packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 3.0

Browse Source
This commit is contained in:
yixiangzhike 2021-05-26 08:51:35 +08:00
parent 65f3fbf0cf
commit ff88ba8253
7 changed files with 212 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
Fix-memleak-in-auparse-caused-by-corrected-event-ordering.patch
View File

@ -1,67 +0,0 @@
From 1af601fed7c23849ae50cacf0eff15fa7dc781a8 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 26 Mar 2019 09:18:00 -0400
Subject: [PATCH 1/2] Fix memleak in auparse caused by corrected event ordering
---
auparse/auparse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 042ea2b..af5dc7b 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -266,6 +266,14 @@ static event_list_t *au_get_ready_event(auparse_state_t *au, int is_test)
au_lolnode *ptr = lowest;
while (ptr->status == EBS_EMPTY && lol->maxi > 0) {
lol->maxi--;
+ if (ptr->l) {
+ aup_list_clear(ptr->l);
+ free(ptr->l);
+ ptr->l = NULL;
+ au->le = NULL; // this should crash
+ // usage of au->le
+ // until reset
+ }
ptr = &lol->array[lol->maxi];
}
}
From a4ed2001dd9db902764256ee08bd53e2039f217e Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 26 Mar 2019 17:24:37 -0400
Subject: [PATCH 2/2] Fix memleak in auparse caused by corrected event ordering
part 2
---
auparse/auparse.c | 17 -----------------
1 file changed, 17 deletions(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index af5dc7b..7662b85 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -260,23 +260,6 @@ static event_list_t *au_get_ready_event(auparse_state_t *au, int is_test)
if (lowest && lowest->status == EBS_COMPLETE) {
lowest->status = EBS_EMPTY;
au->au_ready--;
- // Try to consolidate the array so that we iterate
- // over a smaller portion next time
- if (lowest == &lol->array[lol->maxi]) {
- au_lolnode *ptr = lowest;
- while (ptr->status == EBS_EMPTY && lol->maxi > 0) {
- lol->maxi--;
- if (ptr->l) {
- aup_list_clear(ptr->l);
- free(ptr->l);
- ptr->l = NULL;
- au->le = NULL; // this should crash
- // usage of au->le
- // until reset
- }
- ptr = &lol->array[lol->maxi];
- }
- }
return lowest->l;
}

BIN
audit-2.8.5.tar.gz
View File

Binary file not shown.

BIN
audit-3.0.tar.gz Normal file
View File

Binary file not shown.

124
audit.spec
View File

@ -1,17 +1,17 @@
Summary: User space tools for kernel auditing
Name: audit
Epoch: 1
Version: 2.8.5
Release: 4
Version: 3.0
Release: 1
License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch0: Fix-memleak-in-auparse-caused-by-corrected-event-ordering.patch
Patch1: bugfix-audit-support-armv7b.patch
Patch2: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch3: bugfix-audit-reload-coredump.patch
Patch0: bugfix-audit-support-armv7b.patch
Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
Patch2: bugfix-audit-reload-coredump.patch
Patch3: backport-Fix-the-default-location-for-zos-remote.conf-171.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -19,7 +19,8 @@ BuildRequires: openldap-devel krb5-devel libcap-ng-devel
BuildRequires: golang
%endif
Requires: %{name}-libs = %{epoch}:%{version}-%{release}
Requires(post): systemd coreutils
Requires(pre): pkgconf
Requires(post): systemd coreutils pkgconf
Requires(preun): systemd
Requires(postun): systemd coreutils
@ -42,6 +43,7 @@ Summary: Plugins for audit event dispatcher
License: GPLv2+
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: %{name}-libs = %{epoch}:%{version}-%{release}
Requires(post): pkgconf
%description -n audispd-plugins
This package provides plugins for the real-time interface to audispd.
@ -52,6 +54,7 @@ License: GPLv2+
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: %{name}-libs = %{epoch}:%{version}-%{release}
Requires: openldap
Requires(post): pkgconf
%description -n audispd-plugins-zos
This package provides a z/OS plugin for audit event dispatcher that
@ -138,6 +141,19 @@ make check
%endif
rm -f rules/Makefile*
%pre
if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then
# custom plugins, copy config files from /etc/audisp/plugins.d to /etc/audit/plugins.d
# self-plugins confile files will be overwritten when installing
plugins_config_files=`ls /etc/audisp/plugins.d/*.conf 2>/dev/null | wc -w`
if [ $plugins_config_files -gt 0 ];then
if [ ! -d /etc/audit/plugins.d/ ];then
mkdir -p /etc/audit/plugins.d/
fi
cp /etc/audisp/plugins.d/*.conf /etc/audit/plugins.d/
fi
fi
%post
/sbin/ldconfig
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
@ -149,8 +165,81 @@ if [ "$files" -eq 0 ] ; then
fi
chmod 0600 /etc/audit/rules.d/audit.rules
fi
# merge custom changes to new file
if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then
if [ -s "/etc/audisp/plugins.d/af_unix.conf" ];then
diffrence=`diff /etc/audisp/plugins.d/af_unix.conf /etc/audit/plugins.d/af_unix.conf`
if [ "X$diffrence" != "X" ];then
cp /etc/audisp/plugins.d/af_unix.conf /etc/audit/plugins.d/af_unix.conf
fi
fi
fi
%systemd_post auditd.service
%post -n audispd-plugins
# after installing audispd-plugins
if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then
for file in audisp-remote.conf au-remote.conf syslog.conf
do
# merge custom changes to new file
if [ "$file" == "audisp-remote.conf" ];then
if [ -s "/etc/audisp/$file" ];then
diffrence=`diff /etc/audisp/$file /etc/audit/$file`
if [ "X$diffrence" != "X" ];then
cp /etc/audisp/$file /etc/audit/$file
if [ "X`grep startup_failure_action /etc/audit/$file`" == "X" ];then
# add option in new version
echo "startup_failure_action = warn_once_continue" >> /etc/audit/$file
fi
fi
fi
elif [ "$file" == "syslog.conf" ];then
if [ -s "/etc/audisp/plugins.d/$file" ];then
diffrence=`diff /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file`
if [ "X$diffrence" != "X" ];then
cp /etc/audisp/plugins.d/syslog.conf /etc/audit/plugins.d/syslog.conf
# change options "path" and "type"
sed -i 's/path[ ]*=[ ]*builtin_syslog/path\ =\ \/sbin\/audisp-syslog/g' /etc/audit/plugins.d/syslog.conf
sed -i 's/type[ ]*=[ ]*builtin/type\ =\ always/g' /etc/audit/plugins.d/syslog.conf
fi
fi
else
if [ -s "/etc/audisp/plugins.d/$file" ];then
diffrence=`diff /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file`
if [ "X$diffrence" != "X" ];then
cp /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file
fi
fi
fi
done
fi
%post -n audispd-plugins-zos
# after installing audispd-plugins-zos
if [ -d "/etc/audisp/" -a `/usr/bin/pkgconf --modversion audit | cut -d'.' -f 1` -lt 3 ];then
for file in audispd-zos-remote.conf zos-remote.conf
do
# merge custom changes to new file
if [ "$file" == "zos-remote.conf" ];then
if [ -s "/etc/audisp/$file" ];then
diffrence=`diff /etc/audisp/$file /etc/audit/$file`
if [ "X$diffrence" != "X" ];then
cp /etc/audisp/$file /etc/audit/$file
fi
fi
elif [ "$file" == "audispd-zos-remote.conf" ];then
if [ -s "/etc/audisp/plugins.d/$file" ];then
diffrence=`diff /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file`
if [ "X$diffrence" != "X" ];then
cp /etc/audisp/plugins.d/$file /etc/audit/plugins.d/$file
# change option "args"
sed -i 's/\/etc\/audisp\/zos-remote\.conf/\/etc\/audit\/zos-remote\.conf/g' /etc/audit/plugins.d/$file
fi
fi
fi
done
fi
%preun
%systemd_preun auditd.service
@ -169,7 +258,6 @@ fi
%attr(755,root,root) /sbin/ausearch
%attr(755,root,root) /sbin/aureport
%attr(750,root,root) /sbin/autrace
%attr(755,root,root) /sbin/audispd
%attr(755,root,root) /sbin/augenrules
%attr(755,root,root) %{_bindir}/aulast
%attr(755,root,root) %{_bindir}/aulastlog
@ -189,14 +277,11 @@ fi
%attr(750,root,root) %dir /etc/audit
%attr(750,root,root) %dir /etc/audit/rules.d
%attr(750,root,root) %dir /etc/audit/plugins.d
%attr(750,root,root) %dir /etc/audisp
%attr(750,root,root) %dir /etc/audisp/plugins.d
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
%files libs
/%{_lib}/libaudit.so.1*
@ -204,15 +289,16 @@ fi
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
%files -n audispd-plugins
%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
%attr(750,root,root) /sbin/audisp-remote
%attr(750,root,root) /sbin/audisp-syslog
%attr(700,root,root) %dir %{_var}/spool/audit
%files -n audispd-plugins-zos
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf
%attr(750,root,root) /sbin/audispd-zos-remote
%files devel
@ -241,12 +327,16 @@ fi
%files help
%defattr(-,root,root)
%doc ChangeLog rules init.d/auditd.cron
%attr(644,root,root) %{_datadir}/%{name}/sample-rules/*
%attr(644,root,root) %{_mandir}/man3/*.3.gz
%attr(644,root,root) %{_mandir}/man5/*.5.gz
%attr(644,root,root) %{_mandir}/man7/*.7.gz
%attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog
* Tue May 25 2021 yixiangzhike <zhangxingliang3@huawei.com> - 3.0-1
- update to 3.0
* Mon May 24 2021 yixiangzhike <zhangxingliang3@huawei.com> - 2.8.5-4
- fix directory permissions for /etc/audisp and /etc/audisp/plugins.d

37
backport-Fix-the-default-location-for-zos-remote.conf-171.patch Normal file
View File

@ -0,0 +1,37 @@
From ea21005f1abba62ed4acd7432c6e721504909511 Mon Sep 17 00:00:00 2001
From: Pythoner <yixiangzhike007@163.com>
Date: Mon, 19 Apr 2021 14:10:14 -0500
Subject: [PATCH 2052/2052] Fix the default location for zos-remote.conf (#171)
---
audisp/plugins/zos-remote/audispd-zos-remote.conf | 2 +-
docs/zos-remote.conf.5 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/audisp/plugins/zos-remote/audispd-zos-remote.conf b/audisp/plugins/zos-remote/audispd-zos-remote.conf
index 13aef2c..eda199e 100644
--- a/audisp/plugins/zos-remote/audispd-zos-remote.conf
+++ b/audisp/plugins/zos-remote/audispd-zos-remote.conf
@@ -10,5 +10,5 @@ active = no
direction = out
path = /sbin/audispd-zos-remote
type = always
-args = /etc/audisp/zos-remote.conf
+args = /etc/audit/zos-remote.conf
format = string
diff --git a/docs/zos-remote.conf.5 b/docs/zos-remote.conf.5
index 4bf504d..7ee92e3 100644
--- a/docs/zos-remote.conf.5
+++ b/docs/zos-remote.conf.5
@@ -26,7 +26,7 @@ zos\-remote.conf \- the audisp-racf plugin configuration file
controls the configuration for the
.BR audispd\-zos\-remote (8)
Audit dispatcher plugin. The default location for this file is
-.IR /etc/audisp/zos\-remote.conf ,
+.IR /etc/audit/zos\-remote.conf ,
however, a different file can be specified as the first argument to the
.B audispd\-zos\-remote
plugin. See
--
1.8.3.1

96
bugfix-audit-reload-coredump.patch
View File

@ -1,7 +1,38 @@
diff -Nur audit-3.0.org/src/auditd.c audit-3.0/src/auditd.c
--- audit-3.0.org/src/auditd.c 2019-07-30 09:29:49.420000000 +0800
+++ audit-3.0/src/auditd.c 2019-07-30 09:58:30.484000000 +0800
@@ -76,6 +76,7 @@
From 2a7404291e431757bc417c9c3250f2ca84a82d89 Mon Sep 17 00:00:00 2001
From: Leo Fang <leofang_94@163.com>
Date: Mon, 24 May 2021 19:16:02 +0800
Subject: [PATCH] bugfix-audit-reload-coredump
---
src/auditd-reconfig.c | 2 ++
src/auditd.c | 36 +++++++++++++++++++++++++++++-------
2 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/src/auditd-reconfig.c b/src/auditd-reconfig.c
index f5b00e6..5ea9126 100644
--- a/src/auditd-reconfig.c
+++ b/src/auditd-reconfig.c
@@ -35,6 +35,7 @@
/* externs we need to know about */
extern void reconfig_ready(void);
+extern void reconfig_pthread_failed(void);
/* This is the configuration manager code */
static pthread_t config_thread;
@@ -122,6 +123,7 @@ static void *config_thread_main(void *arg)
//send_audit_event(AUDIT_DAEMON_CONFIG, txt);
free_config(&new_config);
free(e);
+ reconfig_pthread_failed();
}
pthread_mutex_unlock(&config_lock);
diff --git a/src/auditd.c b/src/auditd.c
index fa783a2..0d76e0c 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -76,6 +76,7 @@ static int hup_info_requested = 0;
static int usr1_info_requested = 0, usr2_info_requested = 0;
static char subj[SUBJ_LEN];
static uint32_t session;
@ -9,38 +40,45 @@ diff -Nur audit-3.0.org/src/auditd.c audit-3.0/src/auditd.c
/* Local function prototypes */
int send_audit_event(int type, const char *str);
@@ -502,12 +503,24 @@
if (hup_info_requested) {
@@ -519,15 +520,30 @@ static void netlink_handler(struct ev_loop *loop, struct ev_io *io,
char hup[MAX_AUDIT_MESSAGE_LENGTH];
audit_msg(LOG_DEBUG,
"HUP detected, starting config manager");
- reconfig_ev = cur_event;
- if (start_config_manager(cur_event)) {
- send_audit_event(
- AUDIT_DAEMON_CONFIG,
- "op=reconfigure state=no-change "
- "auid=-1 pid=-1 subj=? res=failed");
+ if(hup_flag == 0)
+ {
+ hup_flag = 1;
+ reconfig_ev = cur_event;
+ if (start_config_manager(cur_event)) {
+ send_audit_event(
+ AUDIT_DAEMON_CONFIG,
+ "op=reconfigure state=no-change "
+ "auid=-1 pid=-1 subj=? res=failed");
+ audit_format_signal_info(hup,
+ sizeof(hup),
+ "reconfigure state=no-change",
+ &cur_event->reply,
+ "failed");
+ send_audit_event(AUDIT_DAEMON_CONFIG,
+ hup);
+ hup_flag = 0;
+ }
+ }
+ else
+ {
+ send_audit_event(
+ AUDIT_DAEMON_CONFIG,
+ "op=reconfigure state=no-change "
+ "auid=-1 pid=-1 subj=? res=failed");
audit_format_signal_info(hup,
- sizeof(hup),
- "reconfigure state=no-change",
- &cur_event->reply,
- "failed");
+ sizeof(hup),
+ "reconfigure state=no-change",
+ &cur_event->reply,
+ "failed");
send_audit_event(AUDIT_DAEMON_CONFIG,
- hup);
+ hup);
}
cur_event = NULL;
hup_info_requested = 0;
@@ -565,9 +578,15 @@
@@ -571,9 +587,15 @@ static void pipe_handler(struct ev_loop *loop, struct ev_io *io,
// Drain the pipe - won't block because libev sets non-blocking mode
read(pipefds[0], buf, sizeof(buf));
enqueue_event(reconfig_ev);
@ -56,22 +94,6 @@ diff -Nur audit-3.0.org/src/auditd.c audit-3.0/src/auditd.c
void reconfig_ready(void)
{
const char *msg = "ready\n";
diff -Nur audit-3.0.org/src/auditd-reconfig.c audit-3.0/src/auditd-reconfig.c
--- audit-3.0.org/src/auditd-reconfig.c 2019-07-30 09:29:49.420000000 +0800
+++ audit-3.0/src/auditd-reconfig.c 2019-07-30 10:00:05.232000000 +0800
@@ -35,6 +35,7 @@
--
1.8.3.1
/* externs we need to know about */
extern void reconfig_ready(void);
+extern void reconfig_pthread_failed(void);
/* This is the configuration manager code */
static pthread_t config_thread;
@@ -125,6 +126,7 @@
//send_audit_event(AUDIT_DAEMON_CONFIG, txt);
free_config(&new_config);
free(e);
+ reconfig_pthread_failed();
}
pthread_mutex_unlock(&config_lock);

16
bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
View File

@ -8,19 +8,17 @@ reason: reconsitution userspace audit missing syscalls for aarm64
Signed-off-by: jinbo <jinbo8@huawei.com>
---
lib/aarch64_table.h | 44 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
lib/aarch64_table.h | 43 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/lib/aarch64_table.h b/lib/aarch64_table.h
index c61aa91..ea634c1 100644
--- a/lib/aarch64_table.h
+++ b/lib/aarch64_table.h
@@ -295,5 +295,49 @@ _S(287, "pwritev2")
_S(288, "pkey_mprotect")
_S(289, "pkey_alloc")
_S(290, "pkey_free")
_S(291, "statx")
_S(292, "io_pgetevents")
@@ -311,4 +311,47 @@ _S(432, "fsmount")
_S(433, "fspick")
_S(434, "pidfd_open")
_S(435, "clone3")
+_S(1024, "open")
+_S(1025, "link")
+_S(1026, "unlink")
@ -64,7 +62,7 @@ index c61aa91..ea634c1 100644
+_S(1077, "uselib")
+_S(1078, "sysctl")
+_S(1079, "fork")
+
--
1.8.5.6