53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001
|
|
From: Attila Lakatos <Cropi@users.noreply.github.com>
|
|
Date: Wed, 12 Jun 2024 18:22:00 +0200
|
|
Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)
|
|
|
|
Some audit operators were not displayed properly
|
|
because auditctl used the "=" operator in all
|
|
the scenarios mentioned above.
|
|
|
|
Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898
|
|
Conflict:NA
|
|
|
|
---
|
|
src/auditctl-listing.c | 11 ++++++++---
|
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c
|
|
index 57ae1837..9c322670 100644
|
|
--- a/src/auditctl-listing.c
|
|
+++ b/src/auditctl-listing.c
|
|
@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)
|
|
printf("-w %.*s", r->values[i],
|
|
&r->buf[boffset]);
|
|
else
|
|
- printf(" -F path=%.*s", r->values[i],
|
|
+ printf(" -F path%s%.*s",
|
|
+ audit_operator_to_symbol(op),
|
|
+ r->values[i],
|
|
&r->buf[boffset]);
|
|
boffset += r->values[i];
|
|
} else if (field == AUDIT_DIR) {
|
|
@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)
|
|
printf("-w %.*s", r->values[i],
|
|
&r->buf[boffset]);
|
|
else
|
|
- printf(" -F dir=%.*s", r->values[i],
|
|
+ printf(" -F dir%s%.*s",
|
|
+ audit_operator_to_symbol(op),
|
|
+ r->values[i],
|
|
&r->buf[boffset]);
|
|
|
|
boffset += r->values[i];
|
|
} else if (field == AUDIT_EXE) {
|
|
- printf(" -F exe=%.*s",
|
|
+ printf(" -F exe%s%.*s",
|
|
+ audit_operator_to_symbol(op),
|
|
r->values[i], &r->buf[boffset]);
|
|
boffset += r->values[i];
|
|
} else if (field == AUDIT_FILTERKEY) {
|
|
--
|
|
2.33.0
|
|
|