system/audit: Updated for version 4.1.4.

system/audit/audit.SlackBuild

@@ -24,12 +24,13 @@
 
 # 20220211 bkw: Modified by SlackBuilds.org: update for v3.0.7 as
 # the previous version won't build on 15.0.
+# 20260401 pyllyukko: Updated for version v4.1.4
 
 cd $(dirname $0) ; CWD=$(pwd)
 
 PRGNAM=audit
-VERSION=${VERSION:-3.0.7}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-4.1.4}
+BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
 PKGTYPE=${PKGTYPE:-tgz}
 
@@ -57,7 +58,7 @@ elif [ "$ARCH" = "i686" ]; then
   SLKCFLAGS="-O2 -march=i686 -mtune=i686"
   LIBDIRSUFFIX=""
 elif [ "$ARCH" = "x86_64" ]; then
-  SLKCFLAGS="-O2 -fPIC"
+  SLKCFLAGS="-O2 -fPIC -fPIE -pie -Wl,-z,relro,-z,now -fstack-protector-all -fstack-clash-protection -fcf-protection=full -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS"
   LIBDIRSUFFIX="64"
 fi
 
@@ -68,17 +69,15 @@ mkdir -p $TMP $PKG $OUTPUT
 cd $TMP
 rm -rf $PRGNAM-$VERSION
 tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
-cd $PRGNAM-$VERSION
+cd $PRGNAM-userspace-$VERSION
 chown -R root:root .
 find -L . \
  \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
   -o -perm 511 \) -exec chmod 755 {} \+ -o \
  \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \+
 
-# Init should check /etc/rc.d/rc.auditd.conf instead of /etc/sysconfig/auditd
-patch -p1 < $CWD/audit-2.3.6-sysconfig.diff
-
+autoreconf -f --install
 CXXFLAGS="$SLKCFLAGS" \
 CFLAGS="$SLKCFLAGS" \
 ./configure \
@@ -104,18 +103,19 @@ gzip -9 $PKG/usr/man/man*/*
 # actually useful anyway.
 if [ -n "$LIBDIRSUFFIX" ]; then
   mv $PKG/usr/lib/golang $PKG/usr/lib$LIBDIRSUFFIX
+  rm -rf ${PKG}/usr/lib/{systemd,tmpfiles.d}
   rmdir $PKG/usr/lib
 fi
 
 mkdir -p $PKG/etc/rc.d
-mv $PKG/etc/sysconfig/auditd $PKG/etc/rc.d/rc.auditd.conf.new
-mv $PKG/etc/rc.d/init.d/auditd $PKG/etc/rc.d/rc.auditd.new
+cp -v ${CWD}/auditd.sysconfig ${PKG}/etc/rc.d/rc.auditd.conf.new
+cp -v ${CWD}/auditd.init ${PKG}/etc/rc.d/rc.auditd.new
 rm -rf $PKG/etc/rc.d/init.d $PKG/etc/sysconfig
 
 mkdir -p $PKG/var/log/audit $PKG/var/lock/subsys
 
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a AUTHORS COPYING ChangeLog INSTALL NEWS README contrib \
+cp -a AUTHORS COPYING COPYING.LIB ChangeLog INSTALL NEWS README.md SECURITY.md THANKS TODO contrib \
   $PKG/usr/doc/$PRGNAM-$VERSION
 cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
 cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE

system/audit/audit.info

@@ -1,8 +1,8 @@
 PRGNAM="audit"
-VERSION="3.0.7"
+VERSION="4.1.4"
 HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
-DOWNLOAD="https://people.redhat.com/sgrubb/audit/audit-3.0.7.tar.gz"
-MD5SUM="34fab69e80ea6668e9c72e73ec24fd88"
+DOWNLOAD="https://github.com/linux-audit/audit-userspace/archive/v4.1.4/audit-4.1.4.tar.gz"
+MD5SUM="6575a4383f54ce971352620e6b5f746a"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES=""

system/audit/auditd.init

@@ -0,0 +1,187 @@
+#!/bin/sh
+#
+# auditd        This starts and stops auditd
+#
+# chkconfig: 2345 11 88
+# description: This starts the Linux Auditing System Daemon, \
+#              which collects security related events in a dedicated \
+#              audit log. If this daemon is turned off, audit events \
+#              will be sent to syslog.
+#
+# processname: /sbin/auditd
+# config: /etc/rc.d/rc.auditd.conf
+# config: /etc/audit/auditd.conf
+# pidfile: /var/run/auditd.pid
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+#
+
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+prog="auditd"
+
+# Source function library.
+. /etc/init.d/functions
+
+# Allow anyone to run status
+if [ "$1" = "status" ] ; then
+	status $prog
+	RETVAL=$?
+	exit $RETVAL
+fi
+
+# Check that we are root ... so non-root users stop here
+test $(id -u) = 0  ||  exit 4
+
+# Check config
+test -f /etc/rc.d/rc.auditd.conf && . /etc/rc.d/rc.auditd.conf
+
+RETVAL=0
+
+start(){
+	test -x /sbin/auditd  || exit 5
+	test -f /etc/audit/auditd.conf  || exit 6
+
+	printf "Starting $prog: "
+
+# Localization for auditd is controlled in /etc/synconfig/auditd
+	if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+		unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+	else
+		LANG="$AUDITD_LANG"
+		LC_TIME="$AUDITD_LANG"
+		LC_ALL="$AUDITD_LANG"
+		LC_MESSAGES="$AUDITD_LANG"
+		LC_NUMERIC="$AUDITD_LANG"
+		LC_MONETARY="$AUDITD_LANG"
+		LC_COLLATE="$AUDITD_LANG"
+		export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+	fi
+	unset HOME MAIL USER USERNAME
+	daemon $prog "$EXTRAOPTIONS"
+	RETVAL=$?
+	echo
+	if test $RETVAL = 0 ; then
+		touch /var/lock/subsys/auditd
+		# Prepare the default rules
+		if test x"$USE_AUGENRULES" != "x" ; then
+			if test "`echo $USE_AUGENRULES | tr 'NO' 'no'`" != "no"
+			then
+				test -d /etc/audit/rules.d && /sbin/augenrules
+			fi
+		fi
+		# Load the default rules
+		test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
+	fi
+	return $RETVAL
+}
+
+stop(){
+	printf "Stopping $prog: "
+	killproc $prog
+	RETVAL=$?
+	echo
+	rm -f /var/lock/subsys/auditd
+	# Remove watches so shutdown works cleanly
+	if test x"$AUDITD_CLEAN_STOP" != "x" ; then
+		if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no"
+		then
+			/sbin/auditctl -R /etc/audit/audit-stop.rules >/dev/null
+		fi
+	fi
+	return $RETVAL
+}
+
+reload(){
+	test -f /etc/audit/auditd.conf  || exit 6
+	printf "Reloading configuration: "	
+	killproc $prog -HUP
+	RETVAL=$?
+	echo
+	return $RETVAL
+}
+
+rotate(){
+	printf "Rotating logs: "	
+	killproc $prog -USR1
+	RETVAL=$?
+	echo
+	return $RETVAL
+}
+
+resume(){
+	printf "Resuming logging: "	
+	killproc $prog -USR2
+	RETVAL=$?
+	echo
+	return $RETVAL
+}
+
+restart(){
+	test -f /etc/audit/auditd.conf  || exit 6
+	stop
+	start
+}
+
+state(){
+	state_file="/var/run/auditd.state"
+	printf "Getting auditd internal state: "	
+	killproc $prog -CONT
+	RETVAL=$?
+	printf "\n"
+	if [ $? -eq 0 ] ; then
+		if [ -e $state_file ] ; then
+			cat $state_file
+		fi
+	fi
+	echo
+	return $RETVAL
+}
+
+condrestart(){
+	[ -e /var/lock/subsys/auditd ] && restart
+	return 0
+}
+
+
+# See how we were called.
+case "$1" in
+    start)
+	start
+	;;
+    stop)
+	stop
+	;;
+    restart)
+	restart
+	;;
+    reload|force-reload)
+	reload
+	;;
+    rotate)
+	rotate
+	;;
+    resume)
+	resume
+	;;
+    state)
+	state
+	;;
+    condrestart|try-restart)
+	condrestart
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}"
+	RETVAL=3
+esac
+
+exit $RETVAL
+

system/audit/auditd.sysconfig

@@ -0,0 +1,21 @@
+# Add extra options here
+EXTRAOPTIONS=""
+#
+# This is the locale information that audit uses. Its defaulted to en_US.
+# To remove all locale information from audit's environment, set
+# AUDITD_LANG to the empty string or the string "none".
+AUDITD_LANG="en_US"
+#
+# This option is used to determine if rules & watches should be deleted on
+# shutdown by loading the audit-stop file. This is beneficial in most cases
+# so that a watch doesn't linger on a drive that is being unmounted. If
+# set to no, it will NOT be cleaned up.
+AUDITD_CLEAN_STOP="yes"
+#
+# This option determines whether or not to call augenrules to compile the
+# audit.rule file from /etc/audit/rules.d. The default is "no" so that nothing
+# happens to existing rules. When setting this up, any existing rules need to
+# be copied into /etc/audit/rules.d or it will be lost when audit.rule gets
+# overwritten.
+USE_AUGENRULES="no"
+