Hello community,
here is the log from the commit of package yast2-audit-laf
checked in at Thu Nov 6 22:36:30 CET 2008.
--------
--- yast2-audit-laf/yast2-audit-laf.changes 2008-10-30 17:27:45.000000000 +0100
+++ /mounts/work_src_done/STABLE/yast2-audit-laf/yast2-audit-laf.changes 2008-11-06 13:55:18.000000000 +0100
@@ -1,0 +2,7 @@
+Tue Nov 4 13:38:35 CET 2008 - gs@suse.de
+
+- Additional checks added (audit daemon really running,
+ correct script specified for option EXEC)
+- 2.17.6
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
yast2-audit-laf-2.17.5.tar.bz2
New:
----
yast2-audit-laf-2.17.6.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-audit-laf.spec ++++++
--- /var/tmp/diff_new_pack.rlh698/_old 2008-11-06 22:36:20.000000000 +0100
+++ /var/tmp/diff_new_pack.rlh698/_new 2008-11-06 22:36:20.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-audit-laf (Version 2.17.5)
+# spec file for package yast2-audit-laf (Version 2.17.6)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -19,12 +19,12 @@
Name: yast2-audit-laf
-Version: 2.17.5
+Version: 2.17.6
Release: 1
License: GPL v2 or later
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-audit-laf-2.17.5.tar.bz2
+Source0: yast2-audit-laf-2.17.6.tar.bz2
Prefix: /usr
Requires: yast2
BuildRequires: perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-testsuite
@@ -42,7 +42,7 @@
Gabriele Mohr
%prep
-%setup -n yast2-audit-laf-2.17.5
+%setup -n yast2-audit-laf-2.17.6
%build
%{prefix}/bin/y2tool y2autoconf
@@ -80,6 +80,10 @@
/usr/share/YaST2/scrconf/auditd.scr
%doc %{prefix}/share/doc/packages/yast2-audit-laf
%changelog
+* Tue Nov 04 2008 gs@suse.de
+- Additional checks added (audit daemon really running,
+ correct script specified for option EXEC)
+- 2.17.6
* Tue Oct 28 2008 gs@suse.de
- Allow to enter any log file name (replace AskForExistingFile
by AskForSaveFileName)
++++++ yast2-audit-laf-2.17.5.tar.bz2 -> yast2-audit-laf-2.17.6.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-audit-laf-2.17.5/configure new/yast2-audit-laf-2.17.6/configure
--- old/yast2-audit-laf-2.17.5/configure 2008-10-30 16:29:14.000000000 +0100
+++ new/yast2-audit-laf-2.17.6/configure 2008-11-06 13:55:59.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for yast2-audit-laf 2.17.5.
+# Generated by GNU Autoconf 2.61 for yast2-audit-laf 2.17.6.
#
# Report bugs to http://bugs.opensuse.org/.
#
@@ -574,8 +574,8 @@
# Identity of this package.
PACKAGE_NAME='yast2-audit-laf'
PACKAGE_TARNAME='yast2-audit-laf'
-PACKAGE_VERSION='2.17.5'
-PACKAGE_STRING='yast2-audit-laf 2.17.5'
+PACKAGE_VERSION='2.17.6'
+PACKAGE_STRING='yast2-audit-laf 2.17.6'
PACKAGE_BUGREPORT='http://bugs.opensuse.org/'
ac_unique_file="RPMNAME"
@@ -1197,7 +1197,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures yast2-audit-laf 2.17.5 to adapt to many kinds of systems.
+\`configure' configures yast2-audit-laf 2.17.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1268,7 +1268,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of yast2-audit-laf 2.17.5:";;
+ short | recursive ) echo "Configuration of yast2-audit-laf 2.17.6:";;
esac
cat <<\_ACEOF
@@ -1346,7 +1346,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-yast2-audit-laf configure 2.17.5
+yast2-audit-laf configure 2.17.6
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1360,7 +1360,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by yast2-audit-laf $as_me 2.17.5, which was
+It was created by yast2-audit-laf $as_me 2.17.6, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2181,7 +2181,7 @@
# Define the identity of the package.
PACKAGE='yast2-audit-laf'
- VERSION='2.17.5'
+ VERSION='2.17.6'
cat >>confdefs.h <<_ACEOF
@@ -2409,7 +2409,7 @@
-VERSION="2.17.5"
+VERSION="2.17.6"
RPMNAME="yast2-audit-laf"
MAINTAINER="Gabriele Mohr "
@@ -3304,7 +3304,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by yast2-audit-laf $as_me 2.17.5, which was
+This file was extended by yast2-audit-laf $as_me 2.17.6, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -3347,7 +3347,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-yast2-audit-laf config.status 2.17.5
+yast2-audit-laf config.status 2.17.6
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-audit-laf-2.17.5/configure.in new/yast2-audit-laf-2.17.6/configure.in
--- old/yast2-audit-laf-2.17.5/configure.in 2008-10-30 16:29:10.000000000 +0100
+++ new/yast2-audit-laf-2.17.6/configure.in 2008-11-06 13:55:54.000000000 +0100
@@ -3,7 +3,7 @@
dnl -- This file is generated by y2autoconf 2.17.6 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2-audit-laf, 2.17.5, http://bugs.opensuse.org/, yast2-audit-laf)
+AC_INIT(yast2-audit-laf, 2.17.6, http://bugs.opensuse.org/, yast2-audit-laf)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -18,7 +18,7 @@
AM_INIT_AUTOMAKE(tar-ustar -Wno-portability)
dnl Important YaST2 variables
-VERSION="2.17.5"
+VERSION="2.17.6"
RPMNAME="yast2-audit-laf"
MAINTAINER="Gabriele Mohr "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-audit-laf-2.17.5/src/AuditLaf.ycp new/yast2-audit-laf-2.17.6/src/AuditLaf.ycp
--- old/yast2-audit-laf-2.17.5/src/AuditLaf.ycp 2008-10-30 17:07:16.000000000 +0100
+++ new/yast2-audit-laf-2.17.6/src/AuditLaf.ycp 2008-11-06 12:53:15.000000000 +0100
@@ -306,17 +306,17 @@
*/
boolean ReadAuditRules() {
- string rules = (string)SCR::Read(.target.string, rules_file );
+ string rules = (string)SCR::Read(.target.string, rules_file );
- if ( rules != nil && rules != "" )
- {
- RULES = rules;
- // additionally save initial settings
- INITIAL_RULES = rules;
- return true;
- }
- else
- return false;
+ if ( rules != nil && rules != "" )
+ {
+ RULES = rules;
+ // additionally save initial settings
+ INITIAL_RULES = rules;
+ return true;
+ }
+ else
+ return false;
}
/**
@@ -324,7 +324,7 @@
*/
boolean WriteAuditRules() {
boolean success = (boolean)SCR::Write(.target.string, rules_file, RULES );
- // FIXME ??? flush necessary ???
+
return success;
}
@@ -353,6 +353,22 @@
return true;
}
+global boolean CheckAuditdStatus()
+{
+ integer auditd_stat = Service::Status( "auditd" );
+
+ if ( auditd_stat != 0 )
+ {
+ Report::Error( _("Cannot start the audit daemon.
+Please check /var/log/messages for auditd errors.
+You can use the module 'System Log' from group
+'Miscellaneous' in YaST2 Control Center.") );
+ return false;
+ }
+ else
+ return true;
+}
+
/**
* Read all auditd settings
* @return true on success
@@ -458,6 +474,11 @@
return false;
}
+ else
+ {
+ CheckAuditdStatus();
+ return true;
+ }
}
}
@@ -471,7 +492,7 @@
* @return true on success
*/
boolean WriteAuditdSettings() {
- boolean success = true;
+ boolean ret = true;
if ( ! FileUtils::Exists ( config_file ) )
return false;
@@ -479,15 +500,19 @@
// write all options to auditd.conf
foreach (string key, string value, SETTINGS, {
// and write each value
- success = (boolean)SCR::Write(add(.auditd, key), value );
+ boolean success = (boolean)SCR::Write(add(.auditd, key), value );
+ if ( !success )
+ ret = false;
});
// This is very important
// it flushes the cache, and stores the configuration on the disk
SCR::Write(.auditd, nil);
- y2milestone("%1 has been written: %2", config_file, SETTINGS);
-
- return true;
+
+ if ( ret )
+ y2milestone("%1 has been written: %2", config_file, SETTINGS);
+
+ return ret;
}
/**
@@ -597,6 +622,9 @@
sleep(sl);
}
+
+ // Finally check status of auditd (if restart has worked but daemon exited afterwards)
+ CheckAuditdStatus();
if ( PollAbort() ) return false;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-audit-laf-2.17.5/src/complex.ycp new/yast2-audit-laf-2.17.6/src/complex.ycp
--- old/yast2-audit-laf-2.17.5/src/complex.ycp 2008-10-30 17:14:50.000000000 +0100
+++ new/yast2-audit-laf-2.17.6/src/complex.ycp 2008-11-06 12:28:05.000000000 +0100
@@ -37,6 +37,7 @@
import "Confirm";
import "AuditLaf";
import "Report";
+import "FileUtils";
include "audit-laf/helps.ycp";
@@ -300,6 +301,43 @@
return nil;
}
+boolean CheckExec( string file, string key )
+{
+ // Check the executable like done in audit package (see audit-1.7.7/src/auditd-config.c)
+ boolean ret = true;
+ // Second part of an error message: the value won't be changed because of previous error
+ string message = sformat(_("Value of '%1' remains unchanged."), key );
+
+ if ( ! FileUtils::Exists( file ) )
+ {
+ Report::Error( sformat( "%1 doesn't exist.\n", file ) + message );
+ ret = false;
+ }
+ else if ( ! FileUtils::IsFile( file ) )
+ {
+ Report::Error( sformat( "%1 is not a regular file.\n", file ) + message );
+ ret = false;
+ }
+ else if ( FileUtils::GetOwnerUserID( file ) != 0 )
+ {
+ Report::Error( sformat( "%1 not owned by root.\n", file ) + message );
+ ret = false;
+ }
+ else
+ {
+ // check permissions
+ map output = (map)SCR::Execute(.target.bash_output, sformat("ls -al %1", file ) );
+
+ if ( substring ( output["stdout"]:"", 0, 10 ) != "-rwxr-x---" )
+ {
+ Report::Error( sformat( "File permissiones of %1 NOT set to -rwxr-x---.\n", file ) + message );
+ ret = false;
+ }
+ }
+
+ return ret;
+}
+
/*
* Store all settings made in disk space dialog
*/
@@ -326,9 +364,11 @@
if ( option == "EXEC" )
{
exec = (string)UI::QueryWidget( `id(key+"_exec"), `Value );
- AuditLaf::SetAuditdOption( key, option + " " + exec );
+ if ( CheckExec( exec, key ) )
+ {
+ AuditLaf::SetAuditdOption( key, option + " " + exec );
+ }
}
-
else
{
AuditLaf::SetAuditdOption( key, option );
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-audit-laf-2.17.5/src/helps.ycp new/yast2-audit-laf-2.17.6/src/helps.ycp
--- old/yast2-audit-laf-2.17.5/src/helps.ycp 2008-10-30 15:03:53.000000000 +0100
+++ new/yast2-audit-laf-2.17.6/src/helps.ycp 2008-11-06 12:53:01.000000000 +0100
@@ -83,40 +83,48 @@
_("<p><b>Computer Name Format</b> describes how to write the computer name to the log file.
If <i>User</i> is set the <b>User Defined Name</b> is used.</p> "),
- /* dispatcher dialog help 1/4 */
+ /* dispatcher dialog help 1/5 */
"dispatcher" : _("<p><b><big>Auditd Dispatcher Configuration</big></b><br>
Detailed information about the dispatcher settings can be obtained from 'man auditd.conf'.<br></p>") +
- /* dispatcher dialog help 2/4 */
+ /* dispatcher dialog help 2/5 */
_("<p><b>Dispatcher</b>: The dispatcher program is started by the audit daemon and
gets all audit events on stdin.</p>") +
- /* dispatcher dialog help 3/4 */
+ /* dispatcher dialog help 3/5 */
_("<p><b>Communication</b>: Controls the communication
between the daemon and the dispatcher program.</p>") +
- /* dispatcher dialog help 4/4 */
+ /* dispatcher dialog help 4/5 */
_("<p>The dispatcher 'audispd' is an audit event multiplexor
-(for more information see 'man audispd' and 'man audispd.conf'.</p>"),
+(for more information see 'man audispd' and 'man audispd.conf'.</p>") +
- /* disk space dialog help 1/5 */
+ /* dispatcher dialog help 5/5 */
+ _("<p><b>Please note:</b> The dispatcher program must be owned by 'root', have '0750'
+ file permissions and the full path name has to be entered.</p>"),
+
+ /* disk space dialog help 1/6 */
"diskspace_settings" : _("<p><b><big>Auditd Disk Space Configuration</big></b><br>
The settings made here refer to disk space on log partition.
Detailed information can be obtained from 'man auditd.conf'</p>
") +
- /* disk space dialog help 2/5 */
+ /* disk space dialog help 2/6 */
_("<p><b>Space Left</b> and <b>Action</b> describe how much disk space (in megabytes)
to left and which action to perform if the system is starting to run low on space.</p>") +
- /* disk space dialog help 3/5 */
+ /* disk space dialog help 3/6 */
_("<p><b>Admin Space Left</b> and <b>Action</b> describe how much disk space (in megabytes)
to left and which action to perform if the system <b>is running low</b>.</p>") +
- /* disk space dialog help 4/5 */
+ /* disk space dialog help 4/6 */
_("<p>If an action is set to <i>EMAIL</i> a warning mail will be send to the account specified in
<b>Action Mail Account</b></p>" ) +
- /* disk space dialog help 5/5 */
+ /* disk space dialog help 5/6 */
_("<p>You can also specify a <b>Disk Full Action</b> (disk has become full already) and
-a <b>Disk Error Action</b> (performed whenever an error is detected while writing to disk).</p>"),
+a <b>Disk Error Action</b> (performed whenever an error is detected while writing to disk).</p>") +
+
+ /* disk space dialog help 6/6 */
+ _("<p><b>Please note:</b> All scripts specified for <b>Action</b> <i>EXEC</i> must be owned
+by 'root', have '0750' file permissions and the full path name has to be entered.</p>"),
/* rules dialog help 1/6 */
"audit_rules" : _("<p><b><big>Rules for auditctl</big></b><br>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-audit-laf-2.17.5/VERSION new/yast2-audit-laf-2.17.6/VERSION
--- old/yast2-audit-laf-2.17.5/VERSION 2008-10-30 15:07:27.000000000 +0100
+++ new/yast2-audit-laf-2.17.6/VERSION 2008-11-04 14:47:12.000000000 +0100
@@ -1 +1 @@
-2.17.5
+2.17.6
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org