Blob Blame History Raw
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

Summary: User space tools for kernel auditing
Name: audit
Version: 3.0.7
Release: 1%{?dist}
License: GPLv2+
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt

BuildRequires: gcc swig make
BuildRequires: openldap-devel
BuildRequires: krb5-devel libcap-ng-devel
BuildRequires: kernel-headers >= 2.6.29
BuildRequires: systemd

Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires(post): systemd coreutils
Requires(preun): systemd initscripts
Requires(postun): systemd coreutils initscripts

%description
The audit package contains the user space utilities for
storing and searching the audit records generated by
the audit subsystem in the Linux 2.6 and later kernels.

%package libs
Summary: Dynamic library for libaudit
License: LGPLv2+

%description libs
The audit-libs package contains the dynamic libraries needed for 
applications to use the audit framework.

%package libs-devel
Summary: Header files for libaudit
License: LGPLv2+
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: kernel-headers >= 2.6.29

%description libs-devel
The audit-libs-devel package contains the header files needed for
developing applications that need to use the audit framework libraries.

%package -n python3-audit
Summary: Python3 bindings for libaudit
License: LGPLv2+
BuildRequires: python3-devel
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: audit-libs-python3 = %{version}-%{release}
Provides: audit-libs-python3%{?_isa} = %{version}-%{release}
Obsoletes: audit-libs-python3 < %{version}-%{release}

%description -n python3-audit
The python3-audit package contains the bindings so that libaudit
and libauparse can be used by python3.

%package -n audispd-plugins
Summary: Plugins for the audit event dispatcher
License: GPLv2+
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}

%description -n audispd-plugins
The audispd-plugins package provides plugins for the real-time
interface to the audit system, audispd. These plugins can do things
like relay events to remote machines.

%package -n audispd-plugins-zos
Summary: z/OS plugin for the audit event dispatcher
License: GPLv2+
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: openldap

%description -n audispd-plugins-zos
The audispd-plugins-zos package provides a plugin that will forward all
incoming audit events, as they happen, to a configured z/OS SMF (Service
Management Facility) database, through an IBM Tivoli Directory Server
(ITDS) set for Remote Audit service.

%prep
%setup -q
cp %{SOURCE1} .

%build
%configure --with-python=no \
	   --with-python3=yes \
	   --enable-gssapi-krb5=yes --with-arm --with-aarch64 \
	   --with-libcap-ng=yes --enable-zos-remote \
	   --enable-systemd

make CFLAGS="%{optflags}" %{?_smp_mflags}

%install
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audit/plugins.d,etc/audit/rules.d}
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
make DESTDIR=$RPM_BUILD_ROOT install

# Remove these items so they don't get picked up.
rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a

find $RPM_BUILD_ROOT -name '*.la' -delete
find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete

# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz

%check
make check
# Get rid of make files so that they don't get packaged.
rm -f rules/Makefile*

%post
# Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then
  if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then
    cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
  else
    touch /etc/audit/rules.d/audit.rules
  fi
  chmod 0600 /etc/audit/rules.d/audit.rules
fi
%systemd_post auditd.service

%preun
%systemd_preun auditd.service
if [ $1 -eq 0 ]; then
    /sbin/service auditd stop > /dev/null 2>&1
fi

%postun
if [ $1 -ge 1 ]; then
    /sbin/service auditd condrestart > /dev/null 2>&1 || :
fi

%files libs
%{!?_licensedir:%global license %%doc}
%license lgpl-2.1.txt
%{_libdir}/libaudit.so.1*
%{_libdir}/libauparse.*
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
%{_mandir}/man5/libaudit.conf.5.gz

%files libs-devel
%doc contrib/plugin
%{_libdir}/libaudit.so
%{_libdir}/libauparse.so
%{_includedir}/libaudit.h
%{_includedir}/auparse.h
%{_includedir}/auparse-defs.h
%{_datadir}/aclocal/audit.m4
%{_libdir}/pkgconfig/audit.pc
%{_libdir}/pkgconfig/auparse.pc
%{_mandir}/man3/*

%files -n python3-audit
%attr(755,root,root) %{python3_sitearch}/*

%files
%doc README ChangeLog init.d/auditd.cron
%{!?_licensedir:%global license %%doc}
%license COPYING
%attr(750,root,root) %{_datadir}/%{name}
%attr(644,root,root) %{_datadir}/%{name}/sample-rules/*
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz
%attr(755,root,root) %{_sbindir}/auditctl
%attr(755,root,root) %{_sbindir}/auditd
%attr(755,root,root) %{_sbindir}/ausearch
%attr(755,root,root) %{_sbindir}/aureport
%attr(750,root,root) %{_sbindir}/autrace
%attr(755,root,root) %{_sbindir}/augenrules
%attr(755,root,root) %{_bindir}/aulast
%attr(755,root,root) %{_bindir}/aulastlog
%attr(755,root,root) %{_bindir}/ausyscall
%attr(755,root,root) %{_bindir}/auvirt
%attr(644,root,root) %{_unitdir}/auditd.service
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/audit-functions
%ghost %{_localstatedir}/run/auditd.state
%attr(-,root,-) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit
%attr(750,root,root) %dir /etc/audit/rules.d
%attr(750,root,root) %dir /etc/audit/plugins.d
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf

%files -n audispd-plugins
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
%attr(750,root,root) %{_sbindir}/audisp-remote
%attr(750,root,root) %{_sbindir}/audisp-syslog
%attr(700,root,root) %dir %{_var}/spool/audit
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz

%files -n audispd-plugins-zos
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf
%attr(750,root,root) %{_sbindir}/audispd-zos-remote

%changelog
* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-1
- New upstream release - 3.0.7
  Related: rhbz#1939406

* Thu Jan 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.5-1
- Rebase audit package on 8.6
  Resolves: rhbz#1939406
  Resolves: rhbz#1906065
  Resolves: rhbz#1921447
  Resolves: rhbz#1927884
  Resolves: rhbz#1921658

* Wed Jan 08 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.17.20191104git1c2f876
resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates (bpf patch)

* Thu Nov 28 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.16.20191104git1c2f876
resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin

* Mon Nov 04 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.15.20191104git1c2f876
resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates
resolves: rhbz#1767054 - move audit rules to shared data directory
resolves: rhbz#1746018 - Breakup 30-ospp-v42.rules into more granular files
resolves: rhbz#1740798 - auditctl(8) needs clarification for backlog_limit
resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin

* Thu Jul 25 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.13.20190607gitf58ec40
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes

* Sat Jul 13 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.12.20190607gitf58ec40
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes

* Mon Jun 10 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.11.20190607gitf58ec40
resolves: rhbz#1643567 - service auditd stop exits prematurely
resolves: rhbz#1693470 - libauparse memory leak
resolves: rhbz#1694071 - ausearch doesn't record device/inode details checkpointing a single file
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes
resolves: rhbz#1705894 - aureport aborts when using a specific input
resolves: rhbz#1706045 - RFE: Backport support for new audit record types
resolves: rhbz#1715852 - RFE: provide a way to filter on network address family

* Wed Jan 09 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.10.20180831git0047a6c
resolves: rhbz#1655270] Message "audit: backlog limit exceeded" reported
- Fix annobin failure

* Fri Dec 07 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.8.20180831git0047a6c
resolves: rhbz#1639745 - build requires go-toolset-7 which is not available
resolves: rhbz#1643567 - service auditd stop exits prematurely
resolves: rhbz#1616428 - Update git snapshot of audit package
- Remove static libs subpackage

* Fri Aug 31 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.5.20180831git0047a6c
resolves: rhbz#1616428 - Update git snapshot of audit package

* Wed Aug 08 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.2.20180808git77fbcf3
resolves: rhbz#1567357 New upstream feature prerelease

* Tue Jul 17 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.1.20180717gitacd53d1
- New upstream feature prerelease

* Tue Jun 26 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-2
- Fix segfault on shutdown

* Tue Jun 19 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-1
- New upstream bugfix release

* Wed May 30 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-1
- New upstream bugfix release
- Remove Python2 support

* Fri Apr 13 2018 Tom Stellard <tstellar@redhat.com> - 2.7.8-2
- Use go-toolset-7 instead of golang
- Package now must be built with: rhpkg --release rhel-8.0-go-toolset

* Mon Sep 18 2017 Steve Grubb <sgrubb@redhat.com> 2.7.8-1
- New upstream bugfix release

* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Fri Jul 14 2017 Steve Grubb <sgrubb@redhat.com> 2.7.7-3
- undo scratch build

* Fri Jun 16 2017 Steve Grubb <sgrubb@redhat.com> 2.7.7-1
- New upstream bugfix release

* Wed Apr 19 2017 Steve Grubb <sgrubb@redhat.com> 2.7.6-1
- New upstream bugfix release

* Mon Apr 10 2017 Steve Grubb <sgrubb@redhat.com> 2.7.5-1
- New upstream bugfix release

* Tue Mar 28 2017 Steve Grubb <sgrubb@redhat.com> 2.7.4-1
- New upstream feature and bugfix release

* Fri Feb 24 2017 Steve Grubb <sgrubb@redhat.com> 2.7.3-1
- New upstream feature and bugfix release

* Mon Feb 13 2017 Steve Grubb <sgrubb@redhat.com> 2.7.2-2
- Fix ausearch csv output

* Mon Feb 13 2017 Steve Grubb <sgrubb@redhat.com> 2.7.2-1
- New upstream feature and bugfix release

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Fri Jan 13 2017 Steve Grubb <sgrubb@redhat.com> 2.7.1-1
- New upstream bugfix release

* Mon Dec 19 2016 Miro HronĨok <mhroncok@redhat.com> - 2.7-2
- Rebuild for Python 3.6

* Thu Dec 15 2016 Steve Grubb <sgrubb@redhat.com> 2.7-1
- New upstream feature release

* Sun Sep 11 2016 Steve Grubb <sgrubb@redhat.com> 2.6.7-1
- New upstream bugfix release

* Mon Aug 01 2016 Steve Grubb <sgrubb@redhat.com> 2.6.6-1
- New upstream bugfix release

* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.5-3
- https://fedoraproject.org/wiki/Changes/golang1.7

* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.5-2
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages

* Thu Jul 14 2016 Steve Grubb <sgrubb@redhat.com> 2.6.5-1
- New upstream bugfix release

* Fri Jul 08 2016 Steve Grubb <sgrubb@redhat.com> 2.6.4-2
- Correct size information of dispatched event

* Fri Jul 08 2016 Steve Grubb <sgrubb@redhat.com> 2.6.4-1
- New upstream bugfix release

* Tue Jul 05 2016 Steve Grubb <sgrubb@redhat.com> 2.6.3-2
- Fix sockaddr event interpretation

* Tue Jul 05 2016 Steve Grubb <sgrubb@redhat.com> 2.6.3-1
- New upstream bugfix release

* Fri Jul 01 2016 Steve Grubb <sgrubb@redhat.com> 2.6.2-1
- New upstream bugfix release
- Fixes 1351954 - prevents virtual machine from starting up in GNOME Boxes

* Tue Jun 28 2016 Steve Grubb <sgrubb@redhat.com> 2.6.1-1
- New upstream bugfix release

* Wed Jun 22 2016 Steve Grubb <sgrubb@redhat.com> 2.6-3
- New upstream release

* Fri Apr 29 2016 Steve Grubb <sgrubb@redhat.com> 2.5.2-1
- New upstream release

* Thu Apr 28 2016 Steve Grubb <sgrubb@redhat.com> 2.5.1-2
- Refactor plugins to split out zos-remote to lower dependencies

* Wed Apr 13 2016 Steve Grubb <sgrubb@redhat.com> 2.5.1-1
- New upstream release

* Fri Mar 18 2016 Steve Grubb <sgrubb@redhat.com> 2.5-4
- Fixes #1313152 - post script fails on dnf --setopt=tsflags=nodocs install

* Mon Feb 22 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5-3
- https://fedoraproject.org/wiki/Changes/golang1.6

* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Mon Jan 11 2016 Steve Grubb <sgrubb@redhat.com> 2.5-1
- New upstream release
- Fixes #1241565 - still logs way too much
- Fixes #1238051 - audit.rules should be generated from by augenrules

* Fri Dec 18 2015 Steve Grubb <sgrubb@redhat.com> 2.4.4-1
- New upstream bugfix release

* Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 2.4.4-3
- Rebuilt for Python3.5 rebuild

* Wed Sep 16 2015 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.4-2
- Fix FTBFS with hardened flags by using the distro CFLAGS
- Tighten deps with the _isa macro
- Use goarches macro to define supported GO architectures
- Minor cleanups

* Thu Aug 13 2015 Steve Grubb <sgrubb@redhat.com> 2.4.4-1
- New upstream bugfix release
- Fixes CVE-2015-5186 Audit: log terminal emulator escape sequences handling

* Thu Jul 16 2015 Steve Grubb <sgrubb@redhat.com> 2.4.3-1
- New upstream bugfix release
- Adds python3 support

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Tue Apr 28 2015 Steve Grubb <sgrubb@redhat.com> 2.4.2-1
- New upstream bugfix release

* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.4.1-2
- Rebuilt for Fedora 23 Change
  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

* Tue Oct 28 2014 Steve Grubb <sgrubb@redhat.com> 2.4.1-1
- New upstream feature and bugfix release

* Mon Oct 06 2014 Karsten Hopp <karsten@redhat.com> 2.4-2
- bump release and rebuild for upgradepath

* Sun Aug 24 2014 Steve Grubb <sgrubb@redhat.com> 2.4-1
- New upstream feature and bugfix release

* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.8-0.3.svn20140803
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Mon Aug  4 2014 Peter Robinson <pbrobinson@fedoraproject.org> 2.3.8-0.2.svn20140803
- aarch64/PPC/s390 don't have golang

* Sat Aug 02 2014 Steve Grubb <sgrubb@redhat.com> 2.3.8-0.1.svn20140803
- New upstream svn snapshot

* Tue Jul 22 2014 Steve Grubb <sgrubb@redhat.com> 2.3.7-4
- Bug 1117953 - Per fesco#1311, please disable syscall auditing by default

* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> - 2.3.7-3
- mark license files properly

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Tue Jun 03 2014 Steve Grubb <sgrubb@redhat.com> 2.3.7-1
- New upstream bugfix release

* Fri Apr 11 2014 Steve Grubb <sgrubb@redhat.com> 2.3.6-1
- New upstream bugfix/enhancement release

* Mon Mar 17 2014 Steve Grubb <sgrubb@redhat.com> 2.3.5-1
- New upstream bugfix/enhancement release

* Thu Feb 27 2014 Steve Grubb <sgrubb@redhat.com> 2.3.4-1
- New upstream bugfix/enhancement release

* Thu Jan 16 2014 Steve Grubb <sgrubb@redhat.com> 2.3.3-1
- New upstream bugfix/enhancement release

* Mon Jul 29 2013 Steve Grubb <sgrubb@redhat.com> 2.3.2-1
- New upstream bugfix/enhancement release

* Fri Jun 21 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-3
- Drop prelude support

* Fri May 31 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-2
- Fix unknown lvalue in auditd.service (#969345)

* Thu May 30 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-1
- New upstream bugfix/enhancement release

* Fri May 03 2013 Steve Grubb <sgrubb@redhat.com> 2.3-2
- If no rules exist, copy shipped rules into place