packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport patches to fix bug

Browse Source
This commit is contained in:
wjiang 2024-12-11 14:32:21 +08:00
parent 5f33272f1b
commit c0cb68b58c
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
audit.spec
View File

@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing
Name: audit Name: audit
Epoch: 1 Epoch: 1
Version: 3.1.2 Version: 3.1.2
Release: 6 Release: 7
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/ URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -44,6 +44,7 @@ Patch32: backport-Cleanup-code-in-LRU.patch
Patch33: backport-Fix-memory-leaks.patch Patch33: backport-Fix-memory-leaks.patch
Patch34: backport-fix-one-more-leak.patch Patch34: backport-fix-one-more-leak.patch
Patch35: backport-Correct-output-when-displaying-rules-with-exe-path-d.patch Patch35: backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
Patch36: backport-ausearch-format-Fix-display-of-renamed-file-411.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -386,6 +387,9 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz %attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog %changelog
* Wed Dec 11 2024 wangjiang <app@cameyan.coom> - 1:3.1.2-7
- backport patches to fix bug
* Sat Aug 24 2024 fangxiuning<fangxiuning@huawei.com> - 1:3.1.2-6 * Sat Aug 24 2024 fangxiuning<fangxiuning@huawei.com> - 1:3.1.2-6
- backport patches to fix bug - backport patches to fix bug

48
backport-ausearch-format-Fix-display-of-renamed-file-411.patch Normal file
View File

@ -0,0 +1,48 @@
From 7cdcfd30c6122acc6b2e54e1ad8cd1a12dd537d2 Mon Sep 17 00:00:00 2001
From: Attila Lakatos <Cropi@users.noreply.github.com>
Date: Mon, 21 Oct 2024 04:25:37 +0200
Subject: [PATCH] ausearch format: Fix display of renamed file (#411)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In some cases, ausearch was not correctly showing
the new name of a renamed file when searching for
audit events. If the target file didnt exist prior
to the rename, ausearch was unable to parse the new
file name. This occurred because ausearch attempted
to retrieve this information from the 7th record,
which is absent when the target file does not exist.
---
auparse/normalize.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/auparse/normalize.c b/auparse/normalize.c
index 036c0b86..f1a07d18 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
@@ -693,7 +693,20 @@ static int normalize_syscall(auparse_state_t *au, const char *syscall)
case NORM_FILE_RENAME:
act = "renamed";
D.thing.what = NORM_WHAT_FILE; // this gets overridden
- set_prime_object2(au, "name", 4);
+ /* A sucessfull syscall from the rename family will provide
+ * the following items:
+ * 0 - new dir, in which the file will be located
+ * 1 - old dir, in which the file was located
+ * 2 - old name, the name of the original file
+ * if the file was already present in the new dir:
+ * 3 - removal of the new file
+ * 4 - creation of the new file
+ * otherwise:
+ * 3 - creation of the new file
+ */
+
+ // The 3rd record will always contain the name of the new file
+ set_prime_object2(au, "name", 3);
set_file_object(au, 2); // Thing renamed is 2 after
simple_file_attr(au);
break;
--
2.33.0