--- audit-1.7.9.orig/debian/auditd.logrotate +++ audit-1.7.9/debian/auditd.logrotate @@ -0,0 +1,10 @@ +/var/log/audit/audit.log { + rotate 4 + missingok + notifempty + weekly + compress + postrotate + /etc/init.d/auditd rotate >/dev/null + endscript +} --- audit-1.7.9.orig/debian/README.source +++ audit-1.7.9/debian/README.source @@ -0,0 +1,57 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To configure quilt to use debian/patches instead of patches, you want +either to export QUILT_PATCHES=debian/patches in your environment +or use this snippet in your ~/.quiltrc: + + for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do + if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then + export QUILT_PATCHES=debian/patches + fi + done + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. --- audit-1.7.9.orig/debian/audispd-plugins.install +++ audit-1.7.9/debian/audispd-plugins.install @@ -0,0 +1,15 @@ +etc/audisp/audisp-prelude.conf +etc/audisp/audisp-remote.conf +etc/audisp/plugins.d/audispd-zos-remote.conf +etc/audisp/plugins.d/au-prelude.conf +etc/audisp/plugins.d/au-remote.conf +etc/audisp/zos-remote.conf +sbin/audispd-zos-remote +sbin/audisp-prelude +sbin/audisp-remote +usr/share/man/man5/audisp-prelude.conf.5 +usr/share/man/man5/audisp-remote.conf.5 +usr/share/man/man5/zos-remote.conf.5 +usr/share/man/man8/audispd-zos-remote.8 +usr/share/man/man8/audisp-prelude.8 +usr/share/man/man8/audisp-remote.8 --- audit-1.7.9.orig/debian/auditd.default +++ audit-1.7.9/debian/auditd.default @@ -0,0 +1,12 @@ +# Add extra options here +EXTRAOPTIONS="" +# +# This is the locale information that audit uses. Its defaulted to en_US. +# To remove all locale information from audit's environment, set +# AUDITD_LANG to the empty string or the string "none". +AUDITD_LANG="en_US" +# +# This option is used to determine if rules & watches should be deleted on +# shutdown. This is beneficial in most cases so that a watch doesn't linger +# on a drive that is being unmounted. If set to no, it will NOT be cleaned up. +AUDITD_CLEAN_STOP="yes" --- audit-1.7.9.orig/debian/auditd.postrm +++ audit-1.7.9/debian/auditd.postrm @@ -0,0 +1,37 @@ +#!/bin/sh +# postrm script for auditd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +case "$1" in + purge) + rm -rf /var/log/audit + rm -f /var/run/audit_events + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac --- audit-1.7.9.orig/debian/copyright +++ audit-1.7.9/debian/copyright @@ -0,0 +1,24 @@ +This package was debianized by Philipp Matthias Hahn on +Wed, 21 Mar 2007 09:47:19 +0100. + +It was downloaded from http://people.redhat.com/sgrubb/audit/ + +Upstream Author: Rik Faith + Steve Grubb + +Copyright: 2005-2008 Steve Grubb + +License: + +The audit daemon is released as GPL'd code. The audit daemon's library +libaudit.* is released under LGPL so that it may be linked with 3rd +party software. + +The files in src/libev/ are Copyright (C) 2007,2008, Marc Alexamder Lehmann + +The Debian packaging is (C) 2007,2008, Philipp Matthias Hahn and is licensed under the GPL. + +On Debian systems, refer to /usr/share/common-licenses/LGPL-2.1 +for the complete text of the GNU Lesser General Public License. +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL file. --- audit-1.7.9.orig/debian/auditd.init +++ audit-1.7.9/debian/auditd.init @@ -0,0 +1,155 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: auditd +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Audit Daemon +# Description: Collects audit information from Linux 2.6 Kernels. +### END INIT INFO + +# Author: Philipp Matthias Hahn +# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/bin +DESC="audit daemon" +NAME=auditd +DAEMON=/sbin/auditd +PIDFILE=/var/run/"$NAME".pid +SCRIPTNAME=/etc/init.d/"$NAME" + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME" + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + case "$AUDITD_LANG" in + ""|none|NONE) ;; + *) export LC_ALL="$AUDITD_LANG" ;; + esac + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \ + $EXTRAOPTIONS \ + || return 2 + if [ -f /etc/audit/audit.rules ] + then + /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + fi +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$PIDFILE" --name "$NAME" + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$DAEMON" + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f "$PIDFILE" + rm -f /var/run/audit_events + # Remove watches so shutdown works cleanly + case "$AUDITD_CLEAN_STOP" in + no|NO) ;; + *) /sbin/auditctl -D >/dev/null ;; + esac + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + rotate) + log_daemon_msg "Rotating $DESC logs" "$NAME" + start-stop-daemon --stop --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME" + log_end_msg $? + ;; + status) + pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null + status=$? + if [ $status -eq 0 ]; then + log_success_msg "$NAME is running." + else + log_failure_msg "$NAME is not running." + fi + exit $status + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2 + exit 3 + ;; +esac + +: --- audit-1.7.9.orig/debian/changelog +++ audit-1.7.9/debian/changelog @@ -0,0 +1,95 @@ +audit (1.7.9-1) unstable; urgency=low + + * New upstream release. + - Includes debian/patches/test.diff + * debian/auditd.install: Add aulast. + * Fix "fails to start in two cases : auditd not installed or not run + as root" by "using su-to-root -X" (Closes: #503656) + * debian/control#system-config-audit: + - Depends: menu for su-to-root + - Depends: chkconfig for restart + + -- Philipp Matthias Hahn Sun, 09 Nov 2008 21:25:03 +0100 + +audit (1.7.8-1) unstable; urgency=low + + * New upstream release. + - Includes debian/patches/{man5,rpath,audispd-zos-remote}.diff + - Includes debian/patches/automake{,.in}}.diff + * debian/control: + - Build-Deps: +libev-dev, +chrpath, +libwrap0-dev, +libkrb5-dev, + debhelper (>= 6.0.7~) + - Enable system-config-audit + * debian/rules: + - Enable TCP wrapper + - Enable GSSAPI-krb5 + - chmod o-(r)wx on several files and directories + - dh_lintian auditd.lintian-overrides + debian/patches/test.diff + - Fix "make {dist,}check" in auparse/test/ + + -- Philipp Matthias Hahn Thu, 23 Oct 2008 01:16:47 +0200 + +audit (1.7.4-1) unstable; urgency=low + + * New upstream release (Closes: #452414) + * Drop debian/audispd.8 in favour of updtream version. + * debian/control: + - Build-Deps: +libldap2-dev + - Bump Standards-Version: 3.8.0 + - New audispd-plugins package. + - system-config-audit package is currently disabled: rpath problem. + * debian/rules + - Include /usr/share/quilt/quilt.mak + - Start auditd already in rcS. + * Add debian/README.source as required by 3.8.0 + * debian/auditd.postinst adopted from the Ubuntu branch. + + -- Philipp Matthias Hahn Wed, 25 Jun 2008 09:56:59 +0200 + +audit (1.7.2-0.1) unstable; urgency=low + + * Not released non-maintainer upload. + * New upstream release. + * Drop patches not needed now. + * Add cvs and intltool to build dependencies. + * Enable Prelude support. + + -- Pierre Chifflier Mon, 28 Apr 2008 10:47:22 +0200 + +audit (1.5.3-2.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Added CVE-2008-1628.patch to fix a stack-based buffer overflow + in the audit_log_user_command function which can be triggered via + a command argument that is passed to that function and might lead + to execution of arbitrary code (Closes: #475227). + + -- Nico Golde Thu, 10 Apr 2008 15:06:25 +0200 + +audit (1.5.3-2) unstable; urgency=low + + * debian/auditd.init: Fix inverted AUDITD_CLEAN_STOP (Closes: #428066) + + -- Philipp Matthias Hahn Tue, 12 Jun 2007 22:33:56 +0200 + +audit (1.5.3-1) unstable; urgency=low + + * New upstream version + - Includes all debian/patches. + * Drop Build-Depends: linux-headers-2.6 + + -- Philipp Matthias Hahn Wed, 02 May 2007 09:10:06 +0200 + +audit (1.5.1-2) unstable; urgency=low + + * Apply patch from upstream to fix SEGFAULT on reload. + + -- Philipp Matthias Hahn Fri, 23 Mar 2007 22:16:24 +0100 + +audit (1.5.1-1) unstable; urgency=low + + * Initial release (Closes: #311214) + + -- Philipp Matthias Hahn Wed, 21 Mar 2007 09:47:19 +0100 + --- audit-1.7.9.orig/debian/compat +++ audit-1.7.9/debian/compat @@ -0,0 +1 @@ +5 --- audit-1.7.9.orig/debian/system-config-audit.install +++ audit-1.7.9/debian/system-config-audit.install @@ -0,0 +1,5 @@ +usr/share/locale/*/LC_MESSAGES/system-config-audit.mo +usr/share/system-config-audit +usr/share/applications/system-config-audit.desktop +usr/bin/system-config-audit +lib/system-config-audit-server --- audit-1.7.9.orig/debian/python-audit.install +++ audit-1.7.9/debian/python-audit.install @@ -0,0 +1,2 @@ +usr/lib/python*/site-packages/*.py +usr/lib/python*/site-packages/*.so --- audit-1.7.9.orig/debian/watch +++ audit-1.7.9/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://people.redhat.com/sgrubb/audit/ audit-(.*)\.tar\.gz --- audit-1.7.9.orig/debian/auditd.dirs +++ audit-1.7.9/debian/auditd.dirs @@ -0,0 +1 @@ +var/log/audit --- audit-1.7.9.orig/debian/pycompat +++ audit-1.7.9/debian/pycompat @@ -0,0 +1 @@ +2 --- audit-1.7.9.orig/debian/system-config-audit.8 +++ audit-1.7.9/debian/system-config-audit.8 @@ -0,0 +1,18 @@ +.TH "AUDISPD" "8" "Jun 2008" "Debian" "System Administration Utilities" +.SH NAME +system\-config\-audit \- Graphical utility for editing audit configuration + +.SH SYNOPSIS +.B system\-config\-audit + +.SH DESCRIPTION +\fBsystem\-config\-audit\fP is a graphical userspace utility for the Linux Auditing System. It can be used to edit the configuration files. + +.SH "SEE ALSO" +.BR auditd (8). + +.SH AUTHOR +system\-config\-audit was written by Miloslav Trmac . +.PP +This manual page was written by Philipp Hahn , +for the Debian project (but may be used by others). --- audit-1.7.9.orig/debian/docs +++ audit-1.7.9/debian/docs @@ -0,0 +1,2 @@ +README +TODO --- audit-1.7.9.orig/debian/libaudit-dev.links +++ audit-1.7.9/debian/libaudit-dev.links @@ -0,0 +1,2 @@ +lib/libaudit.so.0 usr/lib/libaudit.so +lib/libauparse.so.0 usr/lib/libauparse.so --- audit-1.7.9.orig/debian/libaudit0.install +++ audit-1.7.9/debian/libaudit0.install @@ -0,0 +1,3 @@ +usr/lib/libaudit.so.* lib +usr/lib/libauparse.so.* lib +etc/libaudit.conf --- audit-1.7.9.orig/debian/rules +++ audit-1.7.9/debian/rules @@ -0,0 +1,154 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE=1 + +export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + confflags += --build $(DEB_HOST_GNU_TYPE) +else + confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) +endif + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +LDFLAGS = -Wl,--as-needed + +include /usr/share/quilt/quilt.make + +configure: configure-stamp +configure-stamp: $(QUILT_STAMPFN) + dh_testdir + -test -r /usr/share/misc/config.sub && \ + cp -f /usr/share/misc/config.sub config.sub && \ + cp -f /usr/share/misc/config.sub system-config-audit/admin/config.sub + -test -r /usr/share/misc/config.guess && \ + cp -f /usr/share/misc/config.guess config.guess && \ + cp -f /usr/share/misc/config.guess system-config-audit/admin/config.guess + #autoreconf -fv --install + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/sbin \ + --libdir='$${exec_prefix}'/lib \ + --libexecdir=/lib \ + --mandir=/usr/share/man \ + --enable-shared=audit \ + --enable-gssapi-krb5 \ + --with-apparmor \ + --with-prelude \ + --with-libwrap \ + $(confflags) + touch $@ + +build: build-stamp +build-stamp: configure-stamp + dh_testdir + $(MAKE) LDFLAGS=$(LDFLAGS) + touch $@ + +unpatch: preunpatch +preunpatch: configure-stamp + dh_testdir + dh_testroot + [ ! -f Makefile ] || $(MAKE) distclean +.PHONY: preunpatch + +clean: unpatch + $(RM) build-stamp configure-stamp + dh_clean + # Clean modified/regeneratable files + $(RM) config.sub config.guess + $(RM) system-config-audit/admin/config.sub system-config-audit/admin/config.guess + $(RM) system-config-audit/po/stamp-it + $(RM) system-config-audit/po/cs.gmo + $(RM) system-config-audit/src/.dirstamp + $(RM) system-config-audit/src/.deps/.dirstamp + #$(RM) system-config-audit/po/Makefile.in.in + #$(RM) system-config-audit/INSTALL + #$(RM) system-config-audit/aclocal.m4 + #$(RM) system-config-audit/admin/depcomp + #$(RM) system-config-audit/admin/install-sh + #$(RM) system-config-audit/admin/ltmain.sh + #$(RM) system-config-audit/admin/mkinstalldirs + #$(RM) system-config-audit/configure + #$(RM) system-config-audit/po/.intltool-merge-cache + $(RM) system-config-audit/po/system-config-audit.pot + $(RM) system-config-audit/system-config-audit.desktop + $(RM) src/mt/*.[ch] + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + + # Remove some RedHat specific files + $(RM) debian/tmp/etc/rc.d/init.d/auditd + $(RM) debian/tmp/etc/sysconfig/auditd + + # Move the library to /lib + $(RM) debian/tmp/usr/lib/libaudit.so + $(RM) debian/tmp/usr/lib/libauparse.so + + # The Debian way + $(RM) debian/tmp/usr/lib/python*/site-packages/_au*.*a + $(RM) debian/tmp/usr/lib/python*/site-packages/auparse.*a + $(RM) debian/tmp/usr/lib/python*/site-packages/au*.py[co] + $(RM) debian/tmp/usr/share/system-config-audit/*.py[co] + +my-check: + find debian/*aud*/ -mindepth 0 -name DEBIAN -prune -o -not -type d -print|sed -e 's,debian/[^/]*/,,' -e 's/\.gz$$//' + +# Build architecture-independent files here. +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples + dh_install --sourcedir=debian/tmp --list-missing + #dh_installlogrotate #auditd has a equivalent built-in feature + dh_installinit -- start 37 S . start 39 0 6 . + dh_installman -psystem-config-audit debian/system-config-audit.8 + dh_lintian + chrpath -d $(CURDIR)/debian/audispd-plugins/sbin/audispd-zos-remote + chrpath -d $(CURDIR)/debian/audispd-plugins/sbin/audisp-prelude + chrpath -d $(CURDIR)/debian/auditd/usr/bin/aulast + chrpath -d $(CURDIR)/debian/auditd/usr/bin/aulastlog + chrpath -d $(CURDIR)/debian/auditd/usr/bin/ausyscall + chrpath -d $(CURDIR)/debian/libaudit0/lib/libauparse.so.0.0.0 + chrpath -d $(CURDIR)/debian/python-audit/usr/lib/python*/site-packages/_audit.so + chrpath -d $(CURDIR)/debian/python-audit/usr/lib/python*/site-packages/auparse.so + chrpath -d $(CURDIR)/debian/system-config-audit/lib/system-config-audit-server + + dh_link + dh_strip + dh_compress + dh_fixperms + #chmod o-wx debian/auditd/usr/bin/aulastlog + #chmod o-wx debian/auditd/sbin/{auditctl,auditd,autrace} + #chmod 750 debian/auditd/sbin/audispd + chmod -R o-rwx debian/auditd/var/log/audit + chmod -R o-rwx debian/auditd/etc/audit debian/auditd/etc/audisp{,/plugins.d} + dh_pysupport + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- audit-1.7.9.orig/debian/auditd.postinst +++ audit-1.7.9/debian/auditd.postinst @@ -0,0 +1,42 @@ +#!/bin/sh +# postinst script for auditd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + # Remove old rc links. + if dpkg --compare-versions "$2" lt "1.6.5-0ubuntu2"; then + update-rc.d -f auditd remove > /dev/null + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- audit-1.7.9.orig/debian/substvars +++ audit-1.7.9/debian/substvars @@ -0,0 +1 @@ +shlibs:Depends=libaudit0, libc6 (>= 2.7-1) --- audit-1.7.9.orig/debian/libaudit-dev.install +++ audit-1.7.9/debian/libaudit-dev.install @@ -0,0 +1,6 @@ +usr/lib/libaudit.la +usr/lib/libaudit.a +usr/lib/libauparse.la +usr/lib/libauparse.a +usr/include +usr/share/man/man3 --- audit-1.7.9.orig/debian/auditd.examples +++ audit-1.7.9/debian/auditd.examples @@ -0,0 +1,5 @@ +contrib/capp.rules +contrib/lspp.rules +contrib/nispom.rules +contrib/stig.rules +init.d/auditd.cron --- audit-1.7.9.orig/debian/auditd.lintian-overrides +++ audit-1.7.9/debian/auditd.lintian-overrides @@ -0,0 +1,18 @@ +## Only to be forked by auditd, which explicitely checks for 750 +#auditd: executable-is-not-world-readable sbin/audispd 0750 != 0755 +## Only root can run +#auditd: non-standard-executable-perm sbin/auditctl 0754 != 0755 +#auditd: non-standard-executable-perm sbin/auditd 0754 != 0755 +#auditd: non-standard-executable-perm sbin/autrace 0754 != 0755 +#auditd: non-standard-executable-perm usr/bin/aulastlog 0754 != 0755 +## Normal users should not see what is being audited +auditd: non-standard-dir-perm etc/audisp/ 0750 != 0755 +auditd: non-standard-file-perm etc/audisp/audispd.conf 0640 != 0644 +auditd: non-standard-dir-perm etc/audisp/plugins.d/ 0750 != 0755 +auditd: non-standard-file-perm etc/audisp/plugins.d/af_unix.conf 0640 != 0644 +auditd: non-standard-file-perm etc/audisp/plugins.d/syslog.conf 0640 != 0644 +auditd: non-standard-dir-perm etc/audit/ 0750 != 0755 +auditd: non-standard-file-perm etc/audit/auditd.conf 0640 != 0644 +auditd: non-standard-file-perm etc/audit/audit.rules 0640 != 0644 +# Contains sensitive information +auditd: non-standard-dir-perm var/log/audit/ 0750 != 0755 --- audit-1.7.9.orig/debian/auditd.install +++ audit-1.7.9/debian/auditd.install @@ -0,0 +1,25 @@ +etc/audisp/audispd.conf +etc/audisp/plugins.d/af_unix.conf +etc/audisp/plugins.d/syslog.conf +etc/audit +sbin/audispd +sbin/auditctl +sbin/auditd +sbin/aureport +sbin/ausearch +sbin/autrace +usr/bin/aulast +usr/bin/aulastlog +usr/bin/ausyscall +usr/share/man/man5/audispd.conf.5 +usr/share/man/man5/auditd.conf.5 +usr/share/man/man5/ausearch-expression.5 +usr/share/man/man8/audispd.8 +usr/share/man/man8/auditctl.8 +usr/share/man/man8/auditd.8 +usr/share/man/man8/aulast.8 +usr/share/man/man8/aulastlog.8 +usr/share/man/man8/aureport.8 +usr/share/man/man8/ausearch.8 +usr/share/man/man8/ausyscall.8 +usr/share/man/man8/autrace.8 --- audit-1.7.9.orig/debian/libaudit-dev.examples +++ audit-1.7.9/debian/libaudit-dev.examples @@ -0,0 +1,2 @@ +contrib/skeleton.c +contrib/plugin --- audit-1.7.9.orig/debian/control +++ audit-1.7.9/debian/control @@ -0,0 +1,69 @@ +Source: audit +Priority: extra +Maintainer: Philipp Matthias Hahn +Build-Depends: debhelper (>= 6.0.7~), + python-all-dev (>= 2.3.5-11), python-support (>= 0.5.3), swig, + automake1.9, autoconf (>= 2.59), libtool, autotools-dev, quilt, + intltool, cvs, libprelude-dev, libldap2-dev, libev-dev, chrpath, + libwrap0-dev, libkrb5-dev +Build-Conflicts: autoconf2.13, automake1.4 +XS-Python-Version: all +Standards-Version: 3.8.0 +Section: libs +Homepage: http://people.redhat.com/sgrubb/audit/ + +Package: auditd +Section: admin +Architecture: any +Depends: ${shlibs:Depends}, lsb-base (>= 3.0-6) +Description: User space tools for security auditing + The audit package contains the user space utilities for + storing and searching the audit records generate by + the audit subsystem in the Linux 2.6 kernel. + . + Also contains the audit dispatcher "audisp". + +Package: libaudit0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends} +Description: Dynamic library for security auditing + The audit-libs package contains the dynamic libraries needed for + applications to use the audit framework. + +Package: libaudit-dev +Section: libdevel +Architecture: any +Depends: libaudit0 (= ${binary:Version}) +Description: Header files and static library for security auditing + The audit-libs-devel package contains the static libraries and header + files needed for developing applications that need to use the audit + framework libraries. + +Package: python-audit +Section: python +Architecture: any +Depends: ${shlibs:Depends}, ${python:Depends} +Provides: ${python:Provides} +XB-Python-Version: ${python:Versions} +Description: Python bindings for security auditing + The audit-libs-python package contains the bindings so that libaudit + and libauparse can be used by Python. + +Package: audispd-plugins +Section: admin +Architecture: any +Depends: auditd, ${shlibs:Depends} +Description: Plugins for the audit event dispatcher + The audispd-plugins package provides plugins for the real-time + interface to the audit system, audispd. These plugins can do things + like relay events to remote machines or analyze events for suspicious + behavior. + +Package: system-config-audit +Section: admin +Architecture: any +Depends: python-audit, ${shlibs:Depends}, menu, chkconfig +Description: Graphical utility for editing audit configuration + The system-config-audit package provides a graphical users interface for + configuring the Linux audit subsystem. --- audit-1.7.9.orig/debian/python-audit.examples +++ audit-1.7.9/debian/python-audit.examples @@ -0,0 +1 @@ +contrib/avc_snap --- audit-1.7.9.orig/debian/patches/rpath.diff +++ audit-1.7.9/debian/patches/rpath.diff @@ -0,0 +1,120 @@ +--- a/tools/aulast/Makefile.am ++++ b/tools/aulast/Makefile.am +@@ -24,10 +24,9 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AUTOMAKE_OPTIONS = no-dependencies + EXTRA_DIST = $(man_MANS) + INCLUDES = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/auparse +-LIBS = -L${top_builddir}/auparse -lauparse ++LDADD = ${top_builddir}/auparse/libauparse.la + bin_PROGRAMS = aulast + noinst_HEADERS = aulast-llist.h + man_MANS = aulast.8 + + aulast_SOURCES = aulast.c aulast-llist.c +- +--- a/tools/aulast/Makefile.in ++++ b/tools/aulast/Makefile.in +@@ -73,6 +73,7 @@ PROGRAMS = $(bin_PROGRAMS) + am_aulast_OBJECTS = aulast.$(OBJEXT) aulast-llist.$(OBJEXT) + aulast_OBJECTS = $(am_aulast_OBJECTS) + aulast_LDADD = $(LDADD) ++aulast_DEPENDENCIES = ${top_builddir}/auparse/libauparse.la + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = + am__depfiles_maybe = +@@ -131,7 +131,7 @@ + LIBOBJS = @LIBOBJS@ + LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ + LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ +-LIBS = -L${top_builddir}/auparse -lauparse ++LIBS = @LIBS@ + LIBTOOL = @LIBTOOL@ + LIBTOOL_DEPS = @LIBTOOL_DEPS@ + LIBWRAP_LIBS = @LIBWRAP_LIBS@ +@@ -224,6 +225,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AUTOMAKE_OPTIONS = no-dependencies + EXTRA_DIST = $(man_MANS) + INCLUDES = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/auparse ++LDADD = ${top_builddir}/auparse/libauparse.la + noinst_HEADERS = aulast-llist.h + man_MANS = aulast.8 + aulast_SOURCES = aulast.c aulast-llist.c +--- a/tools/aulastlog/Makefile.am ++++ b/tools/aulastlog/Makefile.am +@@ -24,10 +24,9 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AUTOMAKE_OPTIONS = no-dependencies + EXTRA_DIST = $(man_MANS) + INCLUDES = -I${top_srcdir} -I${top_srcdir}/auparse +-LIBS = -L${top_builddir}/auparse -lauparse ++LDADD = ${top_builddir}/auparse/libauparse.la + bin_PROGRAMS = aulastlog + noinst_HEADERS = aulastlog-llist.h + man_MANS = aulastlog.8 + + aulastlog_SOURCES = aulastlog.c aulastlog-llist.c +- +--- a/tools/aulastlog/Makefile.in ++++ b/tools/aulastlog/Makefile.in +@@ -73,6 +73,7 @@ PROGRAMS = $(bin_PROGRAMS) + am_aulastlog_OBJECTS = aulastlog.$(OBJEXT) aulastlog-llist.$(OBJEXT) + aulastlog_OBJECTS = $(am_aulastlog_OBJECTS) + aulastlog_LDADD = $(LDADD) ++aulastlog_DEPENDENCIES = ${top_builddir}/auparse/libauparse.la + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = + am__depfiles_maybe = +@@ -131,7 +132,7 @@ LDFLAGS = @LDFLAGS@ + LIBOBJS = @LIBOBJS@ + LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ + LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ +-LIBS = -L${top_builddir}/auparse -lauparse ++LIBS = @LIBS@ + LIBTOOL = @LIBTOOL@ + LIBTOOL_DEPS = @LIBTOOL_DEPS@ + LIBWRAP_LIBS = @LIBWRAP_LIBS@ +@@ -224,6 +225,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AUTOMAKE_OPTIONS = no-dependencies + EXTRA_DIST = $(man_MANS) + INCLUDES = -I${top_srcdir} -I${top_srcdir}/auparse ++LDADD = ${top_builddir}/auparse/libauparse.la + noinst_HEADERS = aulastlog-llist.h + man_MANS = aulastlog.8 + aulastlog_SOURCES = aulastlog.c aulastlog-llist.c +--- a/tools/ausyscall/Makefile.am ++++ b/tools/ausyscall/Makefile.am +@@ -24,7 +24,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AUTOMAKE_OPTIONS = no-dependencies + EXTRA_DIST = $(man_MANS) + INCLUDES = -I${top_srcdir} -I${top_srcdir}/lib +-LIBS = -L${top_builddir}/lib -laudit ++LDADD = ${top_builddir}/lib/libaudit.la + bin_PROGRAMS = ausyscall + man_MANS = ausyscall.8 + +--- a/tools/ausyscall/Makefile.in ++++ b/tools/ausyscall/Makefile.in +@@ -71,6 +71,7 @@ PROGRAMS = $(bin_PROGRAMS) + am_ausyscall_OBJECTS = ausyscall-ausyscall.$(OBJEXT) + ausyscall_OBJECTS = $(am_ausyscall_OBJECTS) + ausyscall_LDADD = $(LDADD) ++ausyscall_DEPENDENCIES = ${top_builddir}/lib/libaudit.la + ausyscall_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(ausyscall_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +@@ -131,7 +132,7 @@ LDFLAGS = @LDFLAGS@ + LIBOBJS = @LIBOBJS@ + LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ + LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ +-LIBS = -L${top_builddir}/lib -laudit ++LIBS = @LIBS@ + LIBTOOL = @LIBTOOL@ + LIBTOOL_DEPS = @LIBTOOL_DEPS@ + LIBWRAP_LIBS = @LIBWRAP_LIBS@ +@@ -224,6 +225,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AUTOMAKE_OPTIONS = no-dependencies + EXTRA_DIST = $(man_MANS) + INCLUDES = -I${top_srcdir} -I${top_srcdir}/lib ++LDADD = ${top_builddir}/lib/libaudit.la + man_MANS = ausyscall.8 + ausyscall_SOURCES = ausyscall.c + ausyscall_CFLAGS = -g -D_GNU_SOURCE --- audit-1.7.9.orig/debian/patches/system-config-audit_service.diff +++ audit-1.7.9/debian/patches/system-config-audit_service.diff @@ -0,0 +1,12 @@ +Replace condrestart with restart for Debian +--- a/system-config-audit/src/server.c ++++ b/system-config-audit/src/server.c +@@ -344,7 +344,7 @@ req_apply (void) + + assert (SOCKET_FILENO == STDIN_FILENO); + /* system() uses "sh -c ...", so the "exec " avoids one fork (). */ +- res = system ("exec /sbin/service auditd condrestart " ++ res = system ("exec /sbin/service auditd restart " + STR(SOCKET_FILENO) "value); ++#if 0 + return 1; ++#endif + } + if ( !(buf.st_mode & S_IWUSR) ) { + audit_msg(LOG_ERR, "audit log is not writable by owner"); +@@ -663,8 +665,10 @@ static int dispatch_parser(struct nv_pai + } + if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != + (S_IRWXU|S_IRGRP|S_IXGRP)) { +- audit_msg(LOG_ERR, "%s permissions should be 0750", nv->value); ++ audit_msg(LOG_WARNING, "%s permissions should be 0750", nv->value); ++#if 0 + return 1; ++#endif + } + bypass: + free((void *)config->dispatcher); +@@ -904,8 +908,10 @@ static int check_exe_name(const char *va + } + if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != + (S_IRWXU|S_IRGRP|S_IXGRP)) { +- audit_msg(LOG_ERR, "%s permissions should be 0750", val); ++ audit_msg(LOG_WARNING, "%s permissions should be 0750", val); ++#if 0 + return -1; ++#endif + } + return 0; + } --- audit-1.7.9.orig/debian/patches/series +++ audit-1.7.9/debian/patches/series @@ -0,0 +1,4 @@ +mode.diff +503656_su-to-x.diff +rpath.diff +system-config-audit_service.diff