--- audit-1.7.4.orig/debian/auditd.logrotate +++ audit-1.7.4/debian/auditd.logrotate @@ -0,0 +1,10 @@ +/var/log/audit/audit.log { + rotate 4 + missingok + notifempty + weekly + compress + postrotate + /etc/init.d/auditd rotate >/dev/null + endscript +} --- audit-1.7.4.orig/debian/README.source +++ audit-1.7.4/debian/README.source @@ -0,0 +1,57 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To configure quilt to use debian/patches instead of patches, you want +either to export QUILT_PATCHES=debian/patches in your environment +or use this snippet in your ~/.quiltrc: + + for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do + if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then + export QUILT_PATCHES=debian/patches + fi + done + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. --- audit-1.7.4.orig/debian/audispd-plugins.install +++ audit-1.7.4/debian/audispd-plugins.install @@ -0,0 +1,15 @@ +etc/audisp/audisp-prelude.conf +etc/audisp/audisp-remote.conf +etc/audisp/plugins.d/audispd-zos-remote.conf +etc/audisp/plugins.d/au-prelude.conf +etc/audisp/plugins.d/au-remote.conf +etc/audisp/zos-remote.conf +sbin/audispd-zos-remote +sbin/audisp-prelude +sbin/audisp-remote +usr/share/man/man5/audisp-prelude.conf.5 +usr/share/man/man5/audisp-remote.conf.5 +usr/share/man/man5/zos-remote.conf.5 +usr/share/man/man8/audispd-zos-remote.8 +usr/share/man/man8/audisp-prelude.8 +usr/share/man/man8/audisp-remote.8 --- audit-1.7.4.orig/debian/auditd.default +++ audit-1.7.4/debian/auditd.default @@ -0,0 +1,12 @@ +# Add extra options here +EXTRAOPTIONS="" +# +# This is the locale information that audit uses. Its defaulted to en_US. +# To remove all locale information from audit's environment, set +# AUDITD_LANG to the empty string or the string "none". +AUDITD_LANG="en_US" +# +# This option is used to determine if rules & watches should be deleted on +# shutdown. This is beneficial in most cases so that a watch doesn't linger +# on a drive that is being unmounted. If set to no, it will NOT be cleaned up. +AUDITD_CLEAN_STOP="yes" --- audit-1.7.4.orig/debian/auditd.postrm +++ audit-1.7.4/debian/auditd.postrm @@ -0,0 +1,37 @@ +#!/bin/sh +# postrm script for auditd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +case "$1" in + purge) + rm -rf /var/log/audit + rm -f /var/run/audit_events + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac --- audit-1.7.4.orig/debian/copyright +++ audit-1.7.4/debian/copyright @@ -0,0 +1,23 @@ +This package was debianized by Philipp Matthias Hahn on +Wed, 21 Mar 2007 09:47:19 +0100. + +It was downloaded from http://people.redhat.com/sgrubb/audit/ + +Upstream Author: Rik Faith + Steve Grubb + +Copyright: 2005-2007 Steve Grubb + +License: + +The audit daemon is released as GPL'd code. The audit daemon's library +libaudit.* is released under LGPL so that it may be linked with 3rd +party software. + +The Debian packaging is (C) 2007, Philipp Matthias Hahn and +is licensed under the GPL. + +On Debian systems, refer to /usr/share/common-licenses/LGPL-2.1 +for the complete text of the GNU Lesser General Public License. +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL file. --- audit-1.7.4.orig/debian/auditd.init +++ audit-1.7.4/debian/auditd.init @@ -0,0 +1,155 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: auditd +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Audit Daemon +# Description: Collects audit information from Linux 2.6 Kernels. +### END INIT INFO + +# Author: Philipp Matthias Hahn +# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/bin +DESC="audit daemon" +NAME=auditd +DAEMON=/sbin/auditd +PIDFILE=/var/run/"$NAME".pid +SCRIPTNAME=/etc/init.d/"$NAME" + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME" + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + case "$AUDITD_LANG" in + ""|none|NONE) ;; + *) export LC_ALL="$AUDITD_LANG" ;; + esac + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \ + $EXTRAOPTIONS \ + || return 2 + if [ -f /etc/audit/audit.rules ] + then + /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + fi +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$PIDFILE" --name "$NAME" + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$DAEMON" + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f "$PIDFILE" + rm -f /var/run/audit_events + # Remove watches so shutdown works cleanly + case "$AUDITD_CLEAN_STOP" in + no|NO) ;; + *) /sbin/auditctl -D >/dev/null ;; + esac + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + rotate) + log_daemon_msg "Rotating $DESC logs" "$NAME" + start-stop-daemon --stop --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME" + log_end_msg $? + ;; + status) + pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null + status=$? + if [ $status -eq 0 ]; then + log_success_msg "$NAME is running." + else + log_failure_msg "$NAME is not running." + fi + exit $status + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2 + exit 3 + ;; +esac + +: --- audit-1.7.4.orig/debian/changelog +++ audit-1.7.4/debian/changelog @@ -0,0 +1,63 @@ +audit (1.7.4-1) unstable; urgency=low + + * New upstream release (Closes: #452414) + * Drop debian/audispd.8 in favour of updtream version. + * debian/control: + - Build-Deps: +libldap2-dev + - Bump Standards-Version: 3.8.0 + - New audispd-plugins package. + - system-config-audit package is currently disabled: rpath problem. + * debian/rules + - Include /usr/share/quilt/quilt.mak + - Start auditd already in rcS. + * Add debian/README.source as required by 3.8.0 + * debian/auditd.postinst adopted from the Ubuntu branch. + + -- Philipp Matthias Hahn Wed, 25 Jun 2008 09:56:59 +0200 + +audit (1.7.2-0.1) unstable; urgency=low + + * Not released non-maintainer upload. + * New upstream release. + * Drop patches not needed now. + * Add cvs and intltool to build dependencies. + * Enable Prelude support. + + -- Pierre Chifflier Mon, 28 Apr 2008 10:47:22 +0200 + +audit (1.5.3-2.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Added CVE-2008-1628.patch to fix a stack-based buffer overflow + in the audit_log_user_command function which can be triggered via + a command argument that is passed to that function and might lead + to execution of arbitrary code (Closes: #475227). + + -- Nico Golde Thu, 10 Apr 2008 15:06:25 +0200 + +audit (1.5.3-2) unstable; urgency=low + + * debian/auditd.init: Fix inverted AUDITD_CLEAN_STOP (Closes: #428066) + + -- Philipp Matthias Hahn Tue, 12 Jun 2007 22:33:56 +0200 + +audit (1.5.3-1) unstable; urgency=low + + * New upstream version + - Includes all debian/patches. + * Drop Build-Depends: linux-headers-2.6 + + -- Philipp Matthias Hahn Wed, 02 May 2007 09:10:06 +0200 + +audit (1.5.1-2) unstable; urgency=low + + * Apply patch from upstream to fix SEGFAULT on reload. + + -- Philipp Matthias Hahn Fri, 23 Mar 2007 22:16:24 +0100 + +audit (1.5.1-1) unstable; urgency=low + + * Initial release (Closes: #311214) + + -- Philipp Matthias Hahn Wed, 21 Mar 2007 09:47:19 +0100 + --- audit-1.7.4.orig/debian/compat +++ audit-1.7.4/debian/compat @@ -0,0 +1 @@ +5 --- audit-1.7.4.orig/debian/system-config-audit.install +++ audit-1.7.4/debian/system-config-audit.install @@ -0,0 +1,5 @@ +usr/share/locale/cs/LC_MESSAGES/system-config-audit.mo +usr/share/system-config-audit +usr/share/applications/system-config-audit.desktop +usr/bin/system-config-audit +lib/system-config-audit-server --- audit-1.7.4.orig/debian/python-audit.install +++ audit-1.7.4/debian/python-audit.install @@ -0,0 +1,3 @@ +usr/lib/python*/site-packages/*.py +usr/lib/python*/site-packages/*.so +usr/lib/python*/site-packages/*.egg-info --- audit-1.7.4.orig/debian/watch +++ audit-1.7.4/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://people.redhat.com/sgrubb/audit/ audit-(.*)\.tar\.gz --- audit-1.7.4.orig/debian/auditd.dirs +++ audit-1.7.4/debian/auditd.dirs @@ -0,0 +1 @@ +var/log/audit --- audit-1.7.4.orig/debian/pycompat +++ audit-1.7.4/debian/pycompat @@ -0,0 +1 @@ +2 --- audit-1.7.4.orig/debian/system-config-audit.8 +++ audit-1.7.4/debian/system-config-audit.8 @@ -0,0 +1,18 @@ +.TH "AUDISPD" "8" "Jun 2008" "Debian" "System Administration Utilities" +.SH NAME +system\-config\-audit \- Graphical utility for editing audit configuration + +.SH SYNOPSIS +.B system\-config\-audit + +.SH DESCRIPTION +\fBsystem\-config\-audit\fP is a graphical userspace utility for the Linux Auditing System. It can be used to edit the configuration files. + +.SH "SEE ALSO" +.BR auditd (8). + +.SH AUTHOR +system\-config\-audit was written by Miloslav Trmac . +.PP +This manual page was written by Philipp Hahn , +for the Debian project (but may be used by others). --- audit-1.7.4.orig/debian/docs +++ audit-1.7.4/debian/docs @@ -0,0 +1,2 @@ +README +TODO --- audit-1.7.4.orig/debian/libaudit-dev.links +++ audit-1.7.4/debian/libaudit-dev.links @@ -0,0 +1,2 @@ +lib/libaudit.so.0 usr/lib/libaudit.so +lib/libauparse.so.0 usr/lib/libauparse.so --- audit-1.7.4.orig/debian/libaudit0.install +++ audit-1.7.4/debian/libaudit0.install @@ -0,0 +1,3 @@ +usr/lib/libaudit.so.* lib +usr/lib/libauparse.so.* lib +etc/libaudit.conf --- audit-1.7.4.orig/debian/rules +++ audit-1.7.4/debian/rules @@ -0,0 +1,127 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE=1 + +export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + confflags += --build $(DEB_HOST_GNU_TYPE) +else + confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) +endif + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +include /usr/share/quilt/quilt.make + +configure: configure-stamp +configure-stamp: $(QUILT_STAMPFN) + dh_testdir + -test -r /usr/share/misc/config.sub && \ + cp -f /usr/share/misc/config.sub config.sub && \ + cp -f /usr/share/misc/config.sub system-config-audit/admin/config.sub + -test -r /usr/share/misc/config.guess && \ + cp -f /usr/share/misc/config.guess config.guess && \ + cp -f /usr/share/misc/config.guess system-config-audit/admin/config.guess + autoreconf -fv --install + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/sbin \ + --libdir='$${exec_prefix}'/lib \ + --libexecdir=/lib \ + --mandir=/usr/share/man \ + --enable-shared=audit \ + --with-apparmor \ + --with-prelude \ + $(confflags) + touch $@ + +build: build-stamp +build-stamp: configure-stamp + dh_testdir + $(MAKE) + touch $@ + +clean: unpatch + dh_testdir + dh_testroot + $(RM) build-stamp configure-stamp + [ ! -f Makefile ] || $(MAKE) maintainer-clean + dh_clean + # Clean modified/regeneratable files + $(RM) configure depcomp install-sh ltmain.sh missing INSTALL config.log + $(RM) config.sub config.guess + $(RM) system-config-audit/po/stamp-it + $(RM) system-config-audit/po/Makefile.in.in + $(RM) system-config-audit/INSTALL + $(RM) system-config-audit/aclocal.m4 + $(RM) system-config-audit/admin/config.guess + $(RM) system-config-audit/admin/config.sub + $(RM) system-config-audit/admin/depcomp + $(RM) system-config-audit/admin/install-sh + $(RM) system-config-audit/admin/ltmain.sh + $(RM) system-config-audit/admin/mkinstalldirs + $(RM) system-config-audit/configure + $(RM) system-config-audit/po/.intltool-merge-cache + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + + # Remove some RedHat specific files + $(RM) debian/tmp/etc/rc.d/init.d/auditd + $(RM) debian/tmp/etc/sysconfig/auditd + + # Move the library to /lib + $(RM) debian/tmp/usr/lib/libaudit.so + $(RM) debian/tmp/usr/lib/libauparse.so + + # The Debian way + $(RM) debian/tmp/usr/lib/python*/site-packages/_au*.*a + $(RM) debian/tmp/usr/lib/python*/site-packages/au*.py[co] + $(RM) debian/tmp/usr/share/system-config-audit/*.py[co] + +my-check: + find debian/*aud*/ -mindepth 0 -name DEBIAN -prune -o -not -type d -print|sed -e 's,debian/[^/]*/,,' -e 's/\.gz$$//' + +# Build architecture-independent files here. +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples + dh_install --sourcedir=debian/tmp --list-missing + #dh_installlogrotate #auditd has a equivalent built-in feature + dh_installinit -- start 37 S . start 39 0 6 . + #dh_installman -psystem-config-audit debian/system-config-audit.8 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_pysupport + #dh_python + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- audit-1.7.4.orig/debian/auditd.postinst +++ audit-1.7.4/debian/auditd.postinst @@ -0,0 +1,42 @@ +#!/bin/sh +# postinst script for auditd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + # Remove old rc links. + if dpkg --compare-versions "$2" lt "1.6.5-0ubuntu2"; then + update-rc.d -f auditd remove > /dev/null + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- audit-1.7.4.orig/debian/substvars +++ audit-1.7.4/debian/substvars @@ -0,0 +1 @@ +shlibs:Depends=libaudit0, libc6 (>= 2.7-1) --- audit-1.7.4.orig/debian/libaudit-dev.install +++ audit-1.7.4/debian/libaudit-dev.install @@ -0,0 +1,6 @@ +usr/lib/libaudit.la +usr/lib/libaudit.a +usr/lib/libauparse.la +usr/lib/libauparse.a +usr/include +usr/share/man/man3 --- audit-1.7.4.orig/debian/auditd.examples +++ audit-1.7.4/debian/auditd.examples @@ -0,0 +1,5 @@ +contrib/capp.rules +contrib/lspp.rules +contrib/nispom.rules +contrib/stig.rules +init.d/auditd.cron --- audit-1.7.4.orig/debian/auditd.install +++ audit-1.7.4/debian/auditd.install @@ -0,0 +1,23 @@ +etc/audisp/audispd.conf +etc/audisp/plugins.d/af_unix.conf +etc/audisp/plugins.d/syslog.conf +etc/audit +sbin/audispd +sbin/auditctl +sbin/auditd +sbin/aureport +sbin/ausearch +sbin/autrace +usr/bin/aulastlog +usr/bin/ausyscall +usr/share/man/man5/audispd.conf.5 +usr/share/man/man5/auditd.conf.5 +usr/share/man/man5/ausearch-expression.5 +usr/share/man/man8/audispd.8 +usr/share/man/man8/auditctl.8 +usr/share/man/man8/auditd.8 +usr/share/man/man8/aulastlog.8 +usr/share/man/man8/aureport.8 +usr/share/man/man8/ausearch.8 +usr/share/man/man8/ausyscall.8 +usr/share/man/man8/autrace.8 --- audit-1.7.4.orig/debian/libaudit-dev.examples +++ audit-1.7.4/debian/libaudit-dev.examples @@ -0,0 +1,2 @@ +contrib/skeleton.c +contrib/plugin --- audit-1.7.4.orig/debian/control +++ audit-1.7.4/debian/control @@ -0,0 +1,68 @@ +Source: audit +Priority: extra +Maintainer: Philipp Matthias Hahn +Build-Depends: debhelper (>= 5.0.37.2), + python-all-dev (>= 2.3.5-11), python-support (>= 0.5.3), swig, + automake1.9, autoconf (>= 2.59), libtool, autotools-dev, quilt, + intltool, cvs, libprelude-dev, libldap2-dev +Build-Conflicts: autoconf2.13, automake1.4 +XS-Python-Version: all +Standards-Version: 3.8.0 +Section: libs +Homepage: http://people.redhat.com/sgrubb/audit/ + +Package: auditd +Section: admin +Architecture: any +Depends: ${shlibs:Depends}, lsb-base (>= 3.0-6) +Description: User space tools for security auditing + The audit package contains the user space utilities for + storing and searching the audit records generate by + the audit subsystem in the Linux 2.6 kernel. + . + Also contains the audit dispatcher "audisp". + +Package: libaudit0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends} +Description: Dynamic library for security auditing + The audit-libs package contains the dynamic libraries needed for + applications to use the audit framework. + +Package: libaudit-dev +Section: libdevel +Architecture: any +Depends: libaudit0 (= ${binary:Version}) +Description: Header files and static library for security auditing + The audit-libs-devel package contains the static libraries and header + files needed for developing applications that need to use the audit + framework libraries. + +Package: python-audit +Section: python +Architecture: any +Depends: ${shlibs:Depends}, ${python:Depends} +Provides: ${python:Provides} +XB-Python-Version: ${python:Versions} +Description: Python bindings for security auditing + The audit-libs-python package contains the bindings so that libaudit + and libauparse can be used by Python. + +Package: audispd-plugins +Section: admin +Architecture: any +Depends: auditd, ${shlibs:Depends} +Description: Plugins for the audit event dispatcher + The audispd-plugins package provides plugins for the real-time + interface to the audit system, audispd. These plugins can do things + like relay events to remote machines or analyze events for suspicious + behavior. + +#Package: system-config-audit +#Section: admin +#Architecture: any +#Depends: python-audit, ${shlibs:Depends} +#Description: Graphical utility for editing audit configuration +# The system-config-audit package provides a graphical users interface for +# configuring the Linux audit subsystem. --- audit-1.7.4.orig/debian/python-audit.examples +++ audit-1.7.4/debian/python-audit.examples @@ -0,0 +1 @@ +contrib/avc_snap --- audit-1.7.4.orig/debian/patches/rpath.diff +++ audit-1.7.4/debian/patches/rpath.diff @@ -0,0 +1,10 @@ +--- a/system-config-audit/Makefile.am ++++ b/system-config-audit/Makefile.am +@@ -101,6 +101,5 @@ src/system-config-audit: src/system-conf + + @INTLTOOL_DESKTOP_RULE@ + +-clean-generic: ++clean-local: + rm -rf autom4te*.cache +- --- audit-1.7.4.orig/debian/patches/audispd-zos-remote.diff +++ audit-1.7.4/debian/patches/audispd-zos-remote.diff @@ -0,0 +1,95 @@ +--- a/docs/audispd-zos-remote.8 ++++ b/docs/audispd-zos-remote.8 +@@ -26,26 +26,26 @@ audispd-zos-remote \- z/OS Remote-servic + .I config-file + .B ] + .SH DESCRIPTION +-.BR audispd-zos-remote ++.B audispd-zos-remote + is a remote-auditing plugin for the Audit subsystem. It should be started by the +-.BR audispd(8) ++.BR audispd (8) + daemon and will forward all incoming audit events, as they happen, to a configured z/OS SMF (Service Management Facility) database, through an IBM Tivoli Directory Server (ITDS) set for Remote Audit service. + See + .B SMF MAPPING + section below for more information about the resulting SMF record format. + +-.BR audispd(8) ++.BR audispd (8) + must be configured to start the plugin. This is done by a configuration file usually located at + .IR /etc/audisp/plugins.d/audispd-zos-remote.conf , + but multiple instances can be spawned by having multiple configuration files in + .I /etc/audisp/plugins.d + for the same plugin executable (see +-.BR audispd(8) ). ++.BR audispd (8)). + + Each instance needs a configuration file, located by default at + .IR /etc/audisp/zos-remote.conf . + Check +-.BR zos-remote.conf(5) ++.BR zos-remote.conf (5) + for details about the plugin configuration. + + .SH OPTIONS +@@ -54,9 +54,9 @@ Use an alternate configuration file inst + .IR /etc/audisp/zos-remote.conf . + + .SH SIGNALS +-.BR audispd-zos-remote ++.B audispd-zos-remote + reacts to SIGTERM and SIGHUP signals (according to the +-.BR audispd(8) ++.BR audispd (8) + specification): + .TP + .B SIGHUP +@@ -72,8 +72,10 @@ will wait up to 10 seconds if there are + .SH IBM z/OS ITDS Server and RACF configuration + In order to use this plugin, you must have an IBM z/OS v1R8 (or higher) server with IBM Tivoli Directory Server (ITDS) configured for Remote Audit service. For more detailed information about how to configure the z/OS server for Remote Auditing, refer to + .B z/OS V1R8.0-9.0 Intergrated Security Services Enterprise Identity Mapping (EIM) Guide and Reference ++.nf + .RI ( http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/FRAMESET/EIMA1140/CCONTENTS?DT=20070827115119 ), + chapter "2.0 - Working with remote services". ++.fi + + .SS Enable ITDS to process Remote Audit requests + To enable ITSD to process Remote Audit requests, the user ID associated with ITDS must be granted READ access to the IRR.AUDITX FACILITY Class profile (the profile used to protect the R_Auditx service). This user ID can usually be found in the STARTED Class profile for the ITDS started procedure. If the identity associated with ITDS is +@@ -87,8 +89,8 @@ permit IRR.RAUDITX class(FACILITY) id(IT + .fi + + .SS Create/enable RACF user ID to perform Remote Audit requests +-A z/OS RACF user ID is needed by the plugin - Every Audit request performed by the plugin will use a RACF user ID, as configured in the plugin configuration ( +-.BR zos-remote.conf(5) ). ++A z/OS RACF user ID is needed by the plugin - Every Audit request performed by the plugin will use a RACF user ID, as configured in the plugin configuration ++.BR zos-remote.conf (5). + This user ID needs READ access to FACILITY Class resource IRR.LDAP.REMOTE.AUDIT. If the user ID is + .IR BINDUSER , + the administrator can configure RACF to enable this user to perform Remote Auditing requests with the following TSO commands: +@@ -110,7 +112,7 @@ and the audit record type (eg.: + .BR AVC , + .BR PATH ...) + as the +-.R CDT Resource Class ++.I CDT Resource Class + for all events processed. + To make sure events are logged, the RACF server must be configured with a Dynamic CDT Class named + .B @LINUX +@@ -202,7 +204,7 @@ instead of numeric userid + whenever possible. Currently, this plugin will also add a relocate type 113 + .RB ( "Date And Time Security Event Occurred" ) + with the Event Timestamp in the format as returned by +-.BR ctime(3) . ++.BR ctime (3). + + .SH ERRORS + Errors and warnings are reported to syslog (under DAEMON facility). In situations where the event was submitted but the z/OS server returned an error condition, the logged message brings a name followed by a human-readable description. Below are some common errors conditions: +@@ -222,7 +224,7 @@ The user ID associated with the ITDS doe + .TP + .B UNSUF_AUTH - The user has unsuficient authority for the requested function + The RACF user ID used to perform Remote Audit requests (as configured in +-.BR zos-remote.conf(5) ) ++.BR zos-remote.conf (5)) + don't have access to the IRR.LDAP.REMOTE.AUDIT FACILITY Class profile. See + .B IBM z/OS RACF Server configuration + --- audit-1.7.4.orig/debian/patches/system-config-audit.diff +++ audit-1.7.4/debian/patches/system-config-audit.diff @@ -0,0 +1,1127 @@ +--- audit-1.7.4.orig/system-config-audit/system-config-audit.desktop ++++ audit-1.7.4/system-config-audit/system-config-audit.desktop +@@ -0,0 +1,10 @@ ++[Desktop Entry] ++Encoding=UTF-8 ++Name=Audit Configuration ++Name[cs]=Nastavení auditu ++Comment=Modify audit configuration ++Exec=system-config-audit ++Terminal=false ++Type=Application ++Icon=logviewer ++Categories=Settings;System; +--- audit-1.7.4.orig/system-config-audit/po/system-config-audit.pot ++++ audit-1.7.4/system-config-audit/po/system-config-audit.pot +@@ -0,0 +1,1073 @@ ++# SOME DESCRIPTIVE TITLE. ++# Copyright (C) YEAR Red Hat, Inc. ++# This file is distributed under the same license as the PACKAGE package. ++# FIRST AUTHOR , YEAR. ++# ++#, fuzzy ++msgid "" ++msgstr "" ++"Project-Id-Version: PACKAGE VERSION\n" ++"Report-Msgid-Bugs-To: \n" ++"POT-Creation-Date: 2008-04-28 10:49+0200\n" ++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" ++"Last-Translator: FULL NAME \n" ++"Language-Team: LANGUAGE \n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=CHARSET\n" ++"Content-Transfer-Encoding: 8bit\n" ++ ++#: src/audit_rules.py:77 ++#, python-format ++msgid "Unknown user \"%s\"" ++msgstr "" ++ ++#: src/audit_rules.py:105 ++#, python-format ++msgid "Unknown group \"%s\"" ++msgstr "" ++ ++#: src/audit_rules.py:150 ++#, python-format ++msgid "Key value \"%s\" too long" ++msgstr "" ++ ++#: src/audit_rules.py:157 ++msgid "Architecture can not be changed after system calls are selected" ++msgstr "" ++ ++#: src/audit_rules.py:160 src/audit_rules.py:242 ++#, python-format ++msgid "The only valid operators for \"%s\" are \"=\" and \"!=\"" ++msgstr "" ++ ++#: src/audit_rules.py:182 ++#, python-format ++msgid "The only valid operator for \"%s\" is \"=\"" ++msgstr "" ++ ++#: src/audit_rules.py:195 ++#, python-format ++msgid "Unknown permission \"%(char)c\" in \"%(perms)s\"" ++msgstr "" ++ ++#: src/audit_rules.py:223 ++#, python-format ++msgid "Invalid integer value \"%s\"" ++msgstr "" ++ ++#: src/audit_rules.py:313 ++#, python-format ++msgid "Unknown field \"%s\"" ++msgstr "" ++ ++#: src/audit_rules.py:317 ++#, python-format ++msgid "Unknown operator \"%s\"" ++msgstr "" ++ ++#: src/audit_rules.py:336 ++#, python-format ++msgid "Operator missing in \"%s\"" ++msgstr "" ++ ++#: src/client.py:124 ++msgid "Not enough data available" ++msgstr "" ++ ++#: src/event_type_dialog.py:110 ++msgid "No operator was selected" ++msgstr "" ++ ++#: src/field_help.py:28 ++msgid "" ++"The CPU architecture of the syscall. The arch can be found using `uname -m'." ++msgstr "" ++ ++#: src/field_help.py:30 ++msgid "" ++"The first argument to a syscall. Note that string arguments are not " ++"supported. This is most likely to be used on platforms that multiplex " ++"socket or IPC operations." ++msgstr "" ++ ++#: src/field_help.py:34 ++msgid "" ++"The second argument to a syscall. Note that string arguments are not " ++"supported. This is most likely to be used on platforms that multiplex " ++"socket or IPC operations." ++msgstr "" ++ ++#: src/field_help.py:38 ++msgid "" ++"The third argument to a syscall. Note that string arguments are not " ++"supported. This is most likely to be used on platforms that multiplex " ++"socket or IPC operations." ++msgstr "" ++ ++#: src/field_help.py:42 ++msgid "" ++"The fourth argument to a syscall. Note that string arguments are not " ++"supported. This is most likely to be used on platforms that multiplex " ++"socket or IPC operations." ++msgstr "" ++ ++#: src/field_help.py:46 ++msgid "Device major number" ++msgstr "" ++ ++#: src/field_help.py:47 ++msgid "Device minor number" ++msgstr "" ++ ++#: src/field_help.py:48 ++msgid "Effective group ID" ++msgstr "" ++ ++#: src/field_help.py:49 ++msgid "Effective user ID" ++msgstr "" ++ ++#: src/field_help.py:50 ++msgid "Exit value from a syscall" ++msgstr "" ++ ++#: src/field_help.py:52 ++msgid "File system group ID" ++msgstr "" ++ ++#: src/field_help.py:53 ++msgid "File system user ID" ++msgstr "" ++ ++#: src/field_help.py:54 ++msgid "Group ID" ++msgstr "" ++ ++#: src/field_help.py:55 ++msgid "Inode number" ++msgstr "" ++ ++#: src/field_help.py:56 ++msgid "ID of the user in whose login session the process is running" ++msgstr "" ++ ++#: src/field_help.py:59 ++msgid "Resource's SELinux high level" ++msgstr "" ++ ++#: src/field_help.py:60 ++msgid "Resource's SELinux low level" ++msgstr "" ++ ++#: src/field_help.py:61 ++msgid "Resource's SELinux role" ++msgstr "" ++ ++#: src/field_help.py:62 ++msgid "Resource's SELinux type" ++msgstr "" ++ ++#: src/field_help.py:63 ++msgid "Resource's SELinux user" ++msgstr "" ++ ++#: src/field_help.py:64 ++msgid "" ++"Permission filter for file operations. r=read, w=write, x=execute, " ++"a=attribute change. These permissions are not the standard file " ++"permissions, they specify a kind of syscall. The read and write syscalls are " ++"omitted because they would overwhelm the logs. Instead, the open flags are " ++"looked at to see what permission was requested." ++msgstr "" ++ ++#: src/field_help.py:71 ++msgid "OS personality number" ++msgstr "" ++ ++#: src/field_help.py:72 ++msgid "Process ID" ++msgstr "" ++ ++#: src/field_help.py:73 ++msgid "Parent's process ID" ++msgstr "" ++ ++#: src/field_help.py:74 ++msgid "Set group ID" ++msgstr "" ++ ++#: src/field_help.py:75 ++msgid "Program's SELinux clearance" ++msgstr "" ++ ++#: src/field_help.py:76 ++msgid "Program's SELinux role" ++msgstr "" ++ ++#: src/field_help.py:77 ++msgid "Program's SELinux sensitivity" ++msgstr "" ++ ++#: src/field_help.py:78 ++msgid "Program's SELinux type" ++msgstr "" ++ ++#: src/field_help.py:79 ++msgid "Program's SELinux user" ++msgstr "" ++ ++#: src/field_help.py:80 ++msgid "If the exit value is >= 0, this is 1, otherwise it is 0." ++msgstr "" ++ ++#: src/field_help.py:82 ++msgid "Set user ID" ++msgstr "" ++ ++#: src/field_help.py:83 ++msgid "User ID" ++msgstr "" ++ ++#: src/field_help.py:88 ++msgid "No help available" ++msgstr "" ++ ++#: src/global_dialog.py:105 src/global_dialog.py:147 src/global_dialog.py:152 ++#: src/global_dialog.py:158 src/global_dialog.py:162 ++msgid "Program" ++msgstr "" ++ ++#: src/global_dialog.py:112 src/system-config-audit.glade:1851 ++msgid "Log File" ++msgstr "" ++ ++#: src/global_dialog.py:123 ++#, python-format ++msgid "Host name as-_is (%s)" ++msgstr "" ++ ++#: src/global_dialog.py:134 ++#, python-format ++msgid "_Fully-qualified host name (%s)" ++msgstr "" ++ ++#: src/global_dialog.py:135 ++#, python-format ++msgid "I_P address (%s)" ++msgstr "" ++ ++#: src/global_dialog.py:137 ++msgid "_Fully-qualified host name" ++msgstr "" ++ ++#: src/global_dialog.py:138 ++msgid "I_P address" ++msgstr "" ++ ++#: src/global_dialog.py:388 ++msgid "First threshold must be larger than second threshold" ++msgstr "" ++ ++#: src/global_dialog.py:400 ++#, python-format ++msgid "\"%s\" is too short" ++msgstr "" ++ ++#: src/global_dialog.py:404 ++#, python-format ++msgid "\"%(email)s\" contains an invalid character \"%(char)c\"" ++msgstr "" ++ ++#: src/global_dialog.py:408 ++#, python-format ++msgid "The domain in \"%s\" is not fully qualified" ++msgstr "" ++ ++#: src/global_dialog.py:422 src/global_dialog.py:482 ++#, python-format ++msgid "Error getting attributes of \"%(path)s\": %(msg)s" ++msgstr "" ++ ++#: src/global_dialog.py:425 src/global_dialog.py:451 src/global_dialog.py:485 ++#, python-format ++msgid "\"%s\" is not a regular file" ++msgstr "" ++ ++#: src/global_dialog.py:427 src/global_dialog.py:453 src/global_dialog.py:487 ++#, python-format ++msgid "\"%s\" is not owned by root" ++msgstr "" ++ ++#: src/global_dialog.py:430 src/global_dialog.py:490 ++#, python-format ++msgid "Permissions of \"%s\" should be 075x" ++msgstr "" ++ ++#: src/global_dialog.py:432 src/global_dialog.py:492 ++#, python-format ++msgid "\"%s\" should not be writable by other users" ++msgstr "" ++ ++#: src/global_dialog.py:444 ++#, python-format ++msgid "\"%s\" is not an existing directory" ++msgstr "" ++ ++#: src/global_dialog.py:456 ++#, python-format ++msgid "Permissions of \"%s\" should be 0600 or 0640" ++msgstr "" ++ ++#: src/global_dialog.py:467 ++msgid "The host name may not be empty" ++msgstr "" ++ ++#: src/global_dialog.py:478 ++#, python-format ++msgid "\"%s\" is not an absolute path" ++msgstr "" ++ ++#: src/global_dialog.py:503 ++#, python-format ++msgid "Email requested but %s is not executable" ++msgstr "" ++ ++#: src/global_dialog.py:552 ++#, python-format ++msgid "" ++"The low disk space thresholds apply to the partition which contains the log " ++"file (%s)." ++msgstr "" ++ ++#: src/global_dialog.py:557 ++msgid "" ++"The low disk space thresholds apply to the partition which contains the log " ++"file." ++msgstr "" ++ ++#: src/main.py:44 ++#, python-format ++msgid "Error running system-config-audit-server: %s" ++msgstr "" ++ ++#: src/main_window.py:96 ++msgid "Auditing disabled." ++msgstr "" ++ ++#: src/main_window.py:97 ++msgid "_Enable" ++msgstr "" ++ ++#: src/main_window.py:100 ++msgid "Auditing enabled." ++msgstr "" ++ ++#: src/main_window.py:101 src/main_window.py:105 ++msgid "_Disable" ++msgstr "" ++ ++#: src/main_window.py:104 ++msgid "Auditing enabled and locked." ++msgstr "" ++ ++#: src/main_window.py:108 ++#, python-format ++msgid "Unknown auditing status %s." ++msgstr "" ++ ++#: src/main_window.py:110 src/main_window.py:118 ++msgid "???" ++msgstr "" ++ ++#: src/main_window.py:117 ++msgid "Error determining auditing status" ++msgstr "" ++ ++#: src/main_window.py:131 ++#, python-format ++msgid "Error reading audit configuration: %s" ++msgstr "" ++ ++#: src/main_window.py:155 ++#, python-format ++msgid "Error writing audit configuration: %s" ++msgstr "" ++ ++#: src/main_window.py:167 ++msgid "Error applying audit configuration" ++msgstr "" ++ ++#: src/main_window.py:183 ++msgid "Configuration modified." ++msgstr "" ++ ++#: src/main_window.py:187 ++msgid "Configuration saved." ++msgstr "" ++ ++#: src/main_window.py:189 ++msgid "Configuration unchanged." ++msgstr "" ++ ++#: src/main_window.py:196 ++msgid "Save changes to the audit configuration before closing?" ++msgstr "" ++ ++#: src/main_window.py:200 ++msgid "Close without Saving" ++msgstr "" ++ ++#: src/main_window.py:204 ++msgid "If you don't save, your changes will be discarded." ++msgstr "" ++ ++#: src/main_window.py:218 ++msgid "Audit Configuration" ++msgstr "" ++ ++#: src/main_window.py:235 ++msgid "translator-credits" ++msgstr "" ++ ++#: src/main_window.py:248 ++#, python-format ++msgid "Error changing auditing status: %s" ++msgstr "" ++ ++#: src/rule_dialog.py:94 ++msgid "System Call" ++msgstr "" ++ ++#: src/rule_dialog.py:115 src/rule_list_dialog.py:32 ++#: src/rule_list_dialog.py:50 src/rule_list_dialog.py:70 ++#: src/type_list_dialog.py:36 src/type_list_dialog.py:53 ++msgid "Condition" ++msgstr "" ++ ++#: src/rule_dialog.py:280 ++msgid "The system call list must not be empty" ++msgstr "" ++ ++#: src/rule_list_dialog.py:32 src/rule_list_dialog.py:50 ++#: src/rule_list_dialog.py:70 src/watch_list_dialog.py:34 ++msgid "Key" ++msgstr "" ++ ++#: src/rule_list_dialog.py:32 src/rule_list_dialog.py:50 ++#: src/system-config-audit.glade:4870 ++msgid "System Calls" ++msgstr "" ++ ++#: src/rule_list_dialog.py:33 src/rule_list_dialog.py:51 ++#: src/rule_list_dialog.py:70 src/type_list_dialog.py:36 ++msgid "Action" ++msgstr "" ++ ++#: src/rule_list_dialog.py:69 ++msgid "Allow auditing" ++msgstr "" ++ ++#: src/rule_list_dialog.py:69 src/rule_table.py:37 ++msgid "Do not audit" ++msgstr "" ++ ++#: src/rule_table.py:37 ++msgid "Audit" ++msgstr "" ++ ++#: src/rule_table.py:132 ++msgid "Any" ++msgstr "" ++ ++#. TRANSLATORS: This string is used to connect audit rule conditions. ++#: src/rule_table.py:143 ++msgid " and " ++msgstr "" ++ ++#: src/server.c:127 ++msgid "" ++"This program is only for use by system-config-audit and it should not be " ++"run\n" ++"manually." ++msgstr "" ++ ++#: src/server.c:141 ++#, c-format ++msgid "" ++"\n" ++"Report bugs to %s.\n" ++msgstr "" ++ ++#: src/server.c:148 ++msgid "" ++"Copyright (C) 2007 Red Hat, Inc. All rights reserved.\n" ++"This software is distributed under the GPL v.2.\n" ++"\n" ++"This program is provided with NO WARRANTY, to the extent permitted by law." ++msgstr "" ++ ++#: src/server.c:472 ++msgid "The control file is not a socket" ++msgstr "" ++ ++#: src/server.c:498 ++#, c-format ++msgid "Unknown server request %" ++msgstr "" ++ ++#: src/system-config-audit.glade:9 ++msgid "Global configuration" ++msgstr "" ++ ++#: src/system-config-audit.glade:101 ++msgid "Limits" ++msgstr "" ++ ++#: src/system-config-audit.glade:144 ++msgid "_Fail if more than" ++msgstr "" ++ ++#: src/system-config-audit.glade:189 ++msgid "events are left unprocessed" ++msgstr "" ++ ++#: src/system-config-audit.glade:228 ++msgid "Fail _if more than" ++msgstr "" ++ ++#: src/system-config-audit.glade:265 ++msgid "_events are generated per second" ++msgstr "" ++ ++#: src/system-config-audit.glade:325 ++msgid "Failure Handling" ++msgstr "" ++ ++#: src/system-config-audit.glade:364 src/system-config-audit.glade:1473 ++#: src/system-config-audit.glade:2052 src/system-config-audit.glade:2723 ++msgid "Do _nothing" ++msgstr "" ++ ++#: src/system-config-audit.glade:383 src/system-config-audit.glade:1492 ++#: src/system-config-audit.glade:2742 ++msgid "_Send a message to syslog" ++msgstr "" ++ ++#: src/system-config-audit.glade:403 ++msgid "_Halt the system (without shutting down cleanly)" ++msgstr "" ++ ++#: src/system-config-audit.glade:449 ++msgid "Kernel" ++msgstr "" ++ ++#: src/system-config-audit.glade:485 ++msgid "Priority" ++msgstr "" ++ ++#: src/system-config-audit.glade:522 ++msgid "Audit daemon priority _boost:" ++msgstr "" ++ ++#: src/system-config-audit.glade:594 ++msgid "Email" ++msgstr "" ++ ++#: src/system-config-audit.glade:631 ++msgid "Send _emails to:" ++msgstr "" ++ ++#: src/system-config-audit.glade:713 ++msgid "Pass _audit events to a program" ++msgstr "" ++ ++#: src/system-config-audit.glade:758 ++msgid "_Program:" ++msgstr "" ++ ++#: src/system-config-audit.glade:810 ++msgid "B_rowse" ++msgstr "" ++ ++#: src/system-config-audit.glade:845 ++msgid "If the program stops processing events:" ++msgstr "" ++ ++#: src/system-config-audit.glade:883 ++msgid "_Discard them" ++msgstr "" ++ ++#: src/system-config-audit.glade:902 ++msgid "_Wait until event processing is resumed" ++msgstr "" ++ ++#: src/system-config-audit.glade:950 ++msgid "" ++"Events won't be written to the log file until the program resumes event " ++"processing." ++msgstr "" ++ ++#: src/system-config-audit.glade:1037 ++msgid "Audit Daemon" ++msgstr "" ++ ++#: src/system-config-audit.glade:1077 ++msgid "Store _audit events to a file" ++msgstr "" ++ ++#: src/system-config-audit.glade:1122 ++msgid "_File:" ++msgstr "" ++ ++#: src/system-config-audit.glade:1174 ++msgid "_Browse..." ++msgstr "" ++ ++#: src/system-config-audit.glade:1209 ++msgid "Making sure audit events are written to disk" ++msgstr "" ++ ++#: src/system-config-audit.glade:1235 ++msgid "_Use normal file system buffering" ++msgstr "" ++ ++#: src/system-config-audit.glade:1260 ++msgid "_Force writeout every" ++msgstr "" ++ ++#: src/system-config-audit.glade:1298 ++msgid "_records" ++msgstr "" ++ ++#: src/system-config-audit.glade:1338 ++msgid "_Data only" ++msgstr "" ++ ++#: src/system-config-audit.glade:1382 ++msgid "When the current log file _grows to" ++msgstr "" ++ ++#: src/system-config-audit.glade:1427 ++msgid "M_B:" ++msgstr "" ++ ++#: src/system-config-audit.glade:1512 ++msgid "Stop _writing events to the file" ++msgstr "" ++ ++#: src/system-config-audit.glade:1532 ++msgid "_Rotate log files" ++msgstr "" ++ ++#: src/system-config-audit.glade:1564 ++msgid "_Keep only the newest" ++msgstr "" ++ ++#: src/system-config-audit.glade:1601 ++msgid "f_iles" ++msgstr "" ++ ++#: src/system-config-audit.glade:1669 ++msgid "_Add a host name field to audit events:" ++msgstr "" ++ ++#: src/system-config-audit.glade:1765 ++msgid "_Custom:" ++msgstr "" ++ ++#: src/system-config-audit.glade:1949 ++msgid "_First threshold:" ++msgstr "" ++ ++#: src/system-config-audit.glade:2000 src/system-config-audit.glade:2353 ++msgid "MB" ++msgstr "" ++ ++#: src/system-config-audit.glade:2071 ++msgid "_Send a message to system log" ++msgstr "" ++ ++#: src/system-config-audit.glade:2091 ++msgid "Send an _email" ++msgstr "" ++ ++#: src/system-config-audit.glade:2127 src/system-config-audit.glade:2480 ++#: src/system-config-audit.glade:2768 ++msgid "_Run a program:" ++msgstr "" ++ ++#: src/system-config-audit.glade:2180 src/system-config-audit.glade:2813 ++#: src/system-config-audit.glade:5429 ++msgid "_Browse" ++msgstr "" ++ ++#: src/system-config-audit.glade:2210 src/system-config-audit.glade:2843 ++msgid "Stop _writing audit events to the log file" ++msgstr "" ++ ++#: src/system-config-audit.glade:2230 src/system-config-audit.glade:2863 ++msgid "Switch to single-_user mode" ++msgstr "" ++ ++#: src/system-config-audit.glade:2250 src/system-config-audit.glade:2883 ++msgid "Shut _down the computer" ++msgstr "" ++ ++#: src/system-config-audit.glade:2302 ++msgid "Second _threshold:" ++msgstr "" ++ ++#: src/system-config-audit.glade:2405 src/system-config-audit.glade:2967 ++msgid "D_o nothing" ++msgstr "" ++ ++#: src/system-config-audit.glade:2424 ++msgid "Send a _message to system log" ++msgstr "" ++ ++#: src/system-config-audit.glade:2444 ++msgid "Send an emai_l" ++msgstr "" ++ ++#: src/system-config-audit.glade:2533 ++msgid "Browse" ++msgstr "" ++ ++#: src/system-config-audit.glade:2563 src/system-config-audit.glade:3087 ++msgid "Stop writing _audit events to the log file" ++msgstr "" ++ ++#: src/system-config-audit.glade:2583 src/system-config-audit.glade:3107 ++msgid "Switch to s_ingle-user mode" ++msgstr "" ++ ++#: src/system-config-audit.glade:2603 src/system-config-audit.glade:3127 ++msgid "S_hut down the computer" ++msgstr "" ++ ++#: src/system-config-audit.glade:2649 ++msgid "Low Disk Space" ++msgstr "" ++ ++#: src/system-config-audit.glade:2685 ++msgid "Disk Full" ++msgstr "" ++ ++#: src/system-config-audit.glade:2929 ++msgid "I/O error" ++msgstr "" ++ ++#: src/system-config-audit.glade:2986 ++msgid "Send a _message to syslog" ++msgstr "" ++ ++#: src/system-config-audit.glade:3012 ++msgid "Run a _program:" ++msgstr "" ++ ++#: src/system-config-audit.glade:3057 ++msgid "Brows_e" ++msgstr "" ++ ++#: src/system-config-audit.glade:3173 ++msgid "Log File Errors" ++msgstr "" ++ ++#: src/system-config-audit.glade:3212 ++msgid "Audit configuration" ++msgstr "" ++ ++#: src/system-config-audit.glade:3241 ++msgid "_File" ++msgstr "" ++ ++#: src/system-config-audit.glade:3262 ++msgid "_Help" ++msgstr "" ++ ++#: src/system-config-audit.glade:3319 ++msgid "Status" ++msgstr "" ++ ++#: src/system-config-audit.glade:3437 ++msgid "Statistics" ++msgstr "" ++ ++#: src/system-config-audit.glade:3483 ++msgid "Audit daemon PID:" ++msgstr "" ++ ++#: src/system-config-audit.glade:3511 ++msgid "Lost events:" ++msgstr "" ++ ++#: src/system-config-audit.glade:3539 ++msgid "Backlog:" ++msgstr "" ++ ++#: src/system-config-audit.glade:3714 ++msgid "Current Status" ++msgstr "" ++ ++#: src/system-config-audit.glade:3955 ++msgid "File watches:" ++msgstr "" ++ ++#: src/system-config-audit.glade:3982 ++msgid "Other audit rules:" ++msgstr "" ++ ++#: src/system-config-audit.glade:4009 ++msgid "Event type rules:" ++msgstr "" ++ ++#: src/system-config-audit.glade:4036 ++msgid "Settings" ++msgstr "" ++ ++#: src/system-config-audit.glade:4069 ++msgid "Configuration" ++msgstr "" ++ ++#: src/system-config-audit.glade:4109 ++msgid "Event Type" ++msgstr "" ++ ++#: src/system-config-audit.glade:4178 ++msgid "Event Type" ++msgstr "" ++ ++#: src/system-config-audit.glade:4216 ++msgid "_Any" ++msgstr "" ++ ++#: src/system-config-audit.glade:4241 ++msgid "_Satisfying: type" ++msgstr "" ++ ++#: src/system-config-audit.glade:4318 ++msgid "Audit Rule" ++msgstr "" ++ ++#: src/system-config-audit.glade:4405 src/system-config-audit.glade:5244 ++msgid "When Rule Matches" ++msgstr "" ++ ++#: src/system-config-audit.glade:4474 src/system-config-audit.glade:5282 ++msgid "_Mark matching events with key:" ++msgstr "" ++ ++#: src/system-config-audit.glade:4572 ++msgid "Architecture" ++msgstr "" ++ ++#: src/system-config-audit.glade:4610 ++msgid "_Limit to tasks using architecture:" ++msgstr "" ++ ++#: src/system-config-audit.glade:4669 ++msgid "General" ++msgstr "" ++ ++#: src/system-config-audit.glade:4709 ++msgid "Limit to the following system calls:" ++msgstr "" ++ ++#: src/system-config-audit.glade:5136 ++msgid "Conditions" ++msgstr "" ++ ++#: src/system-config-audit.glade:5169 src/watch_dialog.py:43 ++msgid "Watched File" ++msgstr "" ++ ++#: src/system-config-audit.glade:5346 ++msgid "Watched File" ++msgstr "" ++ ++#: src/system-config-audit.glade:5383 ++msgid "_Path:" ++msgstr "" ++ ++#: src/system-config-audit.glade:5471 ++msgid "Watched operations" ++msgstr "" ++ ++#: src/system-config-audit.glade:5509 ++msgid "_Read" ++msgstr "" ++ ++#: src/system-config-audit.glade:5528 ++msgid "_Write" ++msgstr "" ++ ++#: src/system-config-audit.glade:5547 ++msgid "_Execute" ++msgstr "" ++ ++#: src/system-config-audit.glade:5566 ++msgid "_Attribute change" ++msgstr "" ++ ++#: src/system-config-audit.glade:5614 ++msgid "File Watches" ++msgstr "" ++ ++#: src/system-config-audit.glade:5707 src/system-config-audit.glade:6517 ++msgid "" ++"This rule set can be used to mark system calls for auditing. To be audited " ++"by these rules, a system call must be perforned in an audited task and it " ++"must pass the \"System Call Entry\" rules." ++msgstr "" ++ ++#: src/system-config-audit.glade:5875 src/system-config-audit.glade:6685 ++msgid "Default behavior: Do not audit the system call" ++msgstr "" ++ ++#: src/system-config-audit.glade:5910 ++msgid "Other Audit Rules" ++msgstr "" ++ ++#: src/system-config-audit.glade:6013 ++msgid "" ++"This rule set can be used to completely disable auditing for some tasks." ++msgstr "" ++ ++#: src/system-config-audit.glade:6181 ++msgid "Default behavior: Allow auditing the task." ++msgstr "" ++ ++#: src/system-config-audit.glade:6212 ++msgid "Audited Tasks" ++msgstr "" ++ ++#: src/system-config-audit.glade:6265 ++msgid "" ++"This rule set can be used to mark a system call for auditing, or to prevent " ++"auditing of the system call. To be audited by these rules, a system call " ++"must be perforned in an audited task." ++msgstr "" ++ ++#: src/system-config-audit.glade:6433 ++msgid "" ++"Default behavior: Do not audit the system call, but allow auditing it by a " ++"\"System Call Exit\" rule or a kernel decision." ++msgstr "" ++ ++#: src/system-config-audit.glade:6464 ++msgid "System Call Entry" ++msgstr "" ++ ++#: src/system-config-audit.glade:6716 ++msgid "System Call Exit" ++msgstr "" ++ ++#: src/system-config-audit.glade:6749 ++msgid "Event Type Rules" ++msgstr "" ++ ++#: src/system-config-audit.glade:6852 ++msgid "" ++"This rule set can be used to filter audit events sent from applications." ++msgstr "" ++ ++#: src/system-config-audit.glade:7020 ++msgid "Default behavior: Audit the event." ++msgstr "" ++ ++#: src/system-config-audit.glade:7051 ++msgid "Trusted Application Events" ++msgstr "" ++ ++#: src/system-config-audit.glade:7104 ++msgid "This rule set can be used to discard all events of a specific type." ++msgstr "" ++ ++#: src/system-config-audit.glade:7272 ++msgid "Default behavior: Preserve events." ++msgstr "" ++ ++#: src/system-config-audit.glade:7303 ++msgid "Suppressed Events" ++msgstr "" ++ ++#: src/system-config-audit.glade:7336 ++msgid "Save Configuration" ++msgstr "" ++ ++#: src/system-config-audit.glade:7411 ++msgid "Configuration Lock" ++msgstr "" ++ ++#: src/system-config-audit.glade:7443 ++msgid "_Prohibit configuration changes until reboot" ++msgstr "" ++ ++#: src/system-config-audit.glade:7481 ++msgid "Current Configuration" ++msgstr "" ++ ++#: src/system-config-audit.glade:7513 ++msgid "_Apply the configuration changes after saving them" ++msgstr "" ++ ++#: src/type_list_dialog.py:75 ++msgid "Any type" ++msgstr "" ++ ++#: src/type_list_dialog.py:79 ++msgid "Type" ++msgstr "" ++ ++#: src/util.py:145 ++#, python-format ++msgid "Unknown architecture %d" ++msgstr "" ++ ++#: src/util.py:153 ++msgid "64-bit architecture not supported" ++msgstr "" ++ ++#: src/util.py:157 ++msgid "32-bit architecture not supported" ++msgstr "" ++ ++#: src/util.py:161 ++#, python-format ++msgid "Unknown architecture \"%s\"" ++msgstr "" ++ ++#: src/util.py:175 ++#, python-format ++msgid "Unknown message type \"%s\"" ++msgstr "" ++ ++#: src/util.py:189 ++#, python-format ++msgid "Unknown system call \"%s\"" ++msgstr "" ++ ++#: src/util.py:191 ++msgid "System call number must be non-negative" ++msgstr "" ++ ++#: src/util.py:203 ++#, python-format ++msgid "Invalid number \"%s\"" ++msgstr "" ++ ++#: src/util.py:205 ++msgid "Value must be non-negative" ++msgstr "" ++ ++#: src/watch_dialog.py:124 ++msgid "The watched file path must not be empty" ++msgstr "" ++ ++#: src/watch_list_dialog.py:34 ++msgid "Path" ++msgstr "" ++ ++#: src/watch_list_dialog.py:34 ++msgid "Operations" ++msgstr "" +--- audit-1.7.4.orig/system-config-audit/po/cs.po ++++ audit-1.7.4/system-config-audit/po/cs.po +@@ -354,7 +354,7 @@ + "Hranice nedostatku místa na disku se týkají oddílu, který obsahuje soubor " + "záznamu (%s)." + +-#: ../../po/../src/global_dialog.py:557 ++#: src/global_dialog.py:557 + msgid "" + "The low disk space thresholds apply to the partition which contains the log " + "file." +@@ -564,7 +564,7 @@ + "spouštěn\n" + "ručně." + +-#: ../../po/../src/server.c:141 ++#: src/server.c:141 + #, c-format + msgid "" + "\n" +@@ -573,7 +573,7 @@ + "\n" + "Chyby hlaste na %s.\n" + +-#: ../../po/../src/server.c:148 ++#: src/server.c:148 + msgid "" + "Copyright (C) 2007 Red Hat, Inc. All rights reserved.\n" + "This software is distributed under the GPL v.2.\n" +--- audit-1.7.4.orig/system-config-audit/src/settings.py ++++ audit-1.7.4/system-config-audit/src/settings.py +@@ -1,5 +1,5 @@ + gettext_domain = 'system-config-audit' + glade_file_path = '/usr/share/system-config-audit/system-config-audit.glade' + localedir = '/usr/share/locale' +-server_path = '/usr/libexec/system-config-audit-server' ++server_path = '/lib/system-config-audit-server' + version = '0.4.7' --- audit-1.7.4.orig/debian/patches/man5.diff +++ audit-1.7.4/debian/patches/man5.diff @@ -0,0 +1,11 @@ +--- a/docs/zos-remote.conf.5 ++++ b/docs/zos-remote.conf.5 +@@ -18,7 +18,7 @@ + .\" Changelog: + .\" 2007-10-06, created by Klaus Heinrich Kiwi + .\" +-.TH ZOS\-REMOTE.CONF 8 "Oct 2007" "IBM" "System Administration Utilities" ++.TH ZOS\-REMOTE.CONF 5 "Oct 2007" "IBM" "System Administration Utilities" + .SH NAME + zos\-remote.conf \- the audisp-racf plugin configuration file + .SH DESCRIPTION --- audit-1.7.4.orig/debian/patches/series +++ audit-1.7.4/debian/patches/series @@ -0,0 +1,4 @@ +man5.diff +system-config-audit.diff +audispd-zos-remote.diff +rpath.diff