# # spec file for package audit-secondary # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %bcond_without python2 %bcond_without python3 # This package contains all audit functionality except for audit-libs. # The seperation is required to minimize unnecessary build cycles. %define _name audit Name: audit-secondary Version: 2.8.1 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later Group: System/Monitoring URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Patch1: audit-plugins-path.patch Patch2: audit-no-gss.patch Patch3: audit-allow-manual-stop.patch Patch4: audit-ausearch-do-not-require-tclass.patch Patch5: audit-Fix-hang-on-startup.patch BuildRequires: audit-devel = %{version} BuildRequires: autoconf >= 2.12 BuildRequires: gcc-c++ BuildRequires: kernel-headers >= 2.6.30 BuildRequires: libldapcpp-devel BuildRequires: libtool BuildRequires: pkgconfig %if %{with python2} BuildRequires: python2-devel %endif %if %{with python3} BuildRequires: python3-devel %endif BuildRequires: python-rpm-macros BuildRequires: swig BuildRequires: systemd-rpm-macros BuildRequires: tcpd-devel BuildRequires: pkgconfig(libcap-ng) %description The audit package contains the user space utilities for storing and processing the records generated by the audit subsystem in the Linux kernel. %package -n audit Summary: User Space Tools for Kernel Auditing License: LGPL-2.1-or-later Group: System/Monitoring Requires: %{_name}-libs = %{version} Requires: coreutils %{?systemd_requires} %description -n audit The audit package contains the user space utilities for storing and processing the audit records generated by the audit subsystem in the Linux kernel. %package -n python2-audit Summary: Python Bindings for libaudit License: LGPL-2.1-or-later Group: Development/Languages/Python Provides: audit-libs-python = %{version} Obsoletes: audit-libs-python < %{version} %description -n python2-audit The audit-libs-python package contains the bindings for using libaudit by python. %package -n python3-audit Summary: Python3 Bindings for libaudit License: LGPL-2.1-or-later Group: Development/Languages/Python Provides: audit-libs-python3 = %{version} Obsoletes: audit-libs-python3 < %{version} %description -n python3-audit The audit-libs-python3 package contains the bindings for using libaudit by python3. %package -n audit-audispd-plugins Summary: Default plugins for the audit dispatcher License: GPL-2.0-or-later Group: System/Monitoring %description -n audit-audispd-plugins The audit-audispd-plugins package contains plugin components for the audit dispatcher (audispd). %prep # remove selinux policy rm -rf audisp/plugins/zos-remote/policy # we don't build prelude rm -rf audisp/plugins/prelude %setup -q -n %{_name}-%{version} %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" export LDFLAGS="-Wl,-z,relro,-z,now" # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch %configure \ --enable-systemd \ --libexecdir=%{_libexecdir}/%{_name} \ --with-apparmor \ --with-libwrap \ --with-libcap-ng=yes \ --disable-static make %{?_smp_mflags} %install %make_install mkdir -p %{buildroot}%{_localstatedir}/log/audit/ touch %{buildroot}%{_localstatedir}/log/audit/audit.log mkdir -p %{buildroot}%{_localstatedir}/spool/audit/ # For ghost below, so that old location files will still be there when # post copy runs mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/ mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/rules.d/ touch %{buildroot}%{_sysconfdir}/{auditd.conf,audit.rules} %{buildroot}%{_sysconfdir}/audit/auditd.conf # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec %{buildroot}%{_sysconfdir}/libaudit.conf # Starting with audit 2.5 no config is installed so start with no rules install -m 0644 rules/10-no-audit.rules %{buildroot}%{_sysconfdir}/%{_name}/rules.d/audit.rules # delete redhat scripts, use ours rm -rf %{buildroot}%{_sysconfdir}/sysconfig/auditd rm -rf %{buildroot}%{_initddir}/auditd rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d # delete redhat systemd legacy scripts, our systemd doesn't support the feature # https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html rm -rf %{buildroot}%{_libexecdir}/audit # Clean up some unneeded library files rm -f %{buildroot}/%{_libdir}/python*/site-packages/{_audit,_auparse,auparse}.{a,la} rm -rf %{buildroot}/%{_libdir}/python*/site-packages/__pycache__ # cleanup makefiles for the rules (installed by %%docs command) rm -f %{buildroot}/%{_libdir}/pkgconfig/{audit,auparse}.pc # cleanup files handled by audit.spec rm -rf %{buildroot}/%{_datadir}/aclocal/ rm -rf %{buildroot}/%{_includedir} rm -f %{buildroot}/%{_libdir}/lib{audit,auparse}.* rm -f %{buildroot}%{_sysconfdir}/libaudit.conf rm -f %{buildroot}/%{_mandir}/man5/libaudit.conf.5 rm -rf %{buildroot}/%{_mandir}/man3 # Cleanup plugins #USR-MERGE mkdir %{buildroot}/sbin/ for prog in auditctl auditd ausearch autrace audispd aureport augenrules; do ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog done #END-USR-MERGE # rcauditd symlink ln -s service %{buildroot}%{_sbindir}/rcauditd chmod 0644 %{buildroot}%{_unitdir}/auditd.service %check make %{?_smp_mflags} check %post -n audit # Save existing audit files if any (from old locations) if [ -f %{_sysconfdir}/auditd.conf ]; then mv %{_sysconfdir}/audit/auditd.conf %{_sysconfdir}/audit/auditd.conf.new mv %{_sysconfdir}/auditd.conf %{_sysconfdir}/audit/auditd.conf fi if [ -f %{_sysconfdir}/audit.rules ]; then mv %{_sysconfdir}/audit.rules %{_sysconfdir}/audit/audit.rules elif [ ! -f %{_sysconfdir}/audit/audit.rules ]; then cp %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules fi %service_add_post auditd.service %pre -n audit %service_add_pre auditd.service %preun -n audit %service_del_preun auditd.service %postun -n audit %service_del_postun auditd.service %files -n audit %doc README COPYING ChangeLog rules/[0-9]* rules/README-rules init.d/auditd.cron %attr(644,root,root) %{_mandir}/man8/audispd.8.gz %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz %attr(644,root,root) %{_mandir}/man8/auditd.8.gz %attr(644,root,root) %{_mandir}/man8/aureport.8.gz %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz %attr(644,root,root) %{_mandir}/man8/autrace.8.gz %attr(644,root,root) %{_mandir}/man8/aulast.8.gz %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz %attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz /sbin/auditctl %attr(750,root,root) %{_sbindir}/auditctl /sbin/auditd %attr(750,root,root) %{_sbindir}/auditd /sbin/ausearch %attr(755,root,root) %{_sbindir}/ausearch /sbin/autrace %attr(750,root,root) %{_sbindir}/autrace /sbin/audispd %attr(750,root,root) %{_sbindir}/augenrules /sbin/augenrules %attr(750,root,root) %{_sbindir}/audispd %attr(755,root,root) %{_bindir}/aulast %attr(755,root,root) %{_bindir}/aulastlog %attr(755,root,root) %{_bindir}/ausyscall /sbin/aureport %attr(755,root,root) %{_sbindir}/aureport %attr(755,root,root) %{_bindir}/auvirt %dir %attr(750,root,root) %{_sysconfdir}/audit %attr(750,root,root) %dir %{_sysconfdir}/audisp %attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf %ghost %{_sysconfdir}/auditd.conf %ghost %{_sysconfdir}/audit.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf %dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules %dir %attr(700,root,root) %{_localstatedir}/log/audit %ghost %config(noreplace) %{_localstatedir}/log/audit/audit.log %dir %attr(700,root,root) %{_localstatedir}/spool/audit %{_unitdir}/auditd.service %{_sbindir}/rcauditd %if %{with python2} %files -n python2-audit %attr(755,root,root) %{python2_sitearch}/_audit.so %attr(755,root,root) %{python2_sitearch}/auparse.so %{python2_sitearch}/audit.py* %endif %if %{with python3} %files -n python3-audit %attr(755,root,root) %{python3_sitearch}/_audit.so %attr(755,root,root) %{python3_sitearch}/auparse.so %{python3_sitearch}/audit.py* %endif %files -n audit-audispd-plugins %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %attr(750,root,root) %dir %{_sysconfdir}/audisp %attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/zos-remote.conf %attr(750,root,root) %{_sbindir}/audisp-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf %changelog