Browse Source

audit: new package

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[strip library after adding it to openwrt repository]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
lilik-openwrt-22.03
Thomas Petazzoni 4 years ago
committed by Paul Spooren
parent
commit
853cee6c77
4 changed files with 319 additions and 0 deletions
  1. +144
    -0
      utils/audit/Makefile
  2. +16
    -0
      utils/audit/files/audit.init
  3. +133
    -0
      utils/audit/patches/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch
  4. +26
    -0
      utils/audit/patches/0002-fix-gcc-10.patch

+ 144
- 0
utils/audit/Makefile View File

@ -0,0 +1,144 @@
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=audit
PKG_VERSION:=2.8.5
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://people.redhat.com/sgrubb/audit
PKG_HASH:=0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7
PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:linux_audit_project:linux_audit
PKG_FIXUP:=autoreconf
PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
define Package/audit/Default
TITLE:=Audit Daemon
URL:=http://people.redhat.com/sgrubb/audit/
endef
define Package/audit/Default/description
The audit package contains the user space utilities for
storing and searching the audit records generated by
the audit subsystem in the Linux 2.6 kernel
endef
define Package/libauparse
$(call Package/audit/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE+= (parsing shared library)
DEPENDS:= +libaudit
endef
define Package/libauparse/description
$(call Package/audit/Default/description)
This package contains the audit parsing shared library.
endef
define Package/audit-utils
$(call Package/audit/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE+= (utilities)
DEPENDS:= +libaudit +libauparse
endef
define Package/audit-utils/description
$(call Package/audit/Default/description)
This package contains the audit utilities.
endef
define Package/audit
$(call Package/audit/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE+= (daemon)
DEPENDS:= +libaudit +libauparse +audit-utils
endef
define Package/audit/description
$(call Package/audit/Default/description)
This package contains the audit daemon.
endef
CONFIGURE_VARS += \
LDFLAGS_FOR_BUILD="$(HOST_LDFLAGS)" \
CPPFLAGS_FOR_BUILD="$(HOST_CPPFLAGS)" \
CFLAGS_FOR_BUILD="$(HOST_CFLAGS)" \
CC_FOR_BUILD="$(HOSTCC)"
CONFIGURE_ARGS += \
--without-libcap-ng \
--disable-systemd \
--without-python \
--without-python3 \
--disable-zos-remote
ifeq ($(ARCH),aarch64)
CONFIGURE_ARGS += --with-aarch64
else ifeq ($(ARCH),arm)
CONFIGURE_ARGS += --with-arm
endif
# We can't use the default, as the default passes $(MAKE_ARGS), which
# overrides CC, CFLAGS, etc. and defeats the *_FOR_BUILD definitions
# passed in CONFIGURE_VARS
define Build/Compile
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH)
endef
define Build/Install
$(call Build/Install/Default,install)
$(SED) 's%^dispatcher *=.*%dispatcher = /usr/sbin/audispd%' $(PKG_INSTALL_DIR)/etc/audit/auditd.conf
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
endef
define Package/libauparse/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libauparse.so.* $(1)/usr/lib/
endef
define Package/audit-utils/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) \
$(PKG_INSTALL_DIR)/usr/sbin/{augenrules,audispd,audisp-remote,auditctl,autrace,aureport,ausearch} \
$(1)/usr/sbin/
endef
define Package/audit/install
$(INSTALL_DIR) $(1)/etc/audit
$(CP) $(PKG_INSTALL_DIR)/etc/audit/* $(1)/etc/audit/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/audit.init $(1)/etc/init.d/audit
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/auditd $(1)/usr/sbin/
endef
$(eval $(call HostBuild))
$(eval $(call BuildPackage,libauparse))
$(eval $(call BuildPackage,audit-utils))
$(eval $(call BuildPackage,audit))

+ 16
- 0
utils/audit/files/audit.init View File

@ -0,0 +1,16 @@
#!/bin/sh /etc/rc.common
# Copyright (c) 2014 OpenWrt.org
START=11
USE_PROCD=1
PROG=/usr/sbin/auditd
start_service() {
mkdir -p /var/log/audit
procd_open_instance
procd_set_param command "$PROG" -n
procd_set_param respawn
procd_close_instance
test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules
}

+ 133
- 0
utils/audit/patches/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch View File

@ -0,0 +1,133 @@
From c39a071e7c021f6ff3554aca2758e97b47a9777c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 26 Feb 2019 18:33:33 -0500
Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
(cherry picked from commit d579a08bb1cde71f939c13ac6b2261052ae9f77e)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
auparse/auparse.c | 12 +++++++++++-
auparse/interpret.c | 9 ++++++++-
configure.ac | 14 +++++++++++++-
src/ausearch-lol.c | 12 +++++++++++-
4 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 650db02..2e1c737 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1,5 +1,5 @@
/* auparse.c --
- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e)
return 0;
}
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+ size_t len = strnlen(old, n);
+ char *tmp = alloca(len + 1);
+ tmp[len] = 0;
+ return memcpy(tmp, old, len);
+}
+#endif
+
/* Returns 0 on success and 1 on error */
static int extract_timestamp(const char *b, au_event_t *e)
{
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 51c4a5e..67b7b77 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -853,6 +853,13 @@ err_out:
return print_escaped(id->val);
}
+// rawmemchr is faster. Let's use it if we have it.
+#ifdef HAVE_RAWMEMCHR
+#define STRCHR rawmemchr
+#else
+#define STRCHR strchr
+#endif
+
static const char *print_proctitle(const char *val)
{
char *out = (char *)print_escaped(val);
@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
// Proctitle has arguments separated by NUL bytes
// We need to write over the NUL bytes with a space
// so that we can see the arguments
- while ((ptr = rawmemchr(ptr, '\0'))) {
+ while ((ptr = STRCHR(ptr, '\0'))) {
if (ptr >= end)
break;
*ptr = ' ';
diff --git a/configure.ac b/configure.ac
index 6e345f1..6f3007e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
dnl
define([AC_INIT_NOTICE],
[### Generated automatically using autoconf version] AC_ACVERSION [
-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
###
### Permission is hereby granted, free of charge, to any person obtaining a
### copy of this software and associated documentation files (the "Software"),
@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
AC_CHECK_FUNCS([posix_fallocate])
dnl; signalfd is needed for libev
AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
+dnl; check if rawmemchr is available
+AC_CHECK_FUNCS([rawmemchr])
+dnl; check if strndupa is available
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE(
+ [[
+ #define _GNU_SOURCE
+ #include <string.h>
+ int main() { (void) strndupa("test", 10); return 0; }]])],
+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
+ []
+)
ALLWARNS=""
ALLDEBUG="-g"
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index 5d17a72..758c33e 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -1,6 +1,6 @@
/*
* ausearch-lol.c - linked list of linked lists library
-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This software may be freely redistributed and/or modified under the
@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
return 0;
}
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+ size_t len = strnlen(old, n);
+ char *tmp = alloca(len + 1);
+ tmp[len] = 0;
+ return memcpy(tmp, old, len);
+}
+#endif
+
/*
* This function will look at the line and pick out pieces of it.
*/
--
2.21.0

+ 26
- 0
utils/audit/patches/0002-fix-gcc-10.patch View File

@ -0,0 +1,26 @@
From 017e6c6ab95df55f34e339d2139def83e5dada1f Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 10 Jan 2020 21:13:50 -0500
Subject: [PATCH 01/30] Header definitions need to be external when building
with -fno-common (which is default in GCC 10) - Tony Jones
---
src/ausearch-common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ausearch-common.h b/src/ausearch-common.h
index 6669203..3040547 100644
--- a/src/ausearch-common.h
+++ b/src/ausearch-common.h
@@ -50,7 +50,7 @@ extern pid_t event_pid;
extern int event_exact_match;
extern uid_t event_uid, event_euid, event_loginuid;
extern const char *event_tuid, *event_teuid, *event_tauid;
-slist *event_node_list;
+extern slist *event_node_list;
extern const char *event_comm;
extern const char *event_filename;
extern const char *event_hostname;
--
2.26.2

Loading…
Cancel
Save