)
299 %doc AUTHORS ChangeLog README THANKS TODO rules/{README-rules,*.rules} init.d/auditd.cron
300 %attr(750,root,root) %{_bindir}/aulast
301 %attr(750,root,root) %{_bindir}/aulastlog
302 %attr(750,root,root) %{_bindir}/ausyscall
303 %attr(750,root,root) %{_bindir}/auvirt
304 %attr(750,root,root) %{_sbindir}/audispd
305 %attr(750,root,root) %{_sbindir}/auditctl
306 %attr(750,root,root) %{_sbindir}/auditd
307 %attr(750,root,root) %{_sbindir}/augenrules
308 %attr(750,root,root) %{_sbindir}/aureport
309 %attr(750,root,root) %{_sbindir}/ausearch
310 %attr(750,root,root) %{_sbindir}/autrace
311 %attr(755,root,root) %{_sbindir}/audisp-remote
312 %{?with_zos_remote:%attr(755,root,root) %{_sbindir}/audispd-zos-remote}
313 %dir %{_sysconfdir}/audisp
314 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audispd.conf
315 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audisp-remote.conf
316 %{?with_zos_remote:%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/zos-remote.conf}
317 %dir %{_sysconfdir}/audisp/plugins.d
318 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
319 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
320 %{?with_zos_remote:%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf}
321 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/syslog.conf
322 %dir %{_sysconfdir}/audit
323 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audit/audit-stop.rules
324 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audit/auditd.conf
325 %dir %{_sysconfdir}/audit/rules.d
326 %attr(640,root,root) %config(noreplace,missingok) %verify(not md5 mtime size) %{_sysconfdir}/audit/rules.d/10-no-audit.rules
327 %attr(754,root,root) /etc/rc.d/init.d/auditd
328 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/auditd
329 %{systemdunitdir}/auditd.service
330 %attr(750,root,root) %dir %{_var}/log/audit
331 %{_mandir}/man5/audispd.conf.5*
332 %{_mandir}/man5/audisp-remote.conf.5*
333 %{_mandir}/man5/auditd.conf.5*
334 %{_mandir}/man5/ausearch-expression.5*
335 %{?with_zos_remote:%{_mandir}/man5/zos-remote.conf.5*}
336 %{_mandir}/man7/audit.rules.7*
337 %{_mandir}/man8/audisp-remote.8*
338 %{?with_zos_remote:%{_mandir}/man8/audispd-zos-remote.8*}
339 %{_mandir}/man8/audispd.8*
340 %{_mandir}/man8/auditctl.8*
341 %{_mandir}/man8/auditd.8*
342 %{_mandir}/man8/augenrules.8*
343 %{_mandir}/man8/aulast.8*
344 %{_mandir}/man8/aulastlog.8*
345 %{_mandir}/man8/aureport.8*
346 %{_mandir}/man8/ausearch.8*
347 %{_mandir}/man8/ausyscall.8*
348 %{_mandir}/man8/autrace.8*
349 %{_mandir}/man8/auvirt.8*
352 %defattr(644,root,root,755)
353 %attr(755,root,root) /%{_lib}/libaudit.so.*.*.*
354 %attr(755,root,root) %ghost /%{_lib}/libaudit.so.1
355 %attr(755,root,root) /%{_lib}/libauparse.so.*.*.*
356 %attr(755,root,root) %ghost /%{_lib}/libauparse.so.0
357 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/libaudit.conf
358 %{_mandir}/man5/libaudit.conf.5*
361 %defattr(644,root,root,755)
362 %attr(755,root,root) %{_libdir}/libaudit.so
363 %attr(755,root,root) %{_libdir}/libauparse.so
364 %{_libdir}/libaudit.la
365 %{_libdir}/libauparse.la
366 %{_includedir}/auparse*.h
367 %{_includedir}/libaudit.h
368 %{_pkgconfigdir}/audit.pc
369 %{_pkgconfigdir}/auparse.pc
370 %{_aclocaldir}/audit.m4
371 %{_mandir}/man3/audit_*.3*
372 %{_mandir}/man3/auparse_*.3*
373 %{_mandir}/man3/ausearch_*.3*
374 %{_mandir}/man3/get_auditfail_action.3*
375 %{_mandir}/man3/set_aumessage_mode.3*
378 %defattr(644,root,root,755)
379 %{_libdir}/libaudit.a
380 %{_libdir}/libauparse.a
383 %files plugin-prelude
384 %defattr(644,root,root,755)
385 %attr(755,root,root) %{_sbindir}/audisp-prelude
386 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/audisp-prelude.conf
387 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
388 %{_mandir}/man5/audisp-prelude.conf.5*
389 %{_mandir}/man8/audisp-prelude.8*
393 %files -n golang-audit
394 %defattr(644,root,root,755)
395 %dir %{_libdir}/golang/src/redhat.com
396 %{_libdir}/golang/src/redhat.com/audit
400 %files -n python-audit
401 %defattr(644,root,root,755)
402 %attr(755,root,root) %{py_sitedir}/_audit.so
403 %attr(755,root,root) %{py_sitedir}/auparse.so
404 %{py_sitedir}/audit.py[co]
408 %files -n python3-audit
409 %defattr(644,root,root,755)
410 %attr(755,root,root) %{py3_sitedir}/_audit.so
411 %attr(755,root,root) %{py3_sitedir}/auparse.so
412 %{py3_sitedir}/audit.py