Mailinglist Archive: opensuse-commit (1206 mails)

[root@xxxxxxx (h_root)]

Hello community,

here is the log from the commit of package audit
checked in at Sun May 7 15:43:18 CEST 2006.

--------
--- audit/audit.changes	2006-03-20 16:18:49.000000000 +0100
+++ STABLE/audit/audit.changes	2006-05-05 21:08:30.000000000 +0200
@@ -1,0 +2,5 @@
+Fri May  5 21:05:40 CEST 2006 - sbeattie@xxxxxxx
+
+- disable syscall audit context creation by default #172154  
+
+-------------------------------------------------------------------

New:
----
  audit-1.1.3-disable-syscall-contexts.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ audit.spec ++++++
--- /var/tmp/diff_new_pack.JN8z6d/_old	2006-05-07 15:43:09.000000000 +0200
+++ /var/tmp/diff_new_pack.JN8z6d/_new	2006-05-07 15:43:09.000000000 +0200
@@ -14,7 +14,7 @@
 BuildRequires:  gcc-c++ pam-devel python-devel swig
 Summary:        User Space Tools for 2.6 Kernel Auditing
 Version:        1.1.3
-Release:        14
+Release:        22
 License:        GPL
 Group:          System/Monitoring
 URL:            http://people.redhat.com/sgrubb/audit/
@@ -27,6 +27,7 @@
 Patch3:         %name-fix-broken-kernels.patch
 Patch4:         %name-%version-warning-on-connrefused.patch
 Patch5:         %name-%version-no-errormessage.patch
+Patch6:         %name-%version-disable-syscall-contexts.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       %{name}-libs = %{version}-%{release}
 PreReq:         %insserv_prereq %fillup_prereq
@@ -82,6 +83,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 autoreconf -fv --install
@@ -169,6 +171,8 @@
 %ghost /var/log/audit/audit.log
 
 %changelog -n audit
+* Fri May 05 2006 - sbeattie@xxxxxxx
+- disable syscall audit context creation by default #172154
 * Mon Mar 20 2006 - meissner@xxxxxxx
 - Do not print a misleading errormessage when audit
   is not compiled into the kernel. #152733

++++++ audit-1.1.3-disable-syscall-contexts.patch ++++++

 audit-1.1.3/docs/auditd.8 |    5 +++++
 audit-1.1.3/src/auditd.c  |   31 ++++++++++++++++++++++---------
 2 files changed, 27 insertions(+), 9 deletions(-)

Index: audit-1.1.3/src/auditd.c
===================================================================
--- audit-1.1.3/src/auditd.c
+++ audit-1.1.3/src/auditd.c
@@ -36,6 +36,7 @@
 #include <sys/wait.h>
 #include <fcntl.h>
 #include <pthread.h>
+#include <getopt.h>
 
 #include "libaudit.h"
 #include "auditd-config.h"
@@ -66,7 +67,7 @@ static int get_reply(int fd, struct audi
  */
 static void usage(void)
 {
-	puts("Usage: auditd [ -f ]");
+	puts("Usage: auditd [ -f ] [ -n ]");
 	exit(2);
 }
 
@@ -201,16 +202,27 @@ int main(int argc, char *argv[])
 	struct auditd_reply_list *rep = NULL;
 	struct rlimit limit;
 	int hup_info_requested = 0;
+	int opt_foreground = 0;
+	int opt_enabled = 1;
+	int c;
 
 	/* Get params && set mode */
-	if (argc > 2)
-		usage();
-	if (argc == 2) {
-		if (strcmp(argv[1], "-f") == 0) {
-			config.daemonize = D_FOREGROUND;
-			set_aumessage_mode(MSG_STDERR, DBG_YES);
-		} else
+	while ((c = getopt(argc, argv, "fn")) != -1) {
+		switch (c) {
+		case 'f':
+			opt_foreground = 1;
+			break;
+		case 'n':
+			opt_enabled = 0;
+			break;
+		default:
 			usage();
+		}
+	}
+
+	if (opt_foreground) {
+		config.daemonize = D_FOREGROUND;
+		set_aumessage_mode(MSG_STDERR, DBG_YES);
 	}
 	else {
 		config.daemonize = D_BACKGROUND;
@@ -332,7 +344,7 @@ int main(int argc, char *argv[])
 	}
 
 	/* Enable auditing just in case it was off */
-	if (audit_set_enabled(fd, 1) < 0) {
+	if (audit_set_enabled(fd, opt_enabled) < 0) {
 		char emsg[64];
 		snprintf(emsg, sizeof(emsg),
 			"auditd error halt, auid=%u res=failed",
@@ -433,6 +445,7 @@ int main(int argc, char *argv[])
 			/* Write message to log that we are going down */
 			int rc;
 
+			audit_set_enabled(fd, 0);
 			rc = audit_request_signal_info(fd);
 			if (rc > 0) {
 				struct audit_reply trep;
Index: audit-1.1.3/docs/auditd.8
===================================================================
--- audit-1.1.3/docs/auditd.8
+++ audit-1.1.3/docs/auditd.8
@@ -4,6 +4,7 @@ auditd \- The Linux audit daemon
 .SH SYNOPSIS
 .B auditd
 [ \fI-f \fR]
+[ \fI-n \fR]
 .SH DESCRIPTION
 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
 .B ausearch
@@ -18,6 +19,10 @@ file.
 .TP
 \fB\-f\fR
 leave the audit daemon in the foreground for debugging. Messages also go to stderr rather than the audit log.
+.TP
+\fB-n\fR
+start the audit daemon, but do not enabled system call auditing in the kernel.
+This can be done separately by using \fBauditctl -e\fR.
 .SH SIGNALS
 \fB\SIGHUP\fR
 causes auditd to reconfigure. This means that auditd re-reads the configuration file. If there are no syntax errors, it will proceed to implement the requested changes. If the reconfigure is successful, a DAEMON_CONFIG event is recorded in the logs. If not successful, error handling is controlled by space_left_action, admin_space_left_action, disk_full_action, and disk_error_action parameters in auditd.conf.
++++++ auditd.init ++++++
--- audit/auditd.init	2006-03-06 13:38:38.000000000 +0100
+++ STABLE/audit/auditd.init	2006-05-06 06:58:44.000000000 +0200
@@ -98,9 +98,12 @@
 case "$1" in
     start)
 	echo -n "Starting auditd "
+	if [ "$AUDITD_DISABLE_CONTEXTS" == "yes" ] ; then 
+		EXTRAOPTIONS="$EXTRAOPTIONS -n"
+	fi
 	## Start daemon with startproc(8). If this fails
 	## the return value is set appropriately by startproc.
-	startproc $AUDITD_BIN
+	startproc $AUDITD_BIN $EXTRAOPTIONS
 	test -f /etc/audit.rules && /sbin/auditctl -R /etc/audit.rules >/dev/null
 
 	# Remember status and be verbose

++++++ auditd.sysconfig ++++++
--- audit/auditd.sysconfig	2006-01-13 11:15:02.000000000 +0100
+++ STABLE/audit/auditd.sysconfig	2006-05-06 07:24:48.000000000 +0200
@@ -11,18 +11,25 @@
 # Add extra options here
 EXTRAOPTIONS=""
 #
-# Type:	string
-# Default: "en_US"
+## Type: string
+## Default: "en_US"
 #
 # This is the locale information that audit uses. Its defaulted to en_US.
 # To remove all locale information from audit's environment, set
 # AUDITD_LANG to the empty string or the string "none".
 AUDITD_LANG="en_US"
 #
-# Type: string
-# Default: "yes"
+## Type: string
+## Default: "yes"
 #
 # This option is used to determine if rules & watches should be deleted on
 # shutdown. This is beneficial in most cases so that a watch doesn't linger
 # on a drive that is being unmounted. If set to no, it will NOT be cleaned up.
 AUDITD_CLEAN_STOP="yes"
+#
+## Type: yesno
+## Default: yes
+#
+# This option disables syscall auditing by default. This can also be
+# accomplished by auditctl -e.
+AUDITD_DISABLE_CONTEXTS="yes"


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...