packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!61 update version to 3.0.9

Browse Source 
From: @zgzxx 
Reviewed-by: @huangzq6 
Signed-off-by: @huangzq6
This commit is contained in:
openeuler-ci-bot 2023-02-02 13:10:29 +00:00 committed by Gitee
commit 3c2e61953b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
29 changed files with 61 additions and 1181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
audit-3.0.1.tar.gz
View File

Binary file not shown.

BIN
audit-3.0.9.tar.gz Normal file
View File

Binary file not shown.

22
audit-Add-sw64-architecture.patch
View File

@ -31,20 +31,20 @@ diff --git a/config.guess b/config.guess
index b33c9e8..69e3005 100755
--- a/config.guess
+++ b/config.guess
@@ -913,6 +913,14 @@ EOF
@@ -976,6 +976,14 @@ EOF
UNAME_MACHINE=aarch64_be
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
;;
+ sw_64:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ sw) UNAME_MACHINE=sw_64 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
+ echo "$UNAME_MACHINE"-sunway-linux-"$LIBC"
+ exit ;;
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
+ sw) UNAME_MACHINE=sw_64 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
+ GUESS=$UNAME_MACHINE-sunway-linux-$LIBC
+ ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
EV5) UNAME_MACHINE=alphaev5 ;;
diff --git a/config.sub b/config.sub
index b51fb8c..76babe9 100755

61
audit.spec
View File

@ -1,8 +1,8 @@
Summary: User space tools for kernel auditing
Name: audit
Epoch: 1
Version: 3.0.1
Release: 5
Version: 3.0.9
Release: 1
License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -11,31 +11,9 @@ Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch0: bugfix-audit-support-armv7b.patch
Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch2: bugfix-audit-reload-coredump.patch
Patch3: backport-Fix-the-default-location-for-zos-remote.conf-171.patch
Patch4: backport-Add-missing-call-to-free_interpretation_list.patch
Patch5: backport-fix-2-more-issues-found-by-fuzzing.patch
Patch6: backport-Fix-an-auparse-memory-leak-caused-in-recent-glibc.patch
Patch7: backport-Fix-double-free-with-corrupted-logs.patch
Patch8: backport-Fix-the-closing-timing-of-audit_fd-166.patch
Patch9: backport-Fix-some-string-length-issues.patch
Patch10: backport-Move-the-free_config-to-success-path.patch
Patch11: backport-Check-for-fuzzer-induced-invalid-value.patch
Patch12: backport-error-out-if-log-is-mangled.patch
Patch13: backport-Dont-run-off-the-end-with-corrupt-logs.patch
Patch14: backport-Another-hardening-measure-for-corrupted-logs.patch
Patch15: backport-Fix-busy-loop-in-normalizer-when-logs-are-corrupt.patch
Patch16: backport-Better-fix-for-busy-loop-in-normalizer-when-logs-are.patch
Patch17: backport-flush-uid-gid-caches-when-user-group-added-deleted-m.patch
Patch18: backport-In-auditd-check-if-log_file-is-valid-before-closing-.patch
Patch19: backport-Check-ctime-return-code.patch
Patch20: backport-When-interpreting-if-val-is-NULL-return-an-empty-str.patch
Patch21: backport-auditd.service-Restart-on-failure-ignoring-some-exit.patch
Patch22: backport-0001-In-auditd-close-the-logging-file-descriptor-when-log.patch
Patch23: backport-0002-In-auditd-close-the-logging-file-descriptor-when-log.patch
Patch24: audit-Add-sw64-architecture.patch
Patch25: backport-Make-IPX-packet-interpretation-dependent-on-the-ipx-.patch
Patch26: backport-audit-flex-array-workaround.patch
Patch27: backport-audit-undo-flex-array.patch
Patch3: audit-Add-sw64-architecture.patch
Patch4: backport-audit-flex-array-workaround.patch
Patch5: backport-audit-undo-flex-array.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -117,28 +95,6 @@ cp /usr/include/linux/audit.h lib/
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
autoreconf -f -i
%build
@ -184,7 +140,8 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
cur=`pwd`
cd $RPM_BUILD_ROOT
patch -p1 < %{PATCH27}
patch -p1 < %{PATCH5}
find . -name '*.orig' -delete
cd $cur
%delete_la
@ -342,6 +299,7 @@ fi
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/audit-functions
%ghost %{_localstatedir}/run/auditd.state
%attr(750,root,root) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit
@ -404,6 +362,9 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog
* Thu Feb 2 2023 zhangguangzhi<zhangguangzhi3@huawei.com> - 1:3.0.9-1
- update version to 3.0.9
* Mon Jan 16 2023 zhangguangzhi<zhangguangzhi3@huawei.com> - 1:3.0.1-5
- backport patch adapt to kernel 6.1

32
backport-0001-In-auditd-close-the-logging-file-descriptor-when-log.patch
View File

@ -1,32 +0,0 @@
From d62c38a55520e58220d8e42497c4ab343185106f Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 28 Oct 2021 13:22:24 -0400
Subject: [PATCH 2237/2246] In auditd, close the logging file descriptor when
logging is suspended
---
src/auditd-event.c | 8 ++++++++
1 files changed, 8 insertions(+)
diff --git a/src/auditd-event.c b/src/auditd-event.c
index f886b67..4dee990 100644
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -723,6 +723,14 @@ static void check_log_file_size(void)
case SZ_SUSPEND:
audit_msg(LOG_ERR,
"Audit daemon is suspending logging due to logfile size.");
+ // We need to close the file so that manual
+ // intervention can move or delete the file.
+ // We don't want to keep logging to a deleted
+ // file.
+ if (log_file)
+ fclose(log_file);
+ log_file = NULL;
+ log_fd = -1;
logging_suspended = 1;
break;
case SZ_ROTATE:
--
1.8.3.1

59
backport-0002-In-auditd-close-the-logging-file-descriptor-when-log.patch
View File

@ -1,59 +0,0 @@
From 770e4f538103f8a055f46c04a9e2514f88f175c3 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Mon, 1 Nov 2021 08:29:56 -0400
Subject: [PATCH 2244/2246] In auditd, close the logging file descriptor when
logging is suspended
---
src/auditd-event.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/auditd-event.c b/src/auditd-event.c
index 4a0a351..e88ef6e 100644
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -861,6 +861,13 @@ static void do_space_left_action(int admin)
case FA_SUSPEND:
audit_msg(LOG_ALERT,
"Audit daemon is suspending logging due to low disk space.");
+ // We need to close the file so that manual
+ // intervention can move or delete the file. We
+ // don't want to keep logging to a deleted file.
+ if (log_file)
+ fclose(log_file);
+ log_file = NULL;
+ log_fd = -1;
logging_suspended = 1;
break;
case FA_SINGLE:
@@ -909,6 +916,13 @@ static void do_disk_full_action(void)
case FA_SUSPEND:
audit_msg(LOG_ALERT,
"Audit daemon is suspending logging due to no space left on logging partition.");
+ // We need to close the file so that manual
+ // intervention can move or delete the file. We
+ // don't want to keep logging to a deleted file.
+ if (log_file)
+ fclose(log_file);
+ log_file = NULL;
+ log_fd = -1;
logging_suspended = 1;
break;
case FA_SINGLE:
@@ -957,6 +971,13 @@ static void do_disk_error_action(const char *func, int err)
case FA_SUSPEND:
audit_msg(LOG_ALERT,
"Audit daemon is suspending logging due to previously mentioned write error");
+ // We need to close the file so that manual
+ // intervention can move or delete the file. We
+ // don't want to keep logging to a deleted file.
+ if (log_file)
+ fclose(log_file);
+ log_file = NULL;
+ log_fd = -1;
logging_suspended = 1;
break;
case FA_SINGLE:
--
1.8.3.1

30
backport-Add-missing-call-to-free_interpretation_list.patch
View File

@ -1,30 +0,0 @@
From a9668df44bd635d40b6e7b4db2d12e5cf91c8013 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 5 Aug 2021 09:54:44 -0400
Subject: [PATCH] Add missing call to free_interpretation_list
---
auparse/auparse.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index ee3c97b..18f1127 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1,5 +1,5 @@
/* auparse.c --
- * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2006-08,2012-19,21 Red Hat Inc.
* All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
@@ -2014,6 +2014,7 @@ const char *auparse_find_field_next(auparse_state_t *au)
r = aup_list_next(au->le);
if (r) {
aup_list_first_field(au->le);
+ free_interpretation_list();
load_interpretation_list(r->interp);
}
}
--

85
backport-Another-hardening-measure-for-corrupted-logs.patch
View File

@ -1,85 +0,0 @@
From ab8f522953a56c860cac2cca2a7d7874419111d5 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 7 Aug 2021 13:13:19 -0400
Subject: [PATCH 2198/2246] Another hardening measure for corrupted logs
---
src/ausearch-lookup.c | 3 +++
src/ausearch-parse.c | 25 +++++++++++++++----------
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c
index e27c784..dd58c36 100644
--- a/src/ausearch-lookup.c
+++ b/src/ausearch-lookup.c
@@ -300,6 +300,9 @@ char *unescape(const char *buf)
while (isxdigit(*ptr))
ptr++;
}
+ if ((ptr - buf) == 0)
+ return NULL;
+
str = strndup(buf, ptr - buf);
if (*buf == '(')
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index d051137..78dc44c 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1658,12 +1658,21 @@ static int parse_sockaddr(const lnode *n, search_items *s)
if (event_hostname || event_filename) {
str = strstr(n->message, "saddr=");
if (str) {
- int len;
+ unsigned int len = 0;
struct sockaddr *saddr;
char name[NI_MAXHOST];
str += 6;
- len = strlen(str)/2;
+ const char *ptr = str;
+ if (*ptr == '(') {
+ const char *ptr2 = strchr(ptr, ')');
+ if (ptr2)
+ len = (ptr2 - ptr) + 1;
+ } else {
+ while (isxdigit(ptr[len]))
+ len++;
+ len /= 2;
+ }
s->hostname = unescape(str);
if (s->hostname == NULL)
return 4;
@@ -1683,17 +1692,13 @@ static int parse_sockaddr(const lnode *n, search_items *s)
}
len = sizeof(struct sockaddr_in6);
} else if (saddr->sa_family == AF_UNIX) {
- struct sockaddr_un *un =
- (struct sockaddr_un *)saddr;
- if (un->sun_path[0])
- len = strlen(un->sun_path);
- else // abstract name
- len = strlen(&un->sun_path[1]);
- if (len == 0) {
+ if (len < 4) {
fprintf(stderr,
"sun_path len too short\n");
return 3;
}
+ struct sockaddr_un *un =
+ (struct sockaddr_un *)saddr;
if (event_filename) {
if (!s->filename) {
//create
@@ -1736,7 +1741,7 @@ static int parse_sockaddr(const lnode *n, search_items *s)
s->hostname = NULL;
return 0;
}
- if (getnameinfo(saddr, len, name, NI_MAXHOST,
+ if (getnameinfo(saddr, len, name, NI_MAXHOST,
NULL, 0, NI_NUMERICHOST) ) {
free(s->hostname);
s->hostname = NULL;
--
1.8.3.1

31
backport-Better-fix-for-busy-loop-in-normalizer-when-logs-are.patch
View File

@ -1,31 +0,0 @@
From ad62fa01c7a963c56bac75d8f7db6a5c76be4655 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 7 Aug 2021 13:59:40 -0400
Subject: [PATCH 2200/2246] Better fix for busy loop in normalizer when logs
are corrupt
---
auparse/normalize.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/auparse/normalize.c b/auparse/normalize.c
index cd0a7c2..0ccabc5 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
@@ -346,10 +346,11 @@ static void collect_id_obj2(auparse_state_t *au, const char *syscall)
if ((strcmp(str, "unset") == 0) && errno == 0) {
// Only move it if its safe to
if (cnt < limit) {
- auparse_next_field(au);
+ if (auparse_next_field(au) == 0)
+ return;
cnt++;
} else
- break;
+ return;
} else
break;
}
--
1.8.3.1

47
backport-Check-ctime-return-code.patch
View File

@ -1,47 +0,0 @@
From fd76e380ea117000d9d350405e2cfbd070c5c01a Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 21 Aug 2021 10:18:30 -0400
Subject: [PATCH 2213/2246] Check ctime return code
---
tools/aulast/aulast.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/tools/aulast/aulast.c b/tools/aulast/aulast.c
index c513aac..8a25f3b 100644
--- a/tools/aulast/aulast.c
+++ b/tools/aulast/aulast.c
@@ -96,8 +96,11 @@ static void report_session(lnode* cur)
int mins, hours, days;
if (notime)
printf("- %-7.5s", " ");
- else
- printf("- %-7.5s", ctime(&cur->end) + 11);
+ else {
+ char *ttime = ctime(&cur->end);
+ printf("- %-7.5s", ttime ? ttime + 11 :
+ "bad value");
+ }
secs = cur->end - cur->start;
mins = (secs / 60) % 60;
hours = (secs / 3600) % 24;
@@ -128,10 +131,13 @@ static void report_session(lnode* cur)
strftime(start, sizeof(start), "%x %T", btm);
if (cur->end != 0) {
btm = localtime(&cur->end);
- strftime(end, sizeof(end), "%x %T", btm);
- printf(" ausearch --start %s --end %s",
- start, end);
+ if (btm) {
+ strftime(end, sizeof(end), "%x %T", btm);
+ printf(" ausearch --start %s --end %s",
+ start, end);
+ } else goto no_end;
} else {
+no_end:
printf(" ausearch --start %s", start);
}
if (cur->name == NULL)
--
1.8.3.1

26
backport-Check-for-fuzzer-induced-invalid-value.patch
View File

@ -1,26 +0,0 @@
From a3db7a4f849f52105b13fa412e64fc76c6b2895b Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 5 Aug 2021 21:51:33 -0400
Subject: [PATCH 2182/2246] Check for fuzzer induced invalid value
---
auparse/ellist.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/auparse/ellist.c b/auparse/ellist.c
index 17384a7..175e44e 100644
--- a/auparse/ellist.c
+++ b/auparse/ellist.c
@@ -151,6 +151,9 @@ static int parse_up_record(rnode* r)
n.val = strdup(val);
// Remove trailing punctuation
len = strlen(n.val);
+ // Check for invalid val
+ if (!len)
+ continue;
if (len && n.val[len-1] == ':') {
n.val[len-1] = 0;
len--;
--
1.8.3.1

43
backport-Dont-run-off-the-end-with-corrupt-logs.patch
View File

@ -1,43 +0,0 @@
From 50c65ae25e64b7bd4489ce22a4c7789fa9a81f2f Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 7 Aug 2021 11:33:20 -0400
Subject: [PATCH 2197/2246] Dont run off the end with corrupt logs
---
src/ausearch-parse.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 81ef319..d051137 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1031,7 +1031,7 @@ static int parse_user(const lnode *n, search_items *s, anode *avc)
if (str) {
str += 5;
term = str;
- while (*term != ' ' && *term != ':')
+ while (*term != ' ' && *term != ':' && *term)
term++;
if (term == str)
return 24;
@@ -1244,7 +1244,7 @@ skip:
char *end = str;
int legacy = 0;
- while (*end != ' ') {
+ while (*end != ' ' && *end) {
if (!isxdigit(*end)) {
legacy = 1;
}
@@ -1295,7 +1295,7 @@ skip:
char *end = str;
int legacy = 0;
- while (*end != ' ') {
+ while (*end != ' ' && *end) {
if (!isxdigit(*end)) {
legacy = 1;
}
--
1.8.3.1

35
backport-Fix-an-auparse-memory-leak-caused-in-recent-glibc.patch
View File

@ -1,35 +0,0 @@
From 16246878c503d7395ae668817bf629e05361fec5 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 29 Jul 2021 18:39:22 -0400
Subject: [PATCH] Fix an auparse memory leak caused in recent glibc
---
auparse/interpret.c | 4 ++++-
1 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 2813acb..33c173e 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -50,6 +50,7 @@
#include <sys/personality.h>
#include <sys/prctl.h>
#include <sched.h>
+#include <limits.h> /* PATH_MAX */
#ifdef USE_FANOTIFY
#include <linux/fanotify.h>
#else
@@ -865,8 +866,10 @@ static const char *print_escaped_ext(const idata *id)
str1 = NULL;
}
errno = 0;
- out = realpath(str3, NULL);
+ out = malloc(PATH_MAX);
+ realpath(str3, out);
if (errno) { // If there's an error, just return the original
+ free(out);
free(str1);
free(str2);
return str3;
--

26
backport-Fix-busy-loop-in-normalizer-when-logs-are-corrupt.patch
View File

@ -1,26 +0,0 @@
From 2b34fea50a9f6a65dd51a2b7abf67e6f19c8d1f5 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 7 Aug 2021 13:51:30 -0400
Subject: [PATCH 2199/2246] Fix busy loop in normalizer when logs are corrupt
---
auparse/normalize.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/auparse/normalize.c b/auparse/normalize.c
index 99f9803..cd0a7c2 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
@@ -348,7 +348,8 @@ static void collect_id_obj2(auparse_state_t *au, const char *syscall)
if (cnt < limit) {
auparse_next_field(au);
cnt++;
- }
+ } else
+ break;
} else
break;
}
--
1.8.3.1

36
backport-Fix-double-free-with-corrupted-logs.patch
View File

@ -1,36 +0,0 @@
From 0177e03f0809da0007f09504b789eba4b8cbe739 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 6 Aug 2021 17:03:41 -0400
Subject: [PATCH] Fix double free with corrupted logs
---
src/ausearch-parse.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 9ee4a4f..cb7d481 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -420,8 +420,10 @@ try_again:
str = strstr(term, "comm=");
if (str) {
/* Make the syscall one override */
- if (s->comm)
+ if (s->comm) {
free(s->comm);
+ s->comm = NULL;
+ }
str += 5;
if (*str == '"') {
str++;
@@ -431,7 +433,7 @@ try_again:
*term = 0;
s->comm = strdup(str);
*term = '"';
- } else
+ } else
s->comm = unescape(str);
} else
return 38;
--

64
backport-Fix-some-string-length-issues.patch
View File

@ -1,64 +0,0 @@
From 39f868fef95f95786358bc3690a327d4f11d2d43 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 3 Jun 2021 16:18:36 -0400
Subject: [PATCH 2084/2246] Fix some string length issues
In interpret, fix the size so that we need to size it again later if new
strings get added. The ausearch/report issues have the size information
available, so FORTIFY_SOURCE should keep things in check.
---
auparse/interpret.c | 2 +-
src/aureport.c | 4 ++--
src/ausearch.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index e22cae7..5d6f31a 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -1242,7 +1242,7 @@ static const char *print_flags(const char *val)
{
int flags, cnt = 0;
size_t i;
- char *out, buf[80];
+ char *out, buf[sizeof(flag_strings)];
errno = 0;
flags = strtoul(val, NULL, 16);
diff --git a/src/aureport.c b/src/aureport.c
index d0251a4..22618f0 100644
--- a/src/aureport.c
+++ b/src/aureport.c
@@ -168,10 +168,10 @@ static int process_logs(void)
int num = 0;
if (user_file && userfile_is_dir) {
- char dirname[MAXPATHLEN];
+ char dirname[MAXPATHLEN+1];
clear_config (&config);
- strcpy(dirname, user_file);
+ strncpy(dirname, user_file, MAXPATHLEN-32);
if (dirname[strlen(dirname)-1] != '/')
strcat(dirname, "/");
strcat (dirname, "audit.log");
diff --git a/src/ausearch.c b/src/ausearch.c
index 97f89bf..768807e 100644
--- a/src/ausearch.c
+++ b/src/ausearch.c
@@ -228,10 +228,10 @@ static int process_logs(void)
int ret;
if (user_file && userfile_is_dir) {
- char dirname[MAXPATHLEN];
+ char dirname[MAXPATHLEN+1];
clear_config (&config);
- strcpy(dirname, user_file);
+ strncpy(dirname, user_file, MAXPATHLEN-32);
if (dirname[strlen(dirname)-1] != '/')
strcat(dirname, "/");
strcat (dirname, "audit.log");
--
1.8.3.1

28
backport-Fix-the-closing-timing-of-audit_fd-166.patch
View File

@ -1,28 +0,0 @@
From 72996b1821b5dbd22f5e08c477660a75a38e4414 Mon Sep 17 00:00:00 2001
From: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com>
Date: Wed, 14 Apr 2021 20:08:17 +0900
Subject: [PATCH 2048/2246] Fix the closing timing of audit_fd (#166)
---
lib/netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/netlink.c b/lib/netlink.c
index 9525b8d..f7cbeb0 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -64,10 +64,10 @@ int audit_open(void)
}
if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
saved_errno = errno;
- close(fd);
audit_msg(LOG_ERR,
"Error setting audit netlink socket CLOEXEC flag (%s)",
strerror(errno));
+ close(fd);
errno = saved_errno;
return -1;
}
--
1.8.3.1

37
backport-Fix-the-default-location-for-zos-remote.conf-171.patch
View File

@ -1,37 +0,0 @@
From ea21005f1abba62ed4acd7432c6e721504909511 Mon Sep 17 00:00:00 2001
From: Pythoner <yixiangzhike007@163.com>
Date: Mon, 19 Apr 2021 14:10:14 -0500
Subject: [PATCH 2052/2052] Fix the default location for zos-remote.conf (#171)
---
audisp/plugins/zos-remote/audispd-zos-remote.conf | 2 +-
docs/zos-remote.conf.5 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/audisp/plugins/zos-remote/audispd-zos-remote.conf b/audisp/plugins/zos-remote/audispd-zos-remote.conf
index 13aef2c..eda199e 100644
--- a/audisp/plugins/zos-remote/audispd-zos-remote.conf
+++ b/audisp/plugins/zos-remote/audispd-zos-remote.conf
@@ -10,5 +10,5 @@ active = no
direction = out
path = /sbin/audispd-zos-remote
type = always
-args = /etc/audisp/zos-remote.conf
+args = /etc/audit/zos-remote.conf
format = string
diff --git a/docs/zos-remote.conf.5 b/docs/zos-remote.conf.5
index 4bf504d..7ee92e3 100644
--- a/docs/zos-remote.conf.5
+++ b/docs/zos-remote.conf.5
@@ -26,7 +26,7 @@ zos\-remote.conf \- the audisp-racf plugin configuration file
controls the configuration for the
.BR audispd\-zos\-remote (8)
Audit dispatcher plugin. The default location for this file is
-.IR /etc/audisp/zos\-remote.conf ,
+.IR /etc/audit/zos\-remote.conf ,
however, a different file can be specified as the first argument to the
.B audispd\-zos\-remote
plugin. See
--
1.8.3.1

135
backport-In-auditd-check-if-log_file-is-valid-before-closing-.patch
View File

@ -1,135 +0,0 @@
From 6531c7dfb832ea245d8004662ea7c4e90107c0df Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Wed, 11 Aug 2021 15:10:18 -0400
Subject: [PATCH 2207/2246] In auditd, check if log_file is valid before
closing handle
---
src/auditd-event.c | 44 +++++++++++++++++++++++++++++++----------------
1 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/src/auditd-event.c b/src/auditd-event.c
index 3655726..788c44a 100644
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -71,7 +71,7 @@ static void init_flush_thread(void);
/* Local Data */
static struct daemon_conf *config;
static volatile int log_fd;
-static FILE *log_file;
+static FILE *log_file = NULL;
static unsigned int disk_err_warning = 0;
static int fs_space_warning = 0;
static int fs_admin_space_warning = 0;
@@ -174,7 +175,8 @@ int init_event(struct daemon_conf *conf)
format_buf = (char *)malloc(FORMAT_BUF_LEN);
if (format_buf == NULL) {
audit_msg(LOG_ERR, "No memory for formatting, exiting");
- fclose(log_file);
+ if (log_file)
+ fclose(log_file);
log_file = NULL;
return 1;
}
@@ -212,7 +214,8 @@ static void *flush_thread_main(void *arg)
flush = 0;
pthread_mutex_unlock(&flush_lock);
- fsync(log_fd);
+ if (log_fd >= 0)
+ fsync(log_fd);
}
return NULL;
}
@@ -589,7 +592,8 @@ void handle_event(struct auditd_event *e)
if (config->daemonize == D_BACKGROUND) {
if (config->flush == FT_INCREMENTAL) {
/* EIO is only likely failure */
- if (fsync(log_fd) != 0) {
+ if (log_fd >= 0 &&
+ fsync(log_fd) != 0) {
do_disk_error_action(
"fsync",
errno);
@@ -744,6 +748,9 @@ static void check_space_left(void)
int rc;
struct statfs buf;
+ if (log_fd < 0)
+ return;
+
rc = fstatfs(log_fd, &buf);
if (rc == 0) {
if (buf.f_bavail < 5) {
@@ -831,7 +838,8 @@ static void do_space_left_action(int admin)
case FA_EXEC:
// Close the logging file in case the script zips or
// moves the file. We'll reopen in sigusr2 handler
- fclose(log_file);
+ if (log_file)
+ fclose(log_file);
log_file = NULL;
log_fd = -1;
logging_suspended = 1;
@@ -881,7 +889,8 @@ static void do_disk_full_action(void)
case FA_EXEC:
// Close the logging file in case the script zips or
// moves the file. We'll reopen in sigusr2 handler
- fclose(log_file);
+ if (log_file)
+ fclose(log_file);
log_file = NULL;
log_fd = -1;
logging_suspended = 1;
@@ -928,7 +937,8 @@ static void do_disk_error_action(const char *func, int err)
case FA_EXEC:
// Close the logging file in case the script zips or
// moves the file. We'll reopen in sigusr2 handler
- fclose(log_file);
+ if (log_file)
+ fclose(log_file);
log_file = NULL;
log_fd = -1;
logging_suspended = 1;
@@ -1053,17 +1063,21 @@ static void rotate_logs(unsigned int num_logs, unsigned int keep_logs)
/* Close audit file. fchmod and fchown errors are not fatal because we
* already adjusted log file permissions and ownership when opening the
* log file. */
- if (fchmod(log_fd, config->log_group ? S_IRUSR|S_IRGRP : S_IRUSR) < 0){
- audit_msg(LOG_WARNING, "Couldn't change permissions while "
+ if (log_fd >= 0) {
+ if (fchmod(log_fd, config->log_group ? S_IRUSR|S_IRGRP :
+ S_IRUSR) < 0){
+ audit_msg(LOG_WARNING, "Couldn't change permissions while "
"rotating log file (%s)", strerror(errno));
- }
- if (fchown(log_fd, 0, config->log_group) < 0) {
- audit_msg(LOG_WARNING, "Couldn't change ownership while "
+ }
+ if (fchown(log_fd, 0, config->log_group) < 0) {
+ audit_msg(LOG_WARNING, "Couldn't change ownership while "
"rotating log file (%s)", strerror(errno));
+ }
}
- fclose(log_file);
+ if (log_file)
+ fclose(log_file);
log_file = NULL;
-
+
/* Rotate */
len = strlen(config->log_file) + 16;
oldname = (char *)malloc(len);
@@ -1470,7 +1484,8 @@ static void reconfigure(struct auditd_event *e)
free((void *)nconf->log_file);
if (need_reopen) {
- fclose(log_file);
+ if (log_file)
+ fclose(log_file);
log_file = NULL;
fix_disk_permissions();
if (open_audit_log()) {
--
1.8.3.1

65
backport-Make-IPX-packet-interpretation-dependent-on-the-ipx-.patch
View File

@ -1,65 +0,0 @@
From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 2 Sep 2021 15:01:12 -0400
Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header
file existing
Conflict: del ChangeLog
---
auparse/interpret.c | 8 ++++++--
configure.ac | 6 ++++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 63829aa..6c31645 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -44,8 +44,10 @@
#include <linux/ax25.h>
#include <linux/atm.h>
#include <linux/x25.h>
-#include <linux/if.h> // FIXME: remove when ipx.h is fixed
-#include <linux/ipx.h>
+#ifdef HAVE_IPX_HEADERS
+ #include <linux/if.h> // FIXME: remove when ipx.h is fixed
+ #include <linux/ipx.h>
+#endif
#include <linux/capability.h>
#include <sys/personality.h>
#include <sys/prctl.h>
@@ -1279,6 +1281,7 @@ static const char *print_sockaddr(const char *val)
x->sax25_call.ax25_call[6]);
}
break;
+#ifdef HAVE_IPX_HEADERS
case AF_IPX:
{
const struct sockaddr_ipx *ip =
@@ -1288,6 +1291,7 @@ static const char *print_sockaddr(const char *val)
str, ip->sipx_port, ip->sipx_network);
}
break;
+#endif
case AF_ATMPVC:
{
const struct sockaddr_atmpvc* at =
diff --git a/configure.ac b/configure.ac
index 8f541e4..005eb0b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -418,6 +418,12 @@ if test x"$LIBWRAP_LIBS" != "x"; then
AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled )
fi
+# linux/ipx.h - deprecated in 2018
+AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no)
+if test $ipx_headers = yes ; then
+ AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation])
+fi
+
# See if we want to support lower capabilities for plugins
LIBCAP_NG_PATH
--
2.27.0

28
backport-Move-the-free_config-to-success-path.patch
View File

@ -1,28 +0,0 @@
From d89e5647d9e090f45146c144d920bd1f686a8230 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 15 Jul 2021 11:36:17 -0400
Subject: [PATCH 2163/2246] Move the free_config to success path
---
src/auditd.c | 4 +++---
1 file changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/auditd.c b/src/auditd.c
index ca69d3b..5478cc4 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -457,8 +457,10 @@ static int become_daemon(void)
return -1;
/* Success - die a happy death */
- if (status == SUCCESS)
+ if (status == SUCCESS) {
+ free_config(&config);
_exit(0);
+ }
return -1;
}
--
1.8.3.1

27
backport-When-interpreting-if-val-is-NULL-return-an-empty-str.patch
View File

@ -1,27 +0,0 @@
From ce58837d44b7d9fcb4e140c23f68e0c94d95ab6e Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 21 Aug 2021 10:20:11 -0400
Subject: [PATCH 2214/2246] When interpreting, if val is NULL return an empty
string
---
auparse/interpret.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 177ab82..63829aa 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -840,6 +840,9 @@ static char *print_escaped(const char *val)
{
char *out;
+ if (val == NULL)
+ return strdup(" ");
+
if (*val == '"') {
char *term;
val++;
--
1.8.3.1

4
backport-audit-flex-array-workaround.patch
View File

@ -36,7 +36,7 @@ diff --git a/lib/audit.h b/lib/audit.h
diff --git a/lib/libaudit.h b/lib/libaudit.h
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -32,7 +32,7 @@
@@ -27,7 +27,7 @@
#include <stdint.h>
#include <sys/socket.h>
#include <linux/netlink.h>
@ -44,4 +44,4 @@ diff --git a/lib/libaudit.h b/lib/libaudit.h
+#include "audit.h"
#include <stdarg.h>
#include <syslog.h>
#ifndef __attr_access

35
backport-auditd.service-Restart-on-failure-ignoring-some-exit.patch
View File

@ -1,35 +0,0 @@
From 30382bfcc0f64f451bc084c9657a546cb34492a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <travier@redhat.com>
Date: Fri, 1 Oct 2021 16:35:57 +0200
Subject: [PATCH 2228/2246] auditd.service: Restart 'on-failure', ignoring some
exit codes (#217)
Use `Restart=on-failure` to automatically restart `auditd`. Do not
restart for intentional exits. See EXIT CODES section in auditd(8).
See:
- https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
- https://www.freedesktop.org/software/systemd/man/systemd.service.html#RestartPreventExitStatus=
Fixes: https://github.com/linux-audit/audit-userspace/issues/211
---
init.d/auditd.service | 3 +++
1 file changed, 3 insertions(+)
diff --git a/init.d/auditd.service b/init.d/auditd.service
index 67cda58..e801281 100644
--- a/init.d/auditd.service
+++ b/init.d/auditd.service
@@ -27,6 +27,9 @@ ExecStartPost=-/sbin/augenrules --load
# By default we don't clear the rules on exit. To enable this, uncomment
# the next line after copying the file to /etc/systemd/system/auditd.service
#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
+Restart=on-failure
+# Do not restart for intentional exits. See EXIT CODES section in auditd(8).
+RestartPreventExitStatus=2 4 6
### Security Settings ###
MemoryDenyWriteExecute=true
--
1.8.3.1

27
backport-error-out-if-log-is-mangled.patch
View File

@ -1,27 +0,0 @@
From fc97c70fdba18280985747198a6ce836d39cce9e Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 7 Aug 2021 10:29:07 -0400
Subject: [PATCH 2196/2246] error out if log is mangled
---
src/ausearch-parse.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index b0c8b2a..81ef319 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1995,6 +1995,10 @@ other_avc:
*term = '"';
} else {
s->comm = unescape(str);
+ if (s->comm == NULL) {
+ rc = 11;
+ goto err;
+ }
term = str + 6;
}
}
--
1.8.3.1

46
backport-fix-2-more-issues-found-by-fuzzing.patch
View File

@ -1,46 +0,0 @@
From f4683d04eadb7d76b98497af834f027d6005d893 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Mon, 9 Aug 2021 17:14:17 -0400
Subject: [PATCH] fix 2 more issues found by fuzzing
---
auparse/auparse.c | 8 +++++++-
auparse/ellist.c | 4 +++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index b0e685a..3cf512a 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1611,7 +1611,13 @@ static int au_auparse_next_event(auparse_state_t *au)
}
aup_list_create(l);
aup_list_set_event(l, &e);
- aup_list_append(l, au->cur_buf, au->list_idx, au->line_number);
+ if (aup_list_append(l, au->cur_buf, au->list_idx,
+ au->line_number) < 0) {
+ au->cur_buf = NULL;
+ aup_list_clear(l);
+ free(l);
+ continue;
+ }
// Eat standalone EOE - main event was already marked complete
if (l->head->type == AUDIT_EOE) {
au->cur_buf = NULL;
diff --git a/auparse/ellist.c b/auparse/ellist.c
index 7d9c552..dd711bc 100644
--- a/auparse/ellist.c
+++ b/auparse/ellist.c
@@ -290,7 +290,9 @@ static int parse_up_record(rnode* r)
while (ptr && *ptr != '}') {
len = strlen(ptr);
if ((len+1) >= (256-total)) {
- free(buf);
+ if (nvlist_get_cnt(&r->nv)
+ == 0)
+ free(buf);
return -1;
}
if (tmpctx[0]) {
--

128
backport-flush-uid-gid-caches-when-user-group-added-deleted-m.patch
View File

@ -1,128 +0,0 @@
From 8662f61108f8b9365f96ef49ca8ca331a7880f24 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 10 Aug 2021 11:27:16 -0400
Subject: [PATCH 2205/2246] flush uid/gid caches when user/group
added/deleted/modified
It was reported in issue #209 that in the enriched format that auditd
is creating the wrong account associations. This is due to caching
previous lookups. The fix is to monitor for account lifecycle changes
and flush the LRUs if any are seen.
---
auparse/auparse-idata.h | 3 ++-
auparse/interpret.c | 12 ++++++++++++
src/auditd-event.c | 27 +++++++++++++++++++++++++--
3 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/auparse/auparse-idata.h b/auparse/auparse-idata.h
index 660901a..eaca86a 100644
--- a/auparse/auparse-idata.h
+++ b/auparse/auparse-idata.h
@@ -1,6 +1,6 @@
/*
* idata.h - Header file for ausearch-lookup.c
-* Copyright (c) 2013,2016-17 Red Hat Inc., Durham, North Carolina.
+* Copyright (c) 2013,2016-17,2021 Red Hat Inc.
* All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
@@ -45,6 +45,7 @@ char *auparse_do_interpretation(int type, const idata *id,
void _auparse_load_interpretations(const char *buf);
void _auparse_free_interpretations(void);
const char *_auparse_lookup_interpretation(const char *name);
+void _auparse_flush_caches(void);
#endif
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 046867b..eef377a 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -653,6 +653,18 @@ void aulookup_destroy_gid_list(void)
gid_cache_created = 0;
}
+void _auparse_flush_caches(void)
+{
+ if (uid_cache_created) {
+ destroy_lru(uid_cache);
+ uid_cache_created = 0;
+ }
+ if (gid_cache_created) {
+ destroy_lru(gid_cache);
+ gid_cache_created = 0;
+ }
+}
+
static const char *print_uid(const char *val, unsigned int base)
{
int uid;
diff --git a/src/auditd-event.c b/src/auditd-event.c
index cb29fee..3655726 100644
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -42,6 +42,7 @@
#include "libaudit.h"
#include "private.h"
#include "auparse.h"
+#include "auparse-idata.h"
/* This is defined in auditd.c */
extern volatile int stop;
@@ -56,7 +57,7 @@ static void do_space_left_action(int admin);
static void do_disk_full_action(void);
static void do_disk_error_action(const char *func, int err);
static void fix_disk_permissions(void);
-static void check_excess_logs(void);
+static void check_excess_logs(void);
static void rotate_logs_now(void);
static void rotate_logs(unsigned int num_logs, unsigned int keep_logs);
static void shift_logs(void);
@@ -394,7 +395,7 @@ static const char *format_enrich(const struct audit_reply *rep)
snprintf(format_buf, MAX_AUDIT_MESSAGE_LENGTH,
"type=DAEMON_ERR op=format-enriched msg=NULL res=failed");
} else {
- int rc;
+ int rc, rtype;
size_t mlen, len;
char *message;
// Do raw format to get event started
@@ -427,6 +428,17 @@ static const char *format_enrich(const struct audit_reply *rep)
// Loop over all fields while possible to add field
rc = auparse_first_record(au);
+ rtype = auparse_get_type(au);
+ switch (rtype)
+ { // Flush before adding to pickup new associations
+ case AUDIT_ADD_USER:
+ case AUDIT_ADD_GROUP:
+ _auparse_flush_caches();
+ break;
+ default:
+ break;
+ }
+
while (rc > 0 && len > MIN_SPACE_LEFT) {
// See what kind of field we have
size_t vlen;
@@ -454,6 +466,17 @@ static const char *format_enrich(const struct audit_reply *rep)
rc = auparse_next_field(au);
}
+ switch(rtype)
+ { // Flush after modification to remove stale entries
+ case AUDIT_USER_MGMT:
+ case AUDIT_DEL_USER:
+ case AUDIT_DEL_GROUP:
+ case AUDIT_GRP_MGMT:
+ _auparse_flush_caches();
+ break;
+ default:
+ break;
+ }
free(message);
}
return format_buf;
--
1.8.3.1

72
bugfix-audit-reload-coredump.patch
View File

@ -5,11 +5,11 @@ Subject: [PATCH] bugfix-audit-reload-coredump
---
src/auditd-reconfig.c | 2 ++
src/auditd.c | 36 +++++++++++++++++++++++++++++-------
2 files changed, 31 insertions(+), 7 deletions(-)
src/auditd.c | 26 ++++++++++++++++++++++++--
2 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/src/auditd-reconfig.c b/src/auditd-reconfig.c
index f5b00e6..5ea9126 100644
index 37e0adc..66ded38 100644
--- a/src/auditd-reconfig.c
+++ b/src/auditd-reconfig.c
@@ -35,6 +35,7 @@
@ -29,7 +29,7 @@ index f5b00e6..5ea9126 100644
pthread_mutex_unlock(&config_lock);
diff --git a/src/auditd.c b/src/auditd.c
index fa783a2..0d76e0c 100644
index 5933703..53f4803 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -76,6 +76,7 @@ static int hup_info_requested = 0;
@ -40,45 +40,33 @@ index fa783a2..0d76e0c 100644
/* Local function prototypes */
int send_audit_event(int type, const char *str);
@@ -519,15 +520,30 @@ static void netlink_handler(struct ev_loop *loop, struct ev_io *io,
char hup[MAX_AUDIT_MESSAGE_LENGTH];
audit_msg(LOG_DEBUG,
@@ -525,8 +526,23 @@ static void netlink_handler(struct ev_loop *loop, struct ev_io *io,
char hup[MAX_AUDIT_MESSAGE_LENGTH];
audit_msg(LOG_DEBUG,
"HUP detected, starting config manager");
- reconfig_ev = cur_event;
- if (start_config_manager(cur_event)) {
+ if(hup_flag == 0)
+ {
+ hup_flag = 1;
+ reconfig_ev = cur_event;
+ if (start_config_manager(cur_event)) {
+ audit_format_signal_info(hup,
+ sizeof(hup),
+ "reconfigure state=no-change",
+ &cur_event->reply,
+ "failed");
+ send_audit_event(AUDIT_DAEMON_CONFIG,
+ hup);
+ hup_flag = 0;
- reconfig_ev = cur_event;
- if (start_config_manager(cur_event)) {
+ if(hup_flag == 0)
+ {
+ hup_flag = 1;
+ reconfig_ev = cur_event;
+ if (start_config_manager(cur_event)) {
+ audit_format_signal_info(hup,
+ sizeof(hup),
+ "reconfigure state=no-change",
+ &cur_event->reply,
+ "failed");
+ send_audit_event(AUDIT_DAEMON_CONFIG,
+ hup);
+ hup_flag = 0;
+ }
+ }
+ }
+ else
+ {
audit_format_signal_info(hup,
- sizeof(hup),
- "reconfigure state=no-change",
- &cur_event->reply,
- "failed");
+ sizeof(hup),
+ "reconfigure state=no-change",
+ &cur_event->reply,
+ "failed");
send_audit_event(AUDIT_DAEMON_CONFIG,
- hup);
+ hup);
}
cur_event = NULL;
hup_info_requested = 0;
@@ -571,9 +587,15 @@ static void pipe_handler(struct ev_loop *loop, struct ev_io *io,
+ else
+ {
audit_format_signal_info(hup,
sizeof(hup),
"reconfigure state=no-change",
@@ -576,9 +592,15 @@ static void pipe_handler(struct ev_loop *loop, struct ev_io *io,
// Drain the pipe - won't block because libev sets non-blocking mode
read(pipefds[0], buf, sizeof(buf));
enqueue_event(reconfig_ev);
@ -95,5 +83,5 @@ index fa783a2..0d76e0c 100644
{
const char *msg = "ready\n";
--
1.8.3.1
2.27.0

13
bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
View File

@ -8,17 +8,18 @@ reason: reconsitution userspace audit missing syscalls for aarm64
Signed-off-by: jinbo <jinbo8@huawei.com>
---
lib/aarch64_table.h | 43 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
lib/aarch64_table.h | 44 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 43 insertions(+), 1 deletion(-)
diff --git a/lib/aarch64_table.h b/lib/aarch64_table.h
index c61aa91..ea634c1 100644
--- a/lib/aarch64_table.h
+++ b/lib/aarch64_table.h
@@ -311,3 +311,46 @@ _S(438, "pidfd_getfd")
_S(439, "faccessat2")
_S(440, "process_madvise")
_S(441, "epoll_pwait2")
@@ -326,4 +326,46 @@ _S(447, "memfd_secret")
_S(448, "process_mrelease")
_S(449, "futex_waitv")
_S(450, "set_mempolicy_home_node")
-
+_S(1024, "open")
+_S(1025, "link")
+_S(1026, "unlink")