diff options
| -rw-r--r-- | sys-process/audit/ChangeLog | 10 | ||||
| -rw-r--r-- | sys-process/audit/Manifest | 9 | ||||
| -rw-r--r-- | sys-process/audit/audit-2.1.3.ebuild | 10 | ||||
| -rw-r--r-- | sys-process/audit/files/audit.rules-2.1.3 | 26 | ||||
| -rw-r--r-- | sys-process/audit/files/audit.rules.stop.pre | 7 | ||||
| -rw-r--r-- | sys-process/audit/files/auditd-conf.d-2.1.3 | 23 | ||||
| -rw-r--r-- | sys-process/audit/files/auditd-init.d-2.1.3 | 97 |
7 files changed, 171 insertions, 11 deletions
diff --git a/sys-process/audit/ChangeLog b/sys-process/audit/ChangeLog index a4e053327fc2..f5fe17d81935 100644 --- a/sys-process/audit/ChangeLog +++ b/sys-process/audit/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-process/audit # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.70 2011/09/10 19:06:09 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.71 2011/09/11 02:58:55 robbat2 Exp $ + + 11 Sep 2011; Robin H. Johnson <robbat2@gentoo.org> + +files/auditd-conf.d-2.1.3, +files/auditd-init.d-2.1.3, audit-2.1.3.ebuild, + files/audit.rules, files/audit.rules.stop.pre, +files/audit.rules-2.1.3: + Get this into shape for full usage with OpenRC, and also the pending cleanup + for the package.mask. Please see the new configuration options in the conf.d + file. The upstream AUDITD_CLEAN_STOP and AUDITD_STOP_DISABLE sysconfig + options are represented by the audit.rules.stop.pre sequence now. *audit-2.1.3 (10 Sep 2011) diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest index e74ee54de39f..cc6258d22204 100644 --- a/sys-process/audit/Manifest +++ b/sys-process/audit/Manifest @@ -7,11 +7,14 @@ AUX audit-1.7.4-python.patch 456 RMD160 b370a77902853dd2280cffe452a33969adb3a360 AUX audit-2.0.5-python.patch 891 RMD160 8daf1f6a8abcb27dcbf4385674410d242df19220 SHA1 648b746db899c0d37f19ded2f022f69a9e96d494 SHA256 b5d82e670f9ac8c6640ba1155a77e0f6b6f93acd90efb89747aca636d7b68022 AUX audit-2.1.3-python.patch 1353 RMD160 3dc8679764a86731958a5f02635247cd6912d5c8 SHA1 0a84b7da7278efa6ccc0d63afb5e7d91e6eb560f SHA256 de214516fc107d8bfb19fcaf39d87776d9655a153e8e8b993a725f34dbe91ce5 AUX audit.rules 997 RMD160 bfa56758dd5f2caa8835f8d01a465124f4591c69 SHA1 f487461c83c6a732ebbe2c9811911550c92468ec SHA256 adc4779fd55919ca32b2de0d955779b7950a159c449a46ea7c0c6654a9049ee9 +AUX audit.rules-2.1.3 1126 RMD160 86276a53794fc4a04d404864fd2ca549683e28e8 SHA1 fcde9504e0fbcb9336763d9290cb37da49f8de91 SHA256 8bf7f9cac7d2a47d3ff51d2a2b227588820831b5ef7c2e3d058b097d4d65eeb0 AUX audit.rules.stop.post 573 RMD160 2e6503fc7ee07c4c1e58fb9ddf4b13eec6d95044 SHA1 4ef80c15f2792f17c1764eb2e21654ede46e482d SHA256 4c2e0be1a63b6800396e31153a899d4e3f2db1cee41b4dd271064dc97521edfe -AUX audit.rules.stop.pre 500 RMD160 6b56a9522e140b48b7f7e67570596ba298a51dc7 SHA1 032921fc3ee730139b39f019b0268a2f1b1962ad SHA256 044cf06cea49f9d38ea114eb16b0a1428465fa2158aea713ef92e67e07e13c48 +AUX audit.rules.stop.pre 547 RMD160 ce008974cc3eb2e5374a4f59c800ba912ae6c4fb SHA1 07a3dfaabc8d9c77eb2e3be980185e5ad5f71180 SHA256 ec2c402d3d2b886c680259145696ad46c451dd1aed533906fdac69e30123c35f AUX auditd-conf.d-1.2.3 686 RMD160 7963d2ac1ec7878db5fc29b6512742ceb0bc2ef5 SHA1 95f171317014f6e2435186953ad21d68a7f3f471 SHA256 5e0ffdc1c446bb906d25c977b0e9adb813610a15dc4d60b52d25026816adb602 +AUX auditd-conf.d-2.1.3 853 RMD160 78cdecdb71a0f0869aead9d815adb34a6db2db8d SHA1 859a169f2074cd41bfc9fd15cbe2a1292644a223 SHA256 f64186229238dd589b1fa5f72503000628b8f4f6655bdc3105b2fdbb17f6458f AUX auditd-init.d-1.2.3 1136 RMD160 ceddd2ce12be248183722b59240d662f507a16eb SHA1 f6fa0da5640bfa234219ebd3304d9f343c97371c SHA256 fd5e01b4aa83d848a2e97832b0ff0610610b7857ec7f0201f0f7cbeff8eec725 AUX auditd-init.d-1.7.17 1229 RMD160 49b33955cf69f406108eb8f4cd0a153a16a6d22c SHA1 25c65e51c48c18a06f88a19c2ade5d1961c24a0d SHA256 1976ffb5182d54bb441ba7e6d1b0db263bc244a7f0b8ba6802dfe29be1984b56 +AUX auditd-init.d-2.1.3 2341 RMD160 3a49345f2012b67ddece27fb1b3f1e988457c1d7 SHA1 245356e09ca29357294980c8ceecf5f162d9d0c4 SHA256 5a280585adb9b2d4fa2742b5e94c4eb1517fe4c5d8d79c7ec349fe11d19af6a5 DIST audit-1.7.17.tar.gz 1565919 RMD160 d9d23d7b8c28c178fd79bece9c8026bcc9494500 SHA1 1e6513d2e8956c87bd5bf5df9cb41e685330000b SHA256 da0f2135ca6fe221adfd7a6e2372038a52e5ee1d001f8e2752d2cf016a9f24af DIST audit-1.7.4.tar.gz 840298 RMD160 08d57fc039021f05763920603c435747fe51c954 SHA1 5348fc1f310fd8eb068480c6b6d61e3c24c58207 SHA256 db5412852aa36ee25eb174e4f4a4676cc2d0b93cbe41a740eebf903b49b4d593 DIST audit-2.0.5.tar.gz 810519 RMD160 2c64ba9586bd9651931c96afe9d2aa9468696658 SHA1 09e88eebb465cf66c1e1b084a6e907cf945164e4 SHA256 1ef85e606a0fda21596577f5c205c0df7eb56d7cffbb84aeeeb72ce44e61a83b @@ -19,6 +22,6 @@ DIST audit-2.1.3.tar.gz 833647 RMD160 b5118fae12ddf9599c379119acc9daec100796b7 S EBUILD audit-1.7.17.ebuild 3346 RMD160 b5c544dc6fabcd53b41732ff048e5e72de240c0c SHA1 2d78c68e01c87e85a18aa637a602f84f170d24f9 SHA256 5eaf81304400e87f962628df06287ca6e985658c0a2c1994cf837451f4f2399a EBUILD audit-1.7.4.ebuild 3384 RMD160 c680813cb5e99b721b38024ebd8c8744c1bbd0cb SHA1 b95a1b28acba22c5f27f770bb931a0d7902c38f7 SHA256 e82051d0cf59e54257458472854b04b31eb9ba7f478932c0499f16e4d751ad94 EBUILD audit-2.0.5.ebuild 4235 RMD160 93dd6229c74b20a1a9c3c7a636bb5713a09cb372 SHA1 30471958c72b79c7cb2c3616871d4d0fc735b056 SHA256 a2fe1f5883de2f8fede4d07ce30c45faf5d44e84b2a9e7cd2d1dcc3967836be2 -EBUILD audit-2.1.3.ebuild 4240 RMD160 a293aea648e34981726fdeecac975d0f36808e98 SHA1 c4e61d371e917cc362092e4732c938bfbb0e5882 SHA256 c441c8cc34494128ed1580f3d857b80b7284ac8a0e041699da456fa68477ea31 -MISC ChangeLog 10983 RMD160 696dcb70447df453458ebf66c26641940fc4c6e9 SHA1 7d9f5fa525a24803358290b2e8b1c8ed88a99dd9 SHA256 74e82cb0b0c4623a6ecb4b5a656d56fc4817ca5b8660aa5722a1b1a36f26bc36 +EBUILD audit-2.1.3.ebuild 4268 RMD160 4481961d9445a65e238495f87347ad13e5180997 SHA1 a3bc45879b09e9d878637f38bd463428df01bf4a SHA256 e01a63f012037946d8a46b830d40748fc54ee9a4aa2194b61acc7953c17b0fcb +MISC ChangeLog 11489 RMD160 bebbdf2fede1965e7e8bb6dbcbe5085591990c4a SHA1 ba96595ea18685561e80744ee9e4ae2b8f581683 SHA256 fae73d9dccb8393a80ab1ca5a907f35c56d8f41c51ee8b3ff24a406c6c3d9e32 MISC metadata.xml 231 RMD160 e78f0580e975fa82702433055e1498b0d9228104 SHA1 de14a9907da991c933aed57aeba714d7b7ce28c6 SHA256 f62f6487425736b6d2f27bb84ee09ccee245c1abf74462b6fbcb90f2c368ad2e diff --git a/sys-process/audit/audit-2.1.3.ebuild b/sys-process/audit/audit-2.1.3.ebuild index 12902d29f61f..062b9a788c4c 100644 --- a/sys-process/audit/audit-2.1.3.ebuild +++ b/sys-process/audit/audit-2.1.3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3.ebuild,v 1.1 2011/09/10 19:06:09 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3.ebuild,v 1.2 2011/09/11 02:58:55 robbat2 Exp $ EAPI="3" PYTHON_DEPEND="2" @@ -50,7 +50,6 @@ src_prepare() { "${S}"/configure.ac || die sed -i \ -e 's,system-config-audit,,g' \ - -e '/^SUBDIRS/s,\\$,,g' \ "${S}"/Makefile.am || die rm -rf "${S}"/system-config-audit @@ -126,8 +125,8 @@ src_install() { docinto contrib/plugin dodoc contrib/plugin/* - newinitd "${FILESDIR}"/auditd-init.d-1.7.17 auditd - newconfd "${FILESDIR}"/auditd-conf.d-1.2.3 auditd + newinitd "${FILESDIR}"/auditd-init.d-2.1.3 auditd + newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd # things like shadow use this so we need to be in / dodir /$(get_libdir) @@ -139,7 +138,8 @@ src_install() { # Gentoo rules insinto /etc/audit/ - doins "${FILESDIR}"/audit.rules* + newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules + doins "${FILESDIR}"/audit.rules.stop* # audit logs go here keepdir /var/log/audit/ diff --git a/sys-process/audit/files/audit.rules-2.1.3 b/sys-process/audit/files/audit.rules-2.1.3 new file mode 100644 index 000000000000..b2b4f02f12f1 --- /dev/null +++ b/sys-process/audit/files/audit.rules-2.1.3 @@ -0,0 +1,26 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $ +# +# This file contains the auditctl rules that are loaded +# whenever the audit daemon is started via the initscripts. +# The rules are simply the parameters that would be passed +# to auditctl. + +# First rule - delete all +# This is to clear out old rules, so we don't append to them. +-D + +# Feel free to add below this line. See auditctl man page + +# The following rule would cause all of the syscalls listed to be ignored in logging. +-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat +-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat + +# The following rule would cause the capture of all systems not caught above. +# -a exit,always -S all + +# Increase the buffers to survive stress events +-b 8192 + +# vim:ft=conf: diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre index c404b515d8e1..c5fb4f9444ae 100644 --- a/sys-process/audit/files/audit.rules.stop.pre +++ b/sys-process/audit/files/audit.rules.stop.pre @@ -1,6 +1,6 @@ -# Copyright 1999-2005 Gentoo Foundation +# Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.1 2006/06/22 07:41:46 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.2 2011/09/11 02:58:55 robbat2 Exp $ # # This file contains the auditctl rules that are loaded immediately before the # audit deamon is stopped via the initscripts. @@ -10,4 +10,7 @@ # auditd is stopping, don't capture events anymore -D +# Disable kernel generating audit events +-e 0 + # vim:ft=conf: diff --git a/sys-process/audit/files/auditd-conf.d-2.1.3 b/sys-process/audit/files/auditd-conf.d-2.1.3 new file mode 100644 index 000000000000..b5f389eaf596 --- /dev/null +++ b/sys-process/audit/files/auditd-conf.d-2.1.3 @@ -0,0 +1,23 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $ + +# Configuration options for auditd +# -f for foreground mode +# There are some other options as well, but you'll have to look in the source +# code to find them as they aren't ready for use yet. +EXTRAOPTIONS='' + +# Audit rules file to run after starting auditd +RULEFILE_STARTUP=/etc/audit/audit.rules + +# Audit rules file to run before and after stopping auditd +RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre +RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post + +# If you want to enforce a certain locale for auditd, +# uncomment one of the next lines: +#AUDITD_LANG=none +AUDITD_LANG=C +#AUDITD_LANG=en_US +#AUDITD_LANG=en_US.UTF-8 diff --git a/sys-process/audit/files/auditd-init.d-2.1.3 b/sys-process/audit/files/auditd-init.d-2.1.3 new file mode 100644 index 000000000000..6ac218d67225 --- /dev/null +++ b/sys-process/audit/files/auditd-init.d-2.1.3 @@ -0,0 +1,97 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $ + +extra_started_commands='reload reload_auditd reload_rules' +description='Linux Auditing System' +description_reload='Reload daemon configuration and rules' +description_reload_rules='Reload daemon rules' +description_reload_auditd='Reload daemon configuration' + +name='auditd' +pidfile='/var/run/auditd.pid' +command='/sbin/auditd' + +start_auditd() { + # Env handling taken from the upstream init script + if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + else + LANG="$AUDITD_LANG" + LC_TIME="$AUDITD_LANG" + LC_ALL="$AUDITD_LANG" + LC_MESSAGES="$AUDITD_LANG" + LC_NUMERIC="$AUDITD_LANG" + LC_MONETARY="$AUDITD_LANG" + LC_COLLATE="$AUDITD_LANG" + export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + fi + unset HOME MAIL USER USERNAME + + ebegin "Starting ${name}" + start-stop-daemon \ + --start --quiet --pidfile ${pidfile} \ + --exec ${command} -- ${EXTRAOPTIONS} + local ret=$? + eend $ret + return $ret +} + +stop_auditd() { + ebegin "Stopping ${name}" + start-stop-daemon --stop --quiet --pidfile ${pidfile} + local ret=$? + eend $ret + return $ret +} + + +loadfile() { + local rules="$1" + if [ -n "${rules}" -a -f "${rules}" ]; then + einfo "Loading audit rules from ${rules}" + /sbin/auditctl -R "${rules}" 1>/dev/null + return $? + else + return 0 + fi +} + +start() { + start_auditd + local ret=$? + if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then + touch /var/lock/subsys/${name} + loadfile "${RULEFILE_STARTUP}" + fi + return $ret +} + +reload_rules() { + loadfile "${RULEFILE_STARTUP}" +} + +reload_auditd() { + [ -f ${pidfile} ] && kill -HUP `cat ${pidfile}` +} + +reload() { + reload_auditd + reload_rules +} + +stop() { + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}" + stop_auditd + rm -f /var/lock/subsys/${name} + local ret=$? + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}" + return $ret +} + +# This is a special case, we do not want to touch the rules at all +restart() { + stop_auditd + start_auditd +} |