diff options
Diffstat (limited to 'main/audit')
-rw-r--r-- | main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch | 29 | ||||
-rw-r--r-- | main/audit/0002-auparse-remove-use-of-rawmemchr.patch | 34 | ||||
-rw-r--r-- | main/audit/0003-all-get-rid-of-strndupa.patch | 86 | ||||
-rw-r--r-- | main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch | 24 | ||||
-rw-r--r-- | main/audit/APKBUILD | 70 | ||||
-rw-r--r-- | main/audit/auditd.confd | 22 | ||||
-rw-r--r-- | main/audit/auditd.initd | 90 |
7 files changed, 355 insertions, 0 deletions
diff --git a/main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch b/main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch new file mode 100644 index 0000000000..94614afce4 --- /dev/null +++ b/main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch @@ -0,0 +1,29 @@ +From 49ed6ac0e07bc30231ce53ca5a5e150fccd4d860 Mon Sep 17 00:00:00 2001 +From: Tycho Andersen <tycho@docker.com> +Date: Mon, 13 Mar 2017 22:44:19 +0000 +Subject: [PATCH 1/4] auditctl: include headers to make build work with musl + +technically select is defined in sys/select.h, and `struct timeval` +requires sys/time.h + +Signed-off-by: Tycho Andersen <tycho@docker.com> +--- + src/auditctl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/auditctl.c b/src/auditctl.c +index 04765f4..07701f9 100644 +--- a/src/auditctl.c ++++ b/src/auditctl.c +@@ -32,6 +32,8 @@ + #include <ctype.h> + #include <unistd.h> + #include <sys/utsname.h> ++#include <sys/select.h> ++#include <sys/time.h> + #include <fcntl.h> + #include <errno.h> + #include <libgen.h> /* For basename */ +-- +2.13.1 + diff --git a/main/audit/0002-auparse-remove-use-of-rawmemchr.patch b/main/audit/0002-auparse-remove-use-of-rawmemchr.patch new file mode 100644 index 0000000000..891a87bbc3 --- /dev/null +++ b/main/audit/0002-auparse-remove-use-of-rawmemchr.patch @@ -0,0 +1,34 @@ +From 8f2a6788b78dd6b219545aacbd42e2f84df8c71a Mon Sep 17 00:00:00 2001 +From: Tycho Andersen <tycho@docker.com> +Date: Mon, 13 Mar 2017 16:17:10 -0700 +Subject: [PATCH 2/4] auparse: remove use of rawmemchr + +just iterate over the string instead, it's much simpler and doesn't use a +glibc extension. + +Signed-off-by: Tycho Andersen <tycho@docker.com> +--- + auparse/interpret.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/auparse/interpret.c b/auparse/interpret.c +index ea17c41..75b7679 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -819,10 +819,9 @@ static const char *print_proctitle(const char *val) + // Proctitle has arguments separated by NUL bytes + // We need to write over the NUL bytes with a space + // so that we can see the arguments +- while ((ptr = rawmemchr(ptr, '\0'))) { +- if (ptr >= end) +- break; +- *ptr = ' '; ++ while (ptr < end) { ++ if (*ptr == '\0') ++ *ptr = ' '; + ptr++; + } + } +-- +2.13.1 + diff --git a/main/audit/0003-all-get-rid-of-strndupa.patch b/main/audit/0003-all-get-rid-of-strndupa.patch new file mode 100644 index 0000000000..d34bf0cfb7 --- /dev/null +++ b/main/audit/0003-all-get-rid-of-strndupa.patch @@ -0,0 +1,86 @@ +From 38d950e468c1e51937530f884b138076e4897da2 Mon Sep 17 00:00:00 2001 +From: Tycho Andersen <tycho@docker.com> +Date: Mon, 13 Mar 2017 16:40:08 -0700 +Subject: [PATCH 3/4] all: get rid of strndupa + +in one case (src/auditd.c) we don't even need to allocate a buffer, in the +other two we do it in two steps to avoid using a non-standard function. + +Signed-off-by: Tycho Andersen <tycho@docker.com> +--- + auparse/auparse.c | 6 ++++-- + src/auditd.c | 10 +++++----- + src/ausearch-lol.c | 6 ++++-- + 3 files changed, 13 insertions(+), 9 deletions(-) + +diff --git a/auparse/auparse.c b/auparse/auparse.c +index 058f544..f61d204 100644 +--- a/auparse/auparse.c ++++ b/auparse/auparse.c +@@ -1102,10 +1102,12 @@ static int extract_timestamp(const char *b, au_event_t *e) + int rc = 1; + + e->host = NULL; ++ ++ tmp = alloca(340); + if (*b == 'n') +- tmp = strndupa(b, 340); ++ tmp = strncpy(tmp, b, 340); + else +- tmp = strndupa(b, 80); ++ tmp = strncpy(tmp, b, 80); + ptr = audit_strsplit(tmp); + if (ptr) { + // Optionally grab the node - may or may not be included +diff --git a/src/auditd.c b/src/auditd.c +index cd49758..2de065a 100644 +--- a/src/auditd.c ++++ b/src/auditd.c +@@ -185,7 +185,7 @@ static void child_handler2( int sig ) + + static int extract_type(const char *str) + { +- const char *tptr, *ptr2, *ptr = str; ++ const char *ptr2, *ptr = str; + if (*str == 'n') { + ptr = strchr(str+1, ' '); + if (ptr == NULL) +@@ -194,12 +194,12 @@ static int extract_type(const char *str) + } + // ptr should be at 't' + ptr2 = strchr(ptr, ' '); +- // get type=xxx in a buffer +- tptr = strndupa(ptr, ptr2 - ptr); ++ + // find = +- str = strchr(tptr, '='); +- if (str == NULL) ++ str = strchr(ptr, '='); ++ if (str == NULL || str >= ptr2) + return -1; // Malformed - bomb out ++ + // name is 1 past + str++; + return audit_name_to_msg_type(str); +diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c +index 29d0a32..3a2e5e8 100644 +--- a/src/ausearch-lol.c ++++ b/src/ausearch-lol.c +@@ -135,10 +135,12 @@ static int extract_timestamp(const char *b, event *e) + char *ptr, *tmp, *tnode, *ttype; + + e->node = NULL; ++ ++ tmp = alloca(340); + if (*b == 'n') +- tmp = strndupa(b, 340); ++ tmp = strncpy(tmp, b, 340); + else +- tmp = strndupa(b, 80); ++ tmp = strncpy(tmp, b, 80); + ptr = audit_strsplit(tmp); + if (ptr) { + // Check to see if this is the node info +-- +2.13.1 + diff --git a/main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch b/main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch new file mode 100644 index 0000000000..72baf90013 --- /dev/null +++ b/main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch @@ -0,0 +1,24 @@ +From 8c803432699a815349c73630e620d5eaa4a16727 Mon Sep 17 00:00:00 2001 +From: Felix Janda <felix.janda@posteo.de> +Date: Mon, 19 Jun 2017 21:14:24 -0400 +Subject: [PATCH 4/4] audisp/audispd.c: Include <limits.h> for PATH_MAX + +--- + audisp/audispd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/audisp/audispd.c b/audisp/audispd.c +index 9831cf3..329b629 100644 +--- a/audisp/audispd.c ++++ b/audisp/audispd.c +@@ -34,6 +34,7 @@ + #include <sys/poll.h> + #include <netdb.h> + #include <arpa/inet.h> ++#include <limits.h> + + #include "audispd-config.h" + #include "audispd-pconfig.h" +-- +2.13.1 + diff --git a/main/audit/APKBUILD b/main/audit/APKBUILD new file mode 100644 index 0000000000..f84147f079 --- /dev/null +++ b/main/audit/APKBUILD @@ -0,0 +1,70 @@ +# Maintainer: Tycho Andersen <tycho@docker.com> +pkgname=audit +pkgver=2.7.7 +pkgrel=1 +pkgdesc="User space tools for 2.6 kernel auditing" +url="http://people.redhat.com/sgrubb/audit/" +arch="all" +license="GPLv2+" +depends="" +depends_dev="linux-headers" +makedepends="$depends_dev swig libcap-ng-dev python3" +install="" +subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs" +source="http://people.redhat.com/sgrubb/audit/audit-$pkgver.tar.gz + 0001-auditctl-include-headers-to-make-build-work-with-mus.patch + 0002-auparse-remove-use-of-rawmemchr.patch + 0003-all-get-rid-of-strndupa.patch + 0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch + auditd.initd + auditd.confd + " +builddir="$srcdir/audit-$pkgver" + +build() { + if [ "$CARCH" = "ppc64le" ]; then + WITHOUT="--without-python3 --without-python" + fi + + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/ \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --disable-zos-remote \ + --enable-shared=audit \ + $WITHOUT \ + || return 1 + make || return 1 +} + +check() { + cd "$builddir" + make -j1 check || return 1 +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install || return 1 + install -D -m755 "$srcdir"/auditd.initd \ + "$pkgdir"/etc/init.d/auditd || return 1 + install -D -m644 "$srcdir"/auditd.confd \ + "$pkgdir"/etc/conf.d/auditd || return 1 +} + +static() { + pkgdesc="Static libaudit libraries" + mkdir -p "$subpkgdir"/lib/ + mv "$pkgdir"/lib/*.a "$subpkgdir"/lib/ +} + +sha512sums="a465a0526acd647f21cc3625c12107a719abf31c6e76b5d3c7bf17796bfd970af51b892d878162dbd5e6be283f156927daeb24427d1a628125a579965423ff2e audit-2.7.7.tar.gz +119c57eb6aee67b30dcd2252513e2595dc0686b7135529928fed68ab64d0e7a46901ed6a242c90b183a1e02099668ba1c7ef05a17e5dfaa6ca74c01a36e560bf 0001-auditctl-include-headers-to-make-build-work-with-mus.patch +b7851d4c3c6d7d35f2e822273c17ab530ac24301c414da7f0c7578b7a182692ecd01b51cb50ea04adba4b43987f27020f8f411aec23b3bda0af4d4b6e9fbae5d 0002-auparse-remove-use-of-rawmemchr.patch +c380c04fc1939903eea9919d5a918f58725177adee1fe7dbe81e33905bad2f561dc35cae9f3d79aa6f00245cf33cdd50cef5e2b58f4fa5b8cd0cfad59af7137a 0003-all-get-rid-of-strndupa.patch +ca1d38b8af822f6506cead858070a7f90ae8cf851556cb9288e31614d288e723efe684777c5f64b61f3988a427a714eb306e53fff93e670342b7a618c6196d69 0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch +1b48c248db5d34f148f9c79f8b2a6acbf61c729230341b861f5e331bbfb0c8356305a09eb2cc5c82c14c4fd9a13c7c13957e1ed493834b8b3b9ee38978e4c31f auditd.initd +69d8777772ded7a8c0db2bcf84961b121bb355fa0d4ba0e14e311f8a8bfe665cbd2b7ac632d73477f9dfa9a6eec357a7ed458fe9b3e7b5ede75b166f3f092ab7 auditd.confd" diff --git a/main/audit/auditd.confd b/main/audit/auditd.confd new file mode 100644 index 0000000000..c66be166ce --- /dev/null +++ b/main/audit/auditd.confd @@ -0,0 +1,22 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Configuration options for auditd +# -f for foreground mode +# There are some other options as well, but you'll have to look in the source +# code to find them as they aren't ready for use yet. +EXTRAOPTIONS='' + +# Audit rules file to run after starting auditd +RULEFILE_STARTUP=/etc/audit/audit.rules + +# Audit rules file to run before and after stopping auditd +RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre +RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post + +# If you want to enforce a certain locale for auditd, +# uncomment one of the next lines: +#AUDITD_LANG=none +AUDITD_LANG=C +#AUDITD_LANG=en_US +#AUDITD_LANG=en_US.UTF-8 diff --git a/main/audit/auditd.initd b/main/audit/auditd.initd new file mode 100644 index 0000000000..c952554df2 --- /dev/null +++ b/main/audit/auditd.initd @@ -0,0 +1,90 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands='reload reload_auditd reload_rules' +description='Linux Auditing System' +description_reload='Reload daemon configuration and rules' +description_reload_rules='Reload daemon rules' +description_reload_auditd='Reload daemon configuration' + +name='auditd' +pidfile='/var/run/auditd.pid' +command='/sbin/auditd' + +start_auditd() { + # Env handling taken from the upstream init script + if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + else + LANG="$AUDITD_LANG" + LC_TIME="$AUDITD_LANG" + LC_ALL="$AUDITD_LANG" + LC_MESSAGES="$AUDITD_LANG" + LC_NUMERIC="$AUDITD_LANG" + LC_MONETARY="$AUDITD_LANG" + LC_COLLATE="$AUDITD_LANG" + export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + fi + unset HOME MAIL USER USERNAME + + ebegin "Starting ${name}" + start-stop-daemon \ + --start --quiet --pidfile ${pidfile} \ + --exec ${command} -- ${EXTRAOPTIONS} + local ret=$? + eend $ret + return $ret +} + +stop_auditd() { + ebegin "Stopping ${name}" + start-stop-daemon --stop --quiet --pidfile ${pidfile} + local ret=$? + eend $ret + return $ret +} + +loadfile() { + local rules="$1" + if [ -n "${rules}" -a -f "${rules}" ]; then + einfo "Loading audit rules from ${rules}" + /sbin/auditctl -R "${rules}" >/dev/null + return $? + else + return 0 + fi +} + +start() { + start_auditd + local ret=$? + if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then + loadfile "${RULEFILE_STARTUP}" + fi + return $ret +} + +reload_rules() { + loadfile "${RULEFILE_STARTUP}" +} + +reload_auditd() { + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP \ + --exec "${command}" --pidfile "${pidfile}" + eend $? +} + +reload() { + reload_auditd + reload_rules +} + +stop() { + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}" + stop_auditd + local ret=$? + [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}" + return $ret +} |