audit0-1.7.18-5

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@11168 ec354946-7b23-47d6-9f5a-488ba84defc7

a/audit0/audit0-vl.spec

@@ -0,0 +1,480 @@
+%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
+
+%define sca_version 0.4.10
+%define sca_release 4
+
+Summary: User space tools for 2.6 kernel auditing
+Name: audit0
+Version: 1.7.18
+Release: 5%{?_dist_release}
+License: GPLv2+
+Group: System Environment/Daemons
+URL: http://people.redhat.com/sgrubb/audit/
+Source0: http://people.redhat.com/sgrubb/audit/audit-%{version}.tar.gz
+Source1: system-config-audit-ja.po
+Patch10: audit-1.7.18-pthread.patch
+Patch11: audit-1.7.18-krb5.patch
+Patch12: audit-1.7.18-libaudit.patch
+Patch100: audit-deprecated.patch
+Obsoletes: audit < 1.7.18-5vl7
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+BuildRequires: gettext intltool libtool swig python-devel
+BuildRequires: openldap-devel tcp_wrappers
+BuildRequires: tcp_wrappers
+BuildRequires: krb5-devel
+BuildRequires: kernel-headers >= 2.6.18
+BuildRequires: automake >= 1.9
+BuildRequires: autoconf >= 2.59
+Requires: %{name}-libs = %{version}-%{release}
+Requires: chkconfig
+Requires(pre): coreutils
+
+%description
+The audit package contains the user space utilities for
+storing and searching the audit records generate by
+the audit subsystem in the Linux 2.6 kernel.
+
+%package libs
+Summary: Dynamic library for libaudit
+License: LGPLv2+
+Group: Development/Libraries
+Requires: audit-libs >= 2.7.7
+Obsoletes: audit-libs < 1.7.18-5vl7
+
+%description libs
+The audit-libs package contains the dynamic libraries needed for 
+applications to use the audit framework.
+
+%package -n compat32-%{name}-libs
+Summary: Dynamic library for libaudit
+License: LGPLv2+
+Group: Development/Libraries
+Requires: compat32-audit-libs >= 2.7.7
+Obsoletes: compat32-%{name}-libs < 1.7.18-5vl7
+
+%description -n compat32-%{name}-libs
+The audit-libs package contains the dynamic libraries needed for 
+applications to use the audit framework.
+
+%prep
+%setup -q -n audit-%{version}
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch100 -p1
+cp -f %{SOURCE1} system-config-audit/po/ja.po
+
+%build
+%configure --sbindir=/sbin --libdir=/%{_lib} --with-libwrap --enable-gssapi-krb5=yes
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,rc.d/init.d}}
+mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
+mkdir -p $RPM_BUILD_ROOT/%{_lib}
+mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
+mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit
+make DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} install
+
+mkdir -p $RPM_BUILD_ROOT/%{_libdir}
+# This winds up in the wrong place when libtool is involved
+mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir}
+mv $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
+curdir=`pwd`
+cd $RPM_BUILD_ROOT/%{_libdir}
+LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*\``
+ln -s ../../%{_lib}/$LIBNAME libaudit.so
+LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*\``
+ln -s ../../%{_lib}/$LIBNAME libauparse.so
+cd $curdir
+# Remove these items so they don't get picked up.
+rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so
+rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so
+rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.la
+rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.la
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.a
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.la
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.a
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.la
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.a
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.la
+
+# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
+touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
+
+#% check
+#make check
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+rm -rf zos-remote-policy
+
+%post libs -p /sbin/ldconfig
+
+%post -n compat32-%{name}-libs -p /sbin/ldconfig
+
+%postun libs -p /sbin/ldconfig
+
+%postun -n compat32-%{name}-libs -p /sbin/ldconfig
+
+%files libs
+%defattr(-,root,root)
+%attr(755,root,root) /%{_lib}/libaudit.*
+#%attr(755,root,root) /%{_lib}/libauparse.*
+#%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
+
+#%files
+
+%if %{build_compat32}
+%files -n compat32-%{name}-libs
+%defattr(-,root,root)
+%attr(755,root,root) /%{_lib}/libaudit.*
+#%attr(755,root,root) /%{_lib}/libauparse.*
+%endif
+
+%changelog
+* Sat Sep 09 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.7.18-5
+- new package for compatibility.
+
+* Sun Apr 05 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-4
+- fix sca_release
+
+* Sun Apr 05 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-3
+- create compat32-audit-libs subpackage
+
+* Wed Feb 15 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-2
+- rebuild with python-2.7.2
+- add Patch12 (audit-1.7.18-libaudit.patch)
+
+* Sun Apr 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.18-1
+- new upstream release
+- rebuild with krb5-1.8.2
+
+* Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-6
+- forgot to increment sca_release macro (why on earth is sca_release
+  individually defined from main package's release number anyway?)
+
+* Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-5
+- rebuilt with gcc-4.4.3-3 on ppc
+
+* Fri Feb  5 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-4
+- rebuilt with rpm-4.8.0-3 (on ppc)
+
+* Tue Feb 02 2010 Shu KONNO <owa@bg.wakwak.com> 1.7.6-3
+- rebuild with python-2.6
+
+* Sat Apr 04 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-2
+- rebuild with openldap-2.4.11
+
+* Mon Sep 15 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-1
+- initial build for Vine Linux
+- disable krb5, prelude and selinux
+- add ja.po (XXX: minimal)
+
+* Thu Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.6-1
+- Add subject to audit daemon events (Chu Li)
+- Add tcp_wrappers support for auditd
+- Updated syscall tables for 2.6.27 kernel
+- Audit connect/disconnect of remote clients
+- Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
+
+* Mon Aug 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.5-1
+- Update system-config-audit to 0.4.8
+- Whole lot of bug fixes - see ChangeLog for details
+- Reimplement auditd main loop using libev
+- Add TCP listener to auditd to receive remote events
+- Fix scheduler problem (#457061)
+
+* Thu Jul 03 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-2
+- Move ausearch-expression to main package (#453437)
+
+* Mon May 19 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-1
+- Fix interpreting of keys in syscall records
+- Don't error on name=(null) PATH records in ausearch/report
+- Add key report to aureport
+- Update system-config-audit to 0.4.7 (Miloslav Trmac)
+- Add support for the filetype field option in auditctl new to 2.6.26 kernels
+
+* Fri May 09 2008 Steve Grubb <sgrubb@redhat.com> 1.7.3-1
+- Fix output of keys in ausearch interpretted mode
+- Fix ausearch/report --start now to not be reset to midnight
+- audispd now has a priority boost config option
+- Look for laddr in avcs reported via prelude
+- Detect page 0 mmaps and alert via prelude
+
+* Fri Apr 18 2008 Steve Grubb <sgrubb@redhat.com> 1.7.2-6
+- Fix overflow in audit_log_user_command, better (#438840)
+- ausearch was not matching path in avc records
+- audisp-prelude attempt to reposition index after examining each type
+- correct building of mls policy
+- Fix auparse iterating in auparse_find_field and next_field
+- Don't alert on USER_AVC's - they are not quite right
+
+* Tue Apr 08 2008 Steve Grubb <sgrubb@redhat.com> 1.7.1-1
+- Fix buffer overflow in audit_log_user_command, again (#438840)
+- Fix memory leak in EOE code in auditd (#440075)
+- In auditctl, don't use new operators in legacy rule format
+- Made a couple corrections in alpha & x86_64 syscall tables (Miloslav Trmac)
+
+* Fri Apr 04 2008 Steve Grubb <sgrubb@redhat.com> 1.7-3
+- Fix memleak in auditd eoe code
+
+* Tue Apr 01 2008 Steve Grubb <sgrubb@redhat.com> 1.7-2
+- Remove LSB headers from init scripts
+- Fix buffer overflow in audit_log_user_command again
+
+* Sun Mar 30 2008 Steve Grubb <sgrubb@redhat.com> 1.7-1
+- Handle user space avcs in prelude plugin
+- Fix watched account login detection for some failed login attempts
+- Couple fixups in audit logging functions (Miloslav Trmac)
+- Add support in auditctl for virtual keys
+- auparse_find_field_next was not iterating correctly, fixed it
+- Add idmef alerts for access or execution of watched file
+- Fix buffer overflow in audit_log_user_command
+- Add basic remote logging plugin - only sends & no flow control
+- Update ausearch with interpret fixes from auparse
+
+* Sun Mar 09 2008 Steve Grubb <sgrubb@redhat.com> 1.6.9-1
+- Apply hidden attribute cleanup patch (Miloslav Trmac)
+- Apply auparse expression interface patch (Miloslav Trmac)
+- Fix potential memleak in audit event dispatcher
+- Update system-config-audit to version 0.4.6 (Miloslav Trmac)
+- audisp-prelude alerts now controlled by config file
+- Updated syscall table for 2.6.25 kernel
+- Apply patch correcting acct field being misencoded (Miloslav Trmac)
+- Added watched account login detection for prelude plugin
+
+* Thu Feb 14 2008 Steve Grubb <sgrubb@redhat.com> 1.6.8-1
+- Update for gcc 4.3
+- Cleanup descriptors in audispd before running plugin
+- Fix 'recent' keyword for aureport/search
+- Fix SE Linux policy for zos_remote plugin
+- Add event type for group password authentication attempts
+- Couple of updates to the translation tables
+- Add detection of failed group authentication to audisp-prelude
+
+* Thu Jan 31 2008 Steve Grubb <sgrubb@redhat.com> 1.6.7-2
+- In ausearch/report, prefer -if to stdin
+- In ausearch/report, add new command line option --input-logs (#428860)
+- Updated audisp-prelude based on feedback from prelude-devel
+- Added prelude alert for promiscuous socket being opened
+- Added prelude alert for SE Linux policy enforcement changes
+- Added prelude alerts for Forbidden Login Locations and Time
+- Applied patch to auparse fixing error handling of searching by
+  interpreted value (Miloslav Trmac)
+
+* Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1
+- Add prelude IDS plugin for IDMEF alerts
+- Add --user option to aulastlog command
+- Use desktop-file-install for system-config-audit
+- Avoid touching auditd.conf most of the time (#408501)
+
+* Fri Jan 11 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-3
+- Updates for spec file review
+- Adjust permission on selinux policy file
+
+* Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1
+- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
+- Check for audit log being writable by owner in auditd
+- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
+- Updated CAPP, LSPP, and NISPOM rules for new capabilities
+- Added aulastlog utility
+
+* Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3
+- Allow 0600 file perms for audit logs
+
+* Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1
+- fchmod of log file was on wrong variable (#426934)
+- Allow use of errno strings for exit codes in audit rules
+
+* Sat Dec 29 2007 Miloslav Trmač <mitr@redhat.com> - 1.6.3-2
+- Don't fchmod() /dev/null to mode 0400 (#426934)
+
+* Thu Dec 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6.3-1
+- Add kernel release string to DEAMON_START events
+- Fix keep_logs when num_logs option disabled (#325561)
+- Fix auparse to handle node fields for syscall records
+- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
+- Add keyword week-ago to aureport & ausearch start/end times
+- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
+- Add RACF zos remote audispd plugin (Klaus Kiwi)
+- Add event queue overflow action to audispd
+
+* Mon Oct 1 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-2
+- Don't retry if the rt queue is full.
+
+* Tue Sep 25 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-1
+- Add support for searching by posix regular expressions in auparse
+- Route DEAMON events into rt interface
+- If event pipe is full, try again after doing local logging
+- Optionally add node/machine name to records in audit daemon
+- Update ausearch/aureport to specify nodes to search on
+- Fix segfault interpretting saddr fields in avcs
+
+* Thu Sep 6 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-2
+- Fix uninitialized variable in auparse (John Dennis)
+
+* Sun Sep 2 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-1
+- External plugin support in place
+- Fix reference counting in auparse python bindings (#263961)
+- Moved default af_unix plugin socket to /var/run/audispd_events
+
+* Wed Aug 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6-3
+- Add newline to audispd string formatted events
+
+* Tue Aug 28 2007 Steve Grubb <sgrubb@redhat.com> 1.6-2
+- spec file cleanups
+- Update to s-c-audit 0.4.3
+
+* Mon Aug 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6-1
+- Update Licence tags
+- Adding perm field should not set syscall added flag in auditctl
+- Fix segfault when aureport -if option is used
+- Fix auditctl to better check keys on rule lines
+- Add support for audit by TTY and other new event types
+- Auditd config option for group permission of audit logs
+- Swig messed up a variable in ppc's python bindings causing crashes. (#251327)
+- New audit event dispatcher
+- Update syscall tables for 2.6.23 kernel
+
+* Wed Jul 25 2007 Steve Grubb <sgrubb@redhat.com> 1.5.6-1
+- Fix potential buffer overflow in print clone flags of auparse
+- Fix python traceback parsing watches without perm statement (Miloslav Trmac)
+- Update auditctl to handle legacy kernels when putting a watch on a dir
+- Fix acct interpretation in auparse
+
+* Tue Jul 17 2007 Miloslav Trmač <mitr@redhat.com> - 1.5.5-5
+- Fix a double free when auditd receives SIGHUP
+- Move the system-config-audit menu entry to the Administration menu
+
+* Tue Jul 10 2007 Steve Grubb <sgrubb@redhat.com> 1.5.5-1
+- Add system-config-audit (Miloslav Trmac)
+- Correct bug in audit_make_equivalent function (Al Viro)
+
+* Tue Jun 26 2007 Steve Grubb <sgrubb@redhat.com> 1.5.4-1
+- Add feed interface to auparse library (John Dennis)
+- Apply patch to libauparse for unresolved symbols (#241178)
+- Apply patch to add line numbers for file events in libauparse (John Dennis)
+- Change seresults to seresult in libauparse (John Dennis)
+- Add unit32_t definition to swig (#244210)
+- Add support for directory auditing
+- Update acct field to be escaped
+
+* Tue May 01 2007 Steve Grubb <sgrubb@redhat.com> 1.5.3-1
+- Change buffer size to prevent truncation of DAEMON events with large labels
+- Fix memory leaks in auparse (John Dennis)
+- Update syscall tables for 2.6.21 kernel
+- Update capp & lspp rules
+- New python bindings for libauparse (John Dennis)
+
+* Wed Apr 04 2007 Steve Grubb <sgrubb@redhat.com> 1.5.2-1
+- New event dispatcher (James Antill)
+- Apply patches fixing man pages and Makefile.am (Philipp Hahn)
+- Apply patch correcting python libs permissions (Philipp Hahn)
+- Fix auditd segfault on reload
+- Fix bug in auparse library for file pointers and descriptors
+- Extract subject information out of daemon events for ausearch
+
+* Thu Mar 29 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-2
+- Remove requires kernel-headers for python-libs
+- Apply patch to prevent segfaults on auditd reload
+
+* Tue Mar 20 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-1
+- Updated autrace to monitor *at syscalls
+- Add support in libaudit for AUDIT_BIT_TEST(^) and AUDIT_MASK_TEST (&)
+- Finish reworking auditd config parser
+- In auparse, interpret open, fcntl, and clone flags
+- In auparse, when interpreting execve record types, run args through unencode
+- Add support for OBJ_PID message type
+- Event dispatcher updates
+
+* Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-2
+- rebuild
+
+* Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-1
+- NEW audit dispatcher program & plugin framework
+- Correct hidden variables in libauparse
+- Added NISPOM sample rules
+- Verify accessibility of files passed in auparse_init
+- Fix bug in parser library interpreting socketcalls
+- Add support for stdio FILE pointer in auparse_init
+- Adjust init script to allow anyone to status auditd (#230626)
+
+* Tue Feb 20 2007 Steve Grubb <sgrubb@redhat.com> 1.4.2-1
+- Add man pages
+- Reduce text relocations in parser library
+- Add -n option to auditd for no fork
+- Add exec option to space_left, admin_space_left, disk_full,
+  and disk_error - eg EXEC /usr/local/script
+
+* Fri Feb 16 2007 Steve Grubb <sgrubb@redhat.com> 1.4.1-1
+- updated audit_rule_fieldpair_data to handle perm correctly (#226780)
+- Finished search options for audit parsing library
+- Fix ausearch -se to work correctly
+- Fix auditd init script for /usr on netdev (#228528)
+- Parse avc seperms better when there are more than one
+
+* Sun Feb 04 2007 Steve Grubb <sgrubb@redhat.com> 1.4-1
+- New report about authentication attempts
+- Updates for python 2.5
+- update autrace to have resource usage mode
+- update auditctl to support immutable config
+- added audit_log_user_command function to libaudit api
+- interpret capabilities
+- added audit event parsing library
+- updates for 2.6.20 kernel
+
+* Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-2
+- Make more adjustments for python 2.5
+
+* Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-1
+- Fix a couple parsing problems (#217952)
+- Add tgkill to S390* syscall tables (#218484)
+- Fix error messages in ausearch/aureport
+
+* Wed Dec  6 2006 Jeremy Katz <katzj@redhat.com> - 1.3-4
+- rebuild against python 2.5
+
+* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-3
+- Fix timestamp for libaudit.conf (#218053)
+
+* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-2
+- Fix minor parsing problem and add new msg types
+
+* Tue Nov 28 2006 Steve Grubb <sgrubb@redhat.com> 1.3-1
+- ausearch & aureport implement uid/gid caching
+- In ausearch & aureport, extract addr when hostname is unknown
+- In ausearch & aureport, test audit log presence O_RDONLY
+- New ausearch/aureport time keywords: recent, this-week, this-month, this-year
+- Added --add & --delete option to aureport
+- Update res parsing in config change events
+- Increase the size on audit daemon buffers
+- Parse avc_path records in ausearch/aureport
+- ausearch has new output mode, raw, for extracting events
+- ausearch/aureport can now read stdin
+- Rework AVC processing in ausearch/aureport
+- Added long options to ausearch and aureport
+
+* Tue Oct 24 2006 Steve Grubb <sgrubb@redhat.com> 1.2.9-1
+- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834)
+- Fix some defines in libaudit.h
+- Some auditd config strings were not initialized in aureport (#211443)
+- Updated man pages
+- Add Netlabel event types to libaudit
+- Update aureports to current audit event types
+- Update autrace a little
+- Deprecated all the old audit_rule functions from public API
+- Drop auparse library for the moment
+
+* Fri Sep 29 2006 Steve Grubb <sgrubb@redhat.com> 1.2.8-1
+- Add dist tag and bump version (#208532)
+- Make internal auditd buffers bigger for context info
+- Correct address resolving of hostname in logging functions
+- Do not allow multiple msgtypes in same audit rule in auditctl (#207666)
+- Only =, != operators for arch & inode fields in auditctl (#206427)
+- Updated audit message type table
+- Remove watches from aureport since FS_WATCH is deprecated
+- Add audit_log_avc back temporarily (#208152)
+