aboutsummaryrefslogtreecommitdiffstats
path: root/main/audit
diff options
context:
space:
mode:
Diffstat (limited to 'main/audit')
-rw-r--r--main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch29
-rw-r--r--main/audit/0002-auparse-remove-use-of-rawmemchr.patch34
-rw-r--r--main/audit/0003-all-get-rid-of-strndupa.patch86
-rw-r--r--main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch24
-rw-r--r--main/audit/APKBUILD70
-rw-r--r--main/audit/auditd.confd22
-rw-r--r--main/audit/auditd.initd90
7 files changed, 355 insertions, 0 deletions
diff --git a/main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch b/main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch
new file mode 100644
index 0000000000..94614afce4
--- /dev/null
+++ b/main/audit/0001-auditctl-include-headers-to-make-build-work-with-mus.patch
@@ -0,0 +1,29 @@
+From 49ed6ac0e07bc30231ce53ca5a5e150fccd4d860 Mon Sep 17 00:00:00 2001
+From: Tycho Andersen <tycho@docker.com>
+Date: Mon, 13 Mar 2017 22:44:19 +0000
+Subject: [PATCH 1/4] auditctl: include headers to make build work with musl
+
+technically select is defined in sys/select.h, and `struct timeval`
+requires sys/time.h
+
+Signed-off-by: Tycho Andersen <tycho@docker.com>
+---
+ src/auditctl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/auditctl.c b/src/auditctl.c
+index 04765f4..07701f9 100644
+--- a/src/auditctl.c
++++ b/src/auditctl.c
+@@ -32,6 +32,8 @@
+ #include <ctype.h>
+ #include <unistd.h>
+ #include <sys/utsname.h>
++#include <sys/select.h>
++#include <sys/time.h>
+ #include <fcntl.h>
+ #include <errno.h>
+ #include <libgen.h> /* For basename */
+--
+2.13.1
+
diff --git a/main/audit/0002-auparse-remove-use-of-rawmemchr.patch b/main/audit/0002-auparse-remove-use-of-rawmemchr.patch
new file mode 100644
index 0000000000..891a87bbc3
--- /dev/null
+++ b/main/audit/0002-auparse-remove-use-of-rawmemchr.patch
@@ -0,0 +1,34 @@
+From 8f2a6788b78dd6b219545aacbd42e2f84df8c71a Mon Sep 17 00:00:00 2001
+From: Tycho Andersen <tycho@docker.com>
+Date: Mon, 13 Mar 2017 16:17:10 -0700
+Subject: [PATCH 2/4] auparse: remove use of rawmemchr
+
+just iterate over the string instead, it's much simpler and doesn't use a
+glibc extension.
+
+Signed-off-by: Tycho Andersen <tycho@docker.com>
+---
+ auparse/interpret.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index ea17c41..75b7679 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -819,10 +819,9 @@ static const char *print_proctitle(const char *val)
+ // Proctitle has arguments separated by NUL bytes
+ // We need to write over the NUL bytes with a space
+ // so that we can see the arguments
+- while ((ptr = rawmemchr(ptr, '\0'))) {
+- if (ptr >= end)
+- break;
+- *ptr = ' ';
++ while (ptr < end) {
++ if (*ptr == '\0')
++ *ptr = ' ';
+ ptr++;
+ }
+ }
+--
+2.13.1
+
diff --git a/main/audit/0003-all-get-rid-of-strndupa.patch b/main/audit/0003-all-get-rid-of-strndupa.patch
new file mode 100644
index 0000000000..d34bf0cfb7
--- /dev/null
+++ b/main/audit/0003-all-get-rid-of-strndupa.patch
@@ -0,0 +1,86 @@
+From 38d950e468c1e51937530f884b138076e4897da2 Mon Sep 17 00:00:00 2001
+From: Tycho Andersen <tycho@docker.com>
+Date: Mon, 13 Mar 2017 16:40:08 -0700
+Subject: [PATCH 3/4] all: get rid of strndupa
+
+in one case (src/auditd.c) we don't even need to allocate a buffer, in the
+other two we do it in two steps to avoid using a non-standard function.
+
+Signed-off-by: Tycho Andersen <tycho@docker.com>
+---
+ auparse/auparse.c | 6 ++++--
+ src/auditd.c | 10 +++++-----
+ src/ausearch-lol.c | 6 ++++--
+ 3 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index 058f544..f61d204 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -1102,10 +1102,12 @@ static int extract_timestamp(const char *b, au_event_t *e)
+ int rc = 1;
+
+ e->host = NULL;
++
++ tmp = alloca(340);
+ if (*b == 'n')
+- tmp = strndupa(b, 340);
++ tmp = strncpy(tmp, b, 340);
+ else
+- tmp = strndupa(b, 80);
++ tmp = strncpy(tmp, b, 80);
+ ptr = audit_strsplit(tmp);
+ if (ptr) {
+ // Optionally grab the node - may or may not be included
+diff --git a/src/auditd.c b/src/auditd.c
+index cd49758..2de065a 100644
+--- a/src/auditd.c
++++ b/src/auditd.c
+@@ -185,7 +185,7 @@ static void child_handler2( int sig )
+
+ static int extract_type(const char *str)
+ {
+- const char *tptr, *ptr2, *ptr = str;
++ const char *ptr2, *ptr = str;
+ if (*str == 'n') {
+ ptr = strchr(str+1, ' ');
+ if (ptr == NULL)
+@@ -194,12 +194,12 @@ static int extract_type(const char *str)
+ }
+ // ptr should be at 't'
+ ptr2 = strchr(ptr, ' ');
+- // get type=xxx in a buffer
+- tptr = strndupa(ptr, ptr2 - ptr);
++
+ // find =
+- str = strchr(tptr, '=');
+- if (str == NULL)
++ str = strchr(ptr, '=');
++ if (str == NULL || str >= ptr2)
+ return -1; // Malformed - bomb out
++
+ // name is 1 past
+ str++;
+ return audit_name_to_msg_type(str);
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index 29d0a32..3a2e5e8 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -135,10 +135,12 @@ static int extract_timestamp(const char *b, event *e)
+ char *ptr, *tmp, *tnode, *ttype;
+
+ e->node = NULL;
++
++ tmp = alloca(340);
+ if (*b == 'n')
+- tmp = strndupa(b, 340);
++ tmp = strncpy(tmp, b, 340);
+ else
+- tmp = strndupa(b, 80);
++ tmp = strncpy(tmp, b, 80);
+ ptr = audit_strsplit(tmp);
+ if (ptr) {
+ // Check to see if this is the node info
+--
+2.13.1
+
diff --git a/main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch b/main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch
new file mode 100644
index 0000000000..72baf90013
--- /dev/null
+++ b/main/audit/0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch
@@ -0,0 +1,24 @@
+From 8c803432699a815349c73630e620d5eaa4a16727 Mon Sep 17 00:00:00 2001
+From: Felix Janda <felix.janda@posteo.de>
+Date: Mon, 19 Jun 2017 21:14:24 -0400
+Subject: [PATCH 4/4] audisp/audispd.c: Include <limits.h> for PATH_MAX
+
+---
+ audisp/audispd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/audisp/audispd.c b/audisp/audispd.c
+index 9831cf3..329b629 100644
+--- a/audisp/audispd.c
++++ b/audisp/audispd.c
+@@ -34,6 +34,7 @@
+ #include <sys/poll.h>
+ #include <netdb.h>
+ #include <arpa/inet.h>
++#include <limits.h>
+
+ #include "audispd-config.h"
+ #include "audispd-pconfig.h"
+--
+2.13.1
+
diff --git a/main/audit/APKBUILD b/main/audit/APKBUILD
new file mode 100644
index 0000000000..f84147f079
--- /dev/null
+++ b/main/audit/APKBUILD
@@ -0,0 +1,70 @@
+# Maintainer: Tycho Andersen <tycho@docker.com>
+pkgname=audit
+pkgver=2.7.7
+pkgrel=1
+pkgdesc="User space tools for 2.6 kernel auditing"
+url="http://people.redhat.com/sgrubb/audit/"
+arch="all"
+license="GPLv2+"
+depends=""
+depends_dev="linux-headers"
+makedepends="$depends_dev swig libcap-ng-dev python3"
+install=""
+subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs"
+source="http://people.redhat.com/sgrubb/audit/audit-$pkgver.tar.gz
+ 0001-auditctl-include-headers-to-make-build-work-with-mus.patch
+ 0002-auparse-remove-use-of-rawmemchr.patch
+ 0003-all-get-rid-of-strndupa.patch
+ 0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch
+ auditd.initd
+ auditd.confd
+ "
+builddir="$srcdir/audit-$pkgver"
+
+build() {
+ if [ "$CARCH" = "ppc64le" ]; then
+ WITHOUT="--without-python3 --without-python"
+ fi
+
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/ \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --localstatedir=/var \
+ --disable-zos-remote \
+ --enable-shared=audit \
+ $WITHOUT \
+ || return 1
+ make || return 1
+}
+
+check() {
+ cd "$builddir"
+ make -j1 check || return 1
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install || return 1
+ install -D -m755 "$srcdir"/auditd.initd \
+ "$pkgdir"/etc/init.d/auditd || return 1
+ install -D -m644 "$srcdir"/auditd.confd \
+ "$pkgdir"/etc/conf.d/auditd || return 1
+}
+
+static() {
+ pkgdesc="Static libaudit libraries"
+ mkdir -p "$subpkgdir"/lib/
+ mv "$pkgdir"/lib/*.a "$subpkgdir"/lib/
+}
+
+sha512sums="a465a0526acd647f21cc3625c12107a719abf31c6e76b5d3c7bf17796bfd970af51b892d878162dbd5e6be283f156927daeb24427d1a628125a579965423ff2e audit-2.7.7.tar.gz
+119c57eb6aee67b30dcd2252513e2595dc0686b7135529928fed68ab64d0e7a46901ed6a242c90b183a1e02099668ba1c7ef05a17e5dfaa6ca74c01a36e560bf 0001-auditctl-include-headers-to-make-build-work-with-mus.patch
+b7851d4c3c6d7d35f2e822273c17ab530ac24301c414da7f0c7578b7a182692ecd01b51cb50ea04adba4b43987f27020f8f411aec23b3bda0af4d4b6e9fbae5d 0002-auparse-remove-use-of-rawmemchr.patch
+c380c04fc1939903eea9919d5a918f58725177adee1fe7dbe81e33905bad2f561dc35cae9f3d79aa6f00245cf33cdd50cef5e2b58f4fa5b8cd0cfad59af7137a 0003-all-get-rid-of-strndupa.patch
+ca1d38b8af822f6506cead858070a7f90ae8cf851556cb9288e31614d288e723efe684777c5f64b61f3988a427a714eb306e53fff93e670342b7a618c6196d69 0004-audisp-audispd.c-Include-limits.h-for-PATH_MAX.patch
+1b48c248db5d34f148f9c79f8b2a6acbf61c729230341b861f5e331bbfb0c8356305a09eb2cc5c82c14c4fd9a13c7c13957e1ed493834b8b3b9ee38978e4c31f auditd.initd
+69d8777772ded7a8c0db2bcf84961b121bb355fa0d4ba0e14e311f8a8bfe665cbd2b7ac632d73477f9dfa9a6eec357a7ed458fe9b3e7b5ede75b166f3f092ab7 auditd.confd"
diff --git a/main/audit/auditd.confd b/main/audit/auditd.confd
new file mode 100644
index 0000000000..c66be166ce
--- /dev/null
+++ b/main/audit/auditd.confd
@@ -0,0 +1,22 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
+
+# If you want to enforce a certain locale for auditd,
+# uncomment one of the next lines:
+#AUDITD_LANG=none
+AUDITD_LANG=C
+#AUDITD_LANG=en_US
+#AUDITD_LANG=en_US.UTF-8
diff --git a/main/audit/auditd.initd b/main/audit/auditd.initd
new file mode 100644
index 0000000000..c952554df2
--- /dev/null
+++ b/main/audit/auditd.initd
@@ -0,0 +1,90 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands='reload reload_auditd reload_rules'
+description='Linux Auditing System'
+description_reload='Reload daemon configuration and rules'
+description_reload_rules='Reload daemon rules'
+description_reload_auditd='Reload daemon configuration'
+
+name='auditd'
+pidfile='/var/run/auditd.pid'
+command='/sbin/auditd'
+
+start_auditd() {
+ # Env handling taken from the upstream init script
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ else
+ LANG="$AUDITD_LANG"
+ LC_TIME="$AUDITD_LANG"
+ LC_ALL="$AUDITD_LANG"
+ LC_MESSAGES="$AUDITD_LANG"
+ LC_NUMERIC="$AUDITD_LANG"
+ LC_MONETARY="$AUDITD_LANG"
+ LC_COLLATE="$AUDITD_LANG"
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ fi
+ unset HOME MAIL USER USERNAME
+
+ ebegin "Starting ${name}"
+ start-stop-daemon \
+ --start --quiet --pidfile ${pidfile} \
+ --exec ${command} -- ${EXTRAOPTIONS}
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+stop_auditd() {
+ ebegin "Stopping ${name}"
+ start-stop-daemon --stop --quiet --pidfile ${pidfile}
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+loadfile() {
+ local rules="$1"
+ if [ -n "${rules}" -a -f "${rules}" ]; then
+ einfo "Loading audit rules from ${rules}"
+ /sbin/auditctl -R "${rules}" >/dev/null
+ return $?
+ else
+ return 0
+ fi
+}
+
+start() {
+ start_auditd
+ local ret=$?
+ if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
+ loadfile "${RULEFILE_STARTUP}"
+ fi
+ return $ret
+}
+
+reload_rules() {
+ loadfile "${RULEFILE_STARTUP}"
+}
+
+reload_auditd() {
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP \
+ --exec "${command}" --pidfile "${pidfile}"
+ eend $?
+}
+
+reload() {
+ reload_auditd
+ reload_rules
+}
+
+stop() {
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
+ stop_auditd
+ local ret=$?
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
+ return $ret
+}