diff --git a/system/audit/audit-2.3.6-sysconfig.diff b/system/audit/audit-2.3.6-sysconfig.diff deleted file mode 100644 index 2004313a117..00000000000 --- a/system/audit/audit-2.3.6-sysconfig.diff +++ /dev/null @@ -1,21 +0,0 @@ -diff -Nur audit-2.0.4.orig//init.d/auditd.init audit-2.0.4/init.d/auditd.init ---- audit-2.0.4.orig//init.d/auditd.init 2009-12-07 15:16:41.000000000 -0600 -+++ audit-2.0.4/init.d/auditd.init 2010-06-13 02:07:13.368552889 -0500 -@@ -9,7 +9,7 @@ - # will be sent to syslog. - # - # processname: /sbin/auditd --# config: /etc/sysconfig/auditd -+# config: /etc/rc.d/rc.auditd.conf - # config: /etc/audit/auditd.conf - # pidfile: /var/run/auditd.pid - # -@@ -42,7 +42,7 @@ - test $EUID = 0 || exit 4 - - # Check config --test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd -+test -f /etc/rc.d/rc.auditd.conf && . /etc/rc.d/rc.auditd.conf - - RETVAL=0 - diff --git a/system/audit/audit.SlackBuild b/system/audit/audit.SlackBuild index baf85c9b38c..07d83dff6fe 100644 --- a/system/audit/audit.SlackBuild +++ b/system/audit/audit.SlackBuild @@ -24,12 +24,13 @@ # 20220211 bkw: Modified by SlackBuilds.org: update for v3.0.7 as # the previous version won't build on 15.0. +# 20260401 pyllyukko: Updated for version v4.1.4 cd $(dirname $0) ; CWD=$(pwd) PRGNAM=audit -VERSION=${VERSION:-3.0.7} -BUILD=${BUILD:-2} +VERSION=${VERSION:-4.1.4} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} @@ -57,7 +58,7 @@ elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -fPIC -fPIE -pie -Wl,-z,relro,-z,now -fstack-protector-all -fstack-clash-protection -fcf-protection=full -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS" LIBDIRSUFFIX="64" fi @@ -68,7 +69,7 @@ mkdir -p $TMP $PKG $OUTPUT cd $TMP rm -rf $PRGNAM-$VERSION tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION +cd $PRGNAM-userspace-$VERSION chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ @@ -76,9 +77,7 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \+ -# Init should check /etc/rc.d/rc.auditd.conf instead of /etc/sysconfig/auditd -patch -p1 < $CWD/audit-2.3.6-sysconfig.diff - +autoreconf -f --install CXXFLAGS="$SLKCFLAGS" \ CFLAGS="$SLKCFLAGS" \ ./configure \ @@ -104,18 +103,19 @@ gzip -9 $PKG/usr/man/man*/* # actually useful anyway. if [ -n "$LIBDIRSUFFIX" ]; then mv $PKG/usr/lib/golang $PKG/usr/lib$LIBDIRSUFFIX + rm -rf ${PKG}/usr/lib/{systemd,tmpfiles.d} rmdir $PKG/usr/lib fi mkdir -p $PKG/etc/rc.d -mv $PKG/etc/sysconfig/auditd $PKG/etc/rc.d/rc.auditd.conf.new -mv $PKG/etc/rc.d/init.d/auditd $PKG/etc/rc.d/rc.auditd.new +cp -v ${CWD}/auditd.sysconfig ${PKG}/etc/rc.d/rc.auditd.conf.new +cp -v ${CWD}/auditd.init ${PKG}/etc/rc.d/rc.auditd.new rm -rf $PKG/etc/rc.d/init.d $PKG/etc/sysconfig mkdir -p $PKG/var/log/audit $PKG/var/lock/subsys mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a AUTHORS COPYING ChangeLog INSTALL NEWS README contrib \ +cp -a AUTHORS COPYING COPYING.LIB ChangeLog INSTALL NEWS README.md SECURITY.md THANKS TODO contrib \ $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE diff --git a/system/audit/audit.info b/system/audit/audit.info index 665a78bfa8f..d9e22013076 100644 --- a/system/audit/audit.info +++ b/system/audit/audit.info @@ -1,8 +1,8 @@ PRGNAM="audit" -VERSION="3.0.7" +VERSION="4.1.4" HOMEPAGE="https://people.redhat.com/sgrubb/audit/" -DOWNLOAD="https://people.redhat.com/sgrubb/audit/audit-3.0.7.tar.gz" -MD5SUM="34fab69e80ea6668e9c72e73ec24fd88" +DOWNLOAD="https://github.com/linux-audit/audit-userspace/archive/v4.1.4/audit-4.1.4.tar.gz" +MD5SUM="6575a4383f54ce971352620e6b5f746a" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" diff --git a/system/audit/auditd.init b/system/audit/auditd.init new file mode 100644 index 00000000000..7d365dfcacb --- /dev/null +++ b/system/audit/auditd.init @@ -0,0 +1,187 @@ +#!/bin/sh +# +# auditd This starts and stops auditd +# +# chkconfig: 2345 11 88 +# description: This starts the Linux Auditing System Daemon, \ +# which collects security related events in a dedicated \ +# audit log. If this daemon is turned off, audit events \ +# will be sent to syslog. +# +# processname: /sbin/auditd +# config: /etc/rc.d/rc.auditd.conf +# config: /etc/audit/auditd.conf +# pidfile: /var/run/auditd.pid +# +# Return values according to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# + + +PATH=/sbin:/bin:/usr/bin:/usr/sbin +prog="auditd" + +# Source function library. +. /etc/init.d/functions + +# Allow anyone to run status +if [ "$1" = "status" ] ; then + status $prog + RETVAL=$? + exit $RETVAL +fi + +# Check that we are root ... so non-root users stop here +test $(id -u) = 0 || exit 4 + +# Check config +test -f /etc/rc.d/rc.auditd.conf && . /etc/rc.d/rc.auditd.conf + +RETVAL=0 + +start(){ + test -x /sbin/auditd || exit 5 + test -f /etc/audit/auditd.conf || exit 6 + + printf "Starting $prog: " + +# Localization for auditd is controlled in /etc/synconfig/auditd + if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + else + LANG="$AUDITD_LANG" + LC_TIME="$AUDITD_LANG" + LC_ALL="$AUDITD_LANG" + LC_MESSAGES="$AUDITD_LANG" + LC_NUMERIC="$AUDITD_LANG" + LC_MONETARY="$AUDITD_LANG" + LC_COLLATE="$AUDITD_LANG" + export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + fi + unset HOME MAIL USER USERNAME + daemon $prog "$EXTRAOPTIONS" + RETVAL=$? + echo + if test $RETVAL = 0 ; then + touch /var/lock/subsys/auditd + # Prepare the default rules + if test x"$USE_AUGENRULES" != "x" ; then + if test "`echo $USE_AUGENRULES | tr 'NO' 'no'`" != "no" + then + test -d /etc/audit/rules.d && /sbin/augenrules + fi + fi + # Load the default rules + test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + fi + return $RETVAL +} + +stop(){ + printf "Stopping $prog: " + killproc $prog + RETVAL=$? + echo + rm -f /var/lock/subsys/auditd + # Remove watches so shutdown works cleanly + if test x"$AUDITD_CLEAN_STOP" != "x" ; then + if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no" + then + /sbin/auditctl -R /etc/audit/audit-stop.rules >/dev/null + fi + fi + return $RETVAL +} + +reload(){ + test -f /etc/audit/auditd.conf || exit 6 + printf "Reloading configuration: " + killproc $prog -HUP + RETVAL=$? + echo + return $RETVAL +} + +rotate(){ + printf "Rotating logs: " + killproc $prog -USR1 + RETVAL=$? + echo + return $RETVAL +} + +resume(){ + printf "Resuming logging: " + killproc $prog -USR2 + RETVAL=$? + echo + return $RETVAL +} + +restart(){ + test -f /etc/audit/auditd.conf || exit 6 + stop + start +} + +state(){ + state_file="/var/run/auditd.state" + printf "Getting auditd internal state: " + killproc $prog -CONT + RETVAL=$? + printf "\n" + if [ $? -eq 0 ] ; then + if [ -e $state_file ] ; then + cat $state_file + fi + fi + echo + return $RETVAL +} + +condrestart(){ + [ -e /var/lock/subsys/auditd ] && restart + return 0 +} + + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload|force-reload) + reload + ;; + rotate) + rotate + ;; + resume) + resume + ;; + state) + state + ;; + condrestart|try-restart) + condrestart + ;; + *) + echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}" + RETVAL=3 +esac + +exit $RETVAL + diff --git a/system/audit/auditd.sysconfig b/system/audit/auditd.sysconfig new file mode 100644 index 00000000000..30de3190b77 --- /dev/null +++ b/system/audit/auditd.sysconfig @@ -0,0 +1,21 @@ +# Add extra options here +EXTRAOPTIONS="" +# +# This is the locale information that audit uses. Its defaulted to en_US. +# To remove all locale information from audit's environment, set +# AUDITD_LANG to the empty string or the string "none". +AUDITD_LANG="en_US" +# +# This option is used to determine if rules & watches should be deleted on +# shutdown by loading the audit-stop file. This is beneficial in most cases +# so that a watch doesn't linger on a drive that is being unmounted. If +# set to no, it will NOT be cleaned up. +AUDITD_CLEAN_STOP="yes" +# +# This option determines whether or not to call augenrules to compile the +# audit.rule file from /etc/audit/rules.d. The default is "no" so that nothing +# happens to existing rules. When setting this up, any existing rules need to +# be copied into /etc/audit/rules.d or it will be lost when audit.rule gets +# overwritten. +USE_AUGENRULES="no" +