diff options
Diffstat (limited to 'extra/audit')
-rw-r--r-- | extra/audit/0003-all-get-rid-of-strndupa.patch | 56 | ||||
-rw-r--r-- | extra/audit/0004-fix-path-in-au-remote-conf.patch | 16 | ||||
-rw-r--r-- | extra/audit/auditd.confd | 22 | ||||
-rw-r--r-- | extra/audit/auditd.initd | 90 |
4 files changed, 184 insertions, 0 deletions
diff --git a/extra/audit/0003-all-get-rid-of-strndupa.patch b/extra/audit/0003-all-get-rid-of-strndupa.patch new file mode 100644 index 0000000..d8317e1 --- /dev/null +++ b/extra/audit/0003-all-get-rid-of-strndupa.patch @@ -0,0 +1,56 @@ +From 38d950e468c1e51937530f884b138076e4897da2 Mon Sep 17 00:00:00 2001 +From: Tycho Andersen <tycho@docker.com> +Date: Mon, 13 Mar 2017 16:40:08 -0700 +Subject: [PATCH 3/4] all: get rid of strndupa + +in one case (src/auditd.c) we don't even need to allocate a buffer, in the +other two we do it in two steps to avoid using a non-standard function. + +Signed-off-by: Tycho Andersen <tycho@docker.com> +--- + auparse/auparse.c | 6 ++++-- + src/auditd.c | 10 +++++----- + src/ausearch-lol.c | 6 ++++-- + 3 files changed, 13 insertions(+), 9 deletions(-) + +diff --git a/auparse/auparse.c b/auparse/auparse.c +index 058f544..f61d204 100644 +--- a/auparse/auparse.c ++++ b/auparse/auparse.c +@@ -1102,10 +1102,12 @@ static int extract_timestamp(const char *b, au_event_t *e) + int rc = 1; + + e->host = NULL; ++ ++ tmp = alloca(340); + if (*b == 'n') +- tmp = strndupa(b, 340); ++ tmp = strncpy(tmp, b, 340); + else +- tmp = strndupa(b, 80); ++ tmp = strncpy(tmp, b, 80); + ptr = audit_strsplit(tmp); + if (ptr) { + // Optionally grab the node - may or may not be included +diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c +index 29d0a32..3a2e5e8 100644 +--- a/src/ausearch-lol.c ++++ b/src/ausearch-lol.c +@@ -135,10 +135,12 @@ static int extract_timestamp(const char *b, event *e) + char *ptr, *tmp, *tnode, *ttype; + + e->node = NULL; ++ ++ tmp = alloca(340); + if (*b == 'n') +- tmp = strndupa(b, 340); ++ tmp = strncpy(tmp, b, 340); + else +- tmp = strndupa(b, 80); ++ tmp = strncpy(tmp, b, 80); + ptr = audit_strsplit(tmp); + if (ptr) { + // Check to see if this is the node info +-- +2.13.1 + diff --git a/extra/audit/0004-fix-path-in-au-remote-conf.patch b/extra/audit/0004-fix-path-in-au-remote-conf.patch new file mode 100644 index 0000000..c3d1efd --- /dev/null +++ b/extra/audit/0004-fix-path-in-au-remote-conf.patch @@ -0,0 +1,16 @@ +From: Dermot Bradley <dermot_bradley@yahoo.com> +Date: Fri, 29 May 2020 19:55:23 +0100 + +Fix the path to the audisp-remote binary. + +--- a/audisp/plugins/remote/au-remote.conf ++++ b/audisp/plugins/remote/au-remote.conf +@@ -5,7 +5,7 @@ + + active = no + direction = out +-path = /sbin/audisp-remote ++path = /usr/sbin/audisp-remote + type = always + #args = + format = string diff --git a/extra/audit/auditd.confd b/extra/audit/auditd.confd new file mode 100644 index 0000000..c66be16 --- /dev/null +++ b/extra/audit/auditd.confd @@ -0,0 +1,22 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Configuration options for auditd +# -f for foreground mode +# There are some other options as well, but you'll have to look in the source +# code to find them as they aren't ready for use yet. +EXTRAOPTIONS='' + +# Audit rules file to run after starting auditd +RULEFILE_STARTUP=/etc/audit/audit.rules + +# Audit rules file to run before and after stopping auditd +RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre +RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post + +# If you want to enforce a certain locale for auditd, +# uncomment one of the next lines: +#AUDITD_LANG=none +AUDITD_LANG=C +#AUDITD_LANG=en_US +#AUDITD_LANG=en_US.UTF-8 diff --git a/extra/audit/auditd.initd b/extra/audit/auditd.initd new file mode 100644 index 0000000..b9d9c47 --- /dev/null +++ b/extra/audit/auditd.initd @@ -0,0 +1,90 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands='reload reload_auditd reload_rules' +description='Linux Auditing System' +description_reload='Reload daemon configuration and rules' +description_reload_rules='Reload daemon rules' +description_reload_auditd='Reload daemon configuration' + +name='auditd' +pidfile='/var/run/auditd.pid' +command='/usr/sbin/auditd' + +start_auditd() { + # Env handling taken from the upstream init script + if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + else + LANG="$AUDITD_LANG" + LC_TIME="$AUDITD_LANG" + LC_ALL="$AUDITD_LANG" + LC_MESSAGES="$AUDITD_LANG" + LC_NUMERIC="$AUDITD_LANG" + LC_MONETARY="$AUDITD_LANG" + LC_COLLATE="$AUDITD_LANG" + export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + fi + unset HOME MAIL USER USERNAME + + ebegin "Starting ${name}" + start-stop-daemon \ + --start --quiet --pidfile ${pidfile} \ + --exec ${command} -- ${EXTRAOPTIONS} + local ret=$? + eend $ret + return $ret +} + +stop_auditd() { + ebegin "Stopping ${name}" + start-stop-daemon --stop --quiet --pidfile ${pidfile} + local ret=$? + eend $ret + return $ret +} + +loadfile() { + local rules="$1" + if [ -n "${rules}" -a -f "${rules}" ]; then + einfo "Loading audit rules from ${rules}" + /usr/sbin/auditctl -R "${rules}" >/dev/null + return $? + else + return 0 + fi +} + +start() { + start_auditd + local ret=$? + if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then + loadfile "${RULEFILE_STARTUP}" + fi + return $ret +} + +reload_rules() { + loadfile "${RULEFILE_STARTUP}" +} + +reload_auditd() { + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP \ + --exec "${command}" --pidfile "${pidfile}" + eend $? +} + +reload() { + reload_auditd + reload_rules +} + +stop() { + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}" + stop_auditd + local ret=$? + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}" + return $ret +} |