summaryrefslogtreecommitdiff
path: root/extra/audit
diff options
context:
space:
mode:
authordavidovski <david@davidovski.xyz>2022-05-04 23:52:30 +0100
committerdavidovski <david@davidovski.xyz>2022-05-04 23:52:30 +0100
commit739c65c54cb0e957df5e9b76f93fb02554e5cac3 (patch)
tree09ddfa0a342f3ea9de136cb50abdd79821bf1b53 /extra/audit
parent4c585ad54388285500fd18a6aaa516894e0f2c16 (diff)
moved everything to new file formatting
Diffstat (limited to 'extra/audit')
-rw-r--r--extra/audit/0003-all-get-rid-of-strndupa.patch56
-rw-r--r--extra/audit/0004-fix-path-in-au-remote-conf.patch16
-rw-r--r--extra/audit/auditd.confd22
-rw-r--r--extra/audit/auditd.initd90
4 files changed, 0 insertions, 184 deletions
diff --git a/extra/audit/0003-all-get-rid-of-strndupa.patch b/extra/audit/0003-all-get-rid-of-strndupa.patch
deleted file mode 100644
index d8317e1..0000000
--- a/extra/audit/0003-all-get-rid-of-strndupa.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 38d950e468c1e51937530f884b138076e4897da2 Mon Sep 17 00:00:00 2001
-From: Tycho Andersen <tycho@docker.com>
-Date: Mon, 13 Mar 2017 16:40:08 -0700
-Subject: [PATCH 3/4] all: get rid of strndupa
-
-in one case (src/auditd.c) we don't even need to allocate a buffer, in the
-other two we do it in two steps to avoid using a non-standard function.
-
-Signed-off-by: Tycho Andersen <tycho@docker.com>
----
- auparse/auparse.c | 6 ++++--
- src/auditd.c | 10 +++++-----
- src/ausearch-lol.c | 6 ++++--
- 3 files changed, 13 insertions(+), 9 deletions(-)
-
-diff --git a/auparse/auparse.c b/auparse/auparse.c
-index 058f544..f61d204 100644
---- a/auparse/auparse.c
-+++ b/auparse/auparse.c
-@@ -1102,10 +1102,12 @@ static int extract_timestamp(const char *b, au_event_t *e)
- int rc = 1;
-
- e->host = NULL;
-+
-+ tmp = alloca(340);
- if (*b == 'n')
-- tmp = strndupa(b, 340);
-+ tmp = strncpy(tmp, b, 340);
- else
-- tmp = strndupa(b, 80);
-+ tmp = strncpy(tmp, b, 80);
- ptr = audit_strsplit(tmp);
- if (ptr) {
- // Optionally grab the node - may or may not be included
-diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
-index 29d0a32..3a2e5e8 100644
---- a/src/ausearch-lol.c
-+++ b/src/ausearch-lol.c
-@@ -135,10 +135,12 @@ static int extract_timestamp(const char *b, event *e)
- char *ptr, *tmp, *tnode, *ttype;
-
- e->node = NULL;
-+
-+ tmp = alloca(340);
- if (*b == 'n')
-- tmp = strndupa(b, 340);
-+ tmp = strncpy(tmp, b, 340);
- else
-- tmp = strndupa(b, 80);
-+ tmp = strncpy(tmp, b, 80);
- ptr = audit_strsplit(tmp);
- if (ptr) {
- // Check to see if this is the node info
---
-2.13.1
-
diff --git a/extra/audit/0004-fix-path-in-au-remote-conf.patch b/extra/audit/0004-fix-path-in-au-remote-conf.patch
deleted file mode 100644
index c3d1efd..0000000
--- a/extra/audit/0004-fix-path-in-au-remote-conf.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-From: Dermot Bradley <dermot_bradley@yahoo.com>
-Date: Fri, 29 May 2020 19:55:23 +0100
-
-Fix the path to the audisp-remote binary.
-
---- a/audisp/plugins/remote/au-remote.conf
-+++ b/audisp/plugins/remote/au-remote.conf
-@@ -5,7 +5,7 @@
-
- active = no
- direction = out
--path = /sbin/audisp-remote
-+path = /usr/sbin/audisp-remote
- type = always
- #args =
- format = string
diff --git a/extra/audit/auditd.confd b/extra/audit/auditd.confd
deleted file mode 100644
index c66be16..0000000
--- a/extra/audit/auditd.confd
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Configuration options for auditd
-# -f for foreground mode
-# There are some other options as well, but you'll have to look in the source
-# code to find them as they aren't ready for use yet.
-EXTRAOPTIONS=''
-
-# Audit rules file to run after starting auditd
-RULEFILE_STARTUP=/etc/audit/audit.rules
-
-# Audit rules file to run before and after stopping auditd
-RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
-RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
-
-# If you want to enforce a certain locale for auditd,
-# uncomment one of the next lines:
-#AUDITD_LANG=none
-AUDITD_LANG=C
-#AUDITD_LANG=en_US
-#AUDITD_LANG=en_US.UTF-8
diff --git a/extra/audit/auditd.initd b/extra/audit/auditd.initd
deleted file mode 100644
index b9d9c47..0000000
--- a/extra/audit/auditd.initd
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_started_commands='reload reload_auditd reload_rules'
-description='Linux Auditing System'
-description_reload='Reload daemon configuration and rules'
-description_reload_rules='Reload daemon rules'
-description_reload_auditd='Reload daemon configuration'
-
-name='auditd'
-pidfile='/var/run/auditd.pid'
-command='/usr/sbin/auditd'
-
-start_auditd() {
- # Env handling taken from the upstream init script
- if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
- unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
- else
- LANG="$AUDITD_LANG"
- LC_TIME="$AUDITD_LANG"
- LC_ALL="$AUDITD_LANG"
- LC_MESSAGES="$AUDITD_LANG"
- LC_NUMERIC="$AUDITD_LANG"
- LC_MONETARY="$AUDITD_LANG"
- LC_COLLATE="$AUDITD_LANG"
- export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
- fi
- unset HOME MAIL USER USERNAME
-
- ebegin "Starting ${name}"
- start-stop-daemon \
- --start --quiet --pidfile ${pidfile} \
- --exec ${command} -- ${EXTRAOPTIONS}
- local ret=$?
- eend $ret
- return $ret
-}
-
-stop_auditd() {
- ebegin "Stopping ${name}"
- start-stop-daemon --stop --quiet --pidfile ${pidfile}
- local ret=$?
- eend $ret
- return $ret
-}
-
-loadfile() {
- local rules="$1"
- if [ -n "${rules}" -a -f "${rules}" ]; then
- einfo "Loading audit rules from ${rules}"
- /usr/sbin/auditctl -R "${rules}" >/dev/null
- return $?
- else
- return 0
- fi
-}
-
-start() {
- start_auditd
- local ret=$?
- if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
- loadfile "${RULEFILE_STARTUP}"
- fi
- return $ret
-}
-
-reload_rules() {
- loadfile "${RULEFILE_STARTUP}"
-}
-
-reload_auditd() {
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP \
- --exec "${command}" --pidfile "${pidfile}"
- eend $?
-}
-
-reload() {
- reload_auditd
- reload_rules
-}
-
-stop() {
- [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
- stop_auditd
- local ret=$?
- [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
- return $ret
-}