1 |
commit: 542c859a8f250f1f9a4433ac189871b3988450aa |
2 |
Author: Luis Ressel <aranea <AT> aixah <DOT> de> |
3 |
AuthorDate: Mon Nov 13 06:24:12 2017 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Nov 13 09:44:43 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=542c859a |
7 |
|
8 |
sys-process/audit: Import from ::gentoo |
9 |
|
10 |
sys-process/audit/Manifest | 2 + |
11 |
sys-process/audit/audit-2.6.4.ebuild | 230 +++++++++++++++++++++ |
12 |
sys-process/audit/audit-2.7.1.ebuild | 230 +++++++++++++++++++++ |
13 |
.../audit/files/audit-2.1.3-ia64-compile-fix.patch | 212 +++++++++++++++++++ |
14 |
sys-process/audit/files/audit-2.4.3-python.patch | 46 +++++ |
15 |
sys-process/audit/files/audit.rules | 24 +++ |
16 |
sys-process/audit/files/audit.rules-2.1.3 | 25 +++ |
17 |
sys-process/audit/files/audit.rules.stop.post | 12 ++ |
18 |
sys-process/audit/files/audit.rules.stop.pre | 15 ++ |
19 |
sys-process/audit/files/auditd-conf.d-2.1.3 | 22 ++ |
20 |
sys-process/audit/files/auditd-init.d-2.4.3 | 90 ++++++++ |
21 |
sys-process/audit/metadata.xml | 10 + |
22 |
12 files changed, 918 insertions(+) |
23 |
|
24 |
diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest |
25 |
new file mode 100644 |
26 |
index 0000000..fb5740a |
27 |
--- /dev/null |
28 |
+++ b/sys-process/audit/Manifest |
29 |
@@ -0,0 +1,2 @@ |
30 |
+DIST audit-2.6.4.tar.gz 1078677 SHA256 b5a79cecd9593c368c9e42d5af72fcd14f046676657e906970b6c4a1aa5d06c7 SHA512 69b5d3987d2b8b189d1242fde639af3d7d366e901733133e47ee71223caf73aa7da40b7811298f0af861969b0ab482c5ef9830b711bdd15bd5f4d0ebc88a1224 WHIRLPOOL bda2f7bb754620b003c9c7df2e29d169e0421a9f0a1cf11396539fc3cae1d3907dc4265c3941e24a30eb206032a894989e74b803f2c4a7558057b879c41b2642 |
31 |
+DIST audit-2.7.1.tar.gz 1099083 SHA256 0441790794fd9375dbca598fa0ffb46c57ff37b3a24b94ffec0bbee3215cca09 SHA512 37964d81deee8608fde5f90d5d096727d3eb009e084be34749adcb0662e607e35c49c80bd83ce38b17161f11363b691721c8a8aa5dea832d320c53ab0ebb7483 WHIRLPOOL 87b7187dc56d78a5401d0f2a39c5461924bbac1d5fa49f68121a38a2422f3e6111e6c9f73db54c882cbaa17f584a23478863ef7c86053ddff63088d3903aafc9 |
32 |
|
33 |
diff --git a/sys-process/audit/audit-2.6.4.ebuild b/sys-process/audit/audit-2.6.4.ebuild |
34 |
new file mode 100644 |
35 |
index 0000000..e83cf86 |
36 |
--- /dev/null |
37 |
+++ b/sys-process/audit/audit-2.6.4.ebuild |
38 |
@@ -0,0 +1,230 @@ |
39 |
+# Copyright 1999-2017 Gentoo Foundation |
40 |
+# Distributed under the terms of the GNU General Public License v2 |
41 |
+ |
42 |
+EAPI="6" |
43 |
+ |
44 |
+PYTHON_COMPAT=( python{2_7,3_4,3_5} ) |
45 |
+ |
46 |
+inherit autotools multilib multilib-minimal toolchain-funcs python-r1 linux-info systemd |
47 |
+ |
48 |
+DESCRIPTION="Userspace utilities for storing and processing auditing records" |
49 |
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/" |
50 |
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz" |
51 |
+ |
52 |
+LICENSE="GPL-2" |
53 |
+SLOT="0" |
54 |
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86" |
55 |
+IUSE="gssapi ldap python static-libs" |
56 |
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
57 |
+# Testcases are pretty useless as they are built for RedHat users/groups and kernels. |
58 |
+RESTRICT="test" |
59 |
+ |
60 |
+RDEPEND="gssapi? ( virtual/krb5 ) |
61 |
+ ldap? ( net-nds/openldap ) |
62 |
+ sys-libs/libcap-ng |
63 |
+ python? ( ${PYTHON_DEPS} )" |
64 |
+DEPEND="${RDEPEND} |
65 |
+ >=sys-kernel/linux-headers-2.6.34 |
66 |
+ python? ( dev-lang/swig:0 )" |
67 |
+# Do not use os-headers as this is linux specific |
68 |
+ |
69 |
+CONFIG_CHECK="~AUDIT" |
70 |
+ |
71 |
+pkg_setup() { |
72 |
+ linux-info_pkg_setup |
73 |
+} |
74 |
+ |
75 |
+src_prepare() { |
76 |
+ eapply_user |
77 |
+ |
78 |
+ # Do not build GUI tools |
79 |
+ sed -i \ |
80 |
+ -e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \ |
81 |
+ "${S}"/configure.ac || die |
82 |
+ sed -i \ |
83 |
+ -e 's,system-config-audit,,g' \ |
84 |
+ "${S}"/Makefile.am || die |
85 |
+ rm -rf "${S}"/system-config-audit |
86 |
+ |
87 |
+ if ! use ldap; then |
88 |
+ sed -i \ |
89 |
+ -e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \ |
90 |
+ "${S}"/configure.ac || die |
91 |
+ sed -i \ |
92 |
+ -e '/^SUBDIRS/s,zos-remote,,g' \ |
93 |
+ "${S}"/audisp/plugins/Makefile.am || die |
94 |
+ fi |
95 |
+ |
96 |
+ # Don't build static version of Python module. |
97 |
+ eapply "${FILESDIR}"/${PN}-2.4.3-python.patch |
98 |
+ |
99 |
+ # glibc/kernel upstreams suck with both defining ia64_fpreg |
100 |
+ # This patch is a horribly workaround that is only valid as long as you |
101 |
+ # don't need the OTHER definitions in fpu.h. |
102 |
+ eapply "${FILESDIR}"/${PN}-2.1.3-ia64-compile-fix.patch |
103 |
+ |
104 |
+ # there is no --without-golang conf option |
105 |
+ sed -e "/^SUBDIRS =/s/ @gobind_dir@//" -i bindings/Makefile.am || die |
106 |
+ |
107 |
+ # Regenerate autotooling |
108 |
+ eautoreconf |
109 |
+} |
110 |
+ |
111 |
+multilib_src_configure() { |
112 |
+ local ECONF_SOURCE=${S} |
113 |
+ econf \ |
114 |
+ --sbindir="${EPREFIX}/sbin" \ |
115 |
+ $(use_enable gssapi gssapi-krb5) \ |
116 |
+ $(use_enable static-libs static) \ |
117 |
+ --enable-systemd \ |
118 |
+ --without-python \ |
119 |
+ --without-python3 |
120 |
+ |
121 |
+ if multilib_is_native_abi; then |
122 |
+ python_configure() { |
123 |
+ mkdir -p "${BUILD_DIR}" || die |
124 |
+ cd "${BUILD_DIR}" || die |
125 |
+ |
126 |
+ if python_is_python3; then |
127 |
+ econf --without-python --with-python3 |
128 |
+ else |
129 |
+ econf --with-python --without-python3 |
130 |
+ fi |
131 |
+ } |
132 |
+ |
133 |
+ use python && python_foreach_impl python_configure |
134 |
+ fi |
135 |
+} |
136 |
+ |
137 |
+src_configure() { |
138 |
+ tc-export_build_env BUILD_{CC,CPP} |
139 |
+ export CC_FOR_BUILD="${BUILD_CC}" |
140 |
+ export CPP_FOR_BUILD="${BUILD_CPP}" |
141 |
+ |
142 |
+ multilib-minimal_src_configure |
143 |
+} |
144 |
+ |
145 |
+multilib_src_compile() { |
146 |
+ if multilib_is_native_abi; then |
147 |
+ default |
148 |
+ |
149 |
+ python_compile() { |
150 |
+ local pysuffix pydef |
151 |
+ if python_is_python3; then |
152 |
+ pysuffix=3 |
153 |
+ pydef='USE_PYTHON3=true' |
154 |
+ else |
155 |
+ pysuffix=2 |
156 |
+ pydef='HAVE_PYTHON=true' |
157 |
+ fi |
158 |
+ |
159 |
+ emake -C "${BUILD_DIR}"/bindings/swig \ |
160 |
+ VPATH="${native_build}/lib" \ |
161 |
+ LIBS="${native_build}/lib/libaudit.la" \ |
162 |
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \ |
163 |
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \ |
164 |
+ ${pydef} |
165 |
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \ |
166 |
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \ |
167 |
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \ |
168 |
+ ${pydef} |
169 |
+ } |
170 |
+ |
171 |
+ local native_build="${BUILD_DIR}" |
172 |
+ use python && python_foreach_impl python_compile |
173 |
+ else |
174 |
+ emake -C lib |
175 |
+ emake -C auparse |
176 |
+ fi |
177 |
+} |
178 |
+ |
179 |
+multilib_src_install() { |
180 |
+ if multilib_is_native_abi; then |
181 |
+ emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install |
182 |
+ |
183 |
+ python_install() { |
184 |
+ local pysuffix pydef |
185 |
+ if python_is_python3; then |
186 |
+ pysuffix=3 |
187 |
+ pydef='USE_PYTHON3=true' |
188 |
+ else |
189 |
+ pysuffix=2 |
190 |
+ pydef='HAVE_PYTHON=true' |
191 |
+ fi |
192 |
+ |
193 |
+ emake -C "${BUILD_DIR}"/bindings/swig \ |
194 |
+ VPATH="${native_build}/lib" \ |
195 |
+ LIBS="${native_build}/lib/libaudit.la" \ |
196 |
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \ |
197 |
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \ |
198 |
+ ${pydef} \ |
199 |
+ DESTDIR="${D}" install |
200 |
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \ |
201 |
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \ |
202 |
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \ |
203 |
+ ${pydef} \ |
204 |
+ DESTDIR="${D}" install |
205 |
+ } |
206 |
+ |
207 |
+ local native_build=${BUILD_DIR} |
208 |
+ use python && python_foreach_impl python_install |
209 |
+ |
210 |
+ # things like shadow use this so we need to be in / |
211 |
+ gen_usr_ldscript -a audit auparse |
212 |
+ else |
213 |
+ emake -C lib DESTDIR="${D}" install |
214 |
+ emake -C auparse DESTDIR="${D}" install |
215 |
+ fi |
216 |
+} |
217 |
+ |
218 |
+multilib_src_install_all() { |
219 |
+ dodoc AUTHORS ChangeLog README* THANKS TODO |
220 |
+ docinto contrib |
221 |
+ dodoc contrib/{avc_snap,skeleton.c} |
222 |
+ docinto contrib/plugin |
223 |
+ dodoc contrib/plugin/* |
224 |
+ docinto rules |
225 |
+ dodoc rules/* |
226 |
+ |
227 |
+ newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd |
228 |
+ newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd |
229 |
+ |
230 |
+ fperms 644 "$(systemd_get_systemunitdir)"/auditd.service # 556436 |
231 |
+ |
232 |
+ [ -f "${ED}"/sbin/audisp-remote ] && \ |
233 |
+ dodir /usr/sbin && \ |
234 |
+ mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die |
235 |
+ |
236 |
+ # Gentoo rules |
237 |
+ insinto /etc/audit/ |
238 |
+ newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules |
239 |
+ doins "${FILESDIR}"/audit.rules.stop* |
240 |
+ |
241 |
+ # audit logs go here |
242 |
+ keepdir /var/log/audit/ |
243 |
+ |
244 |
+ # Security |
245 |
+ lockdown_perms "${ED}" |
246 |
+ |
247 |
+ prune_libtool_files --modules |
248 |
+} |
249 |
+ |
250 |
+pkg_preinst() { |
251 |
+ # Preserve from the audit-1 series |
252 |
+ preserve_old_lib /$(get_libdir)/libaudit.so.0 |
253 |
+} |
254 |
+ |
255 |
+pkg_postinst() { |
256 |
+ lockdown_perms "${EROOT}" |
257 |
+ # Preserve from the audit-1 series |
258 |
+ preserve_old_lib_notify /$(get_libdir)/libaudit.so.0 |
259 |
+} |
260 |
+ |
261 |
+lockdown_perms() { |
262 |
+ # Upstream wants these to have restrictive perms. |
263 |
+ # Should not || die as not all paths may exist. |
264 |
+ local basedir="$1" |
265 |
+ chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null |
266 |
+ chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null |
267 |
+ chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null |
268 |
+} |
269 |
|
270 |
diff --git a/sys-process/audit/audit-2.7.1.ebuild b/sys-process/audit/audit-2.7.1.ebuild |
271 |
new file mode 100644 |
272 |
index 0000000..85a1f9a |
273 |
--- /dev/null |
274 |
+++ b/sys-process/audit/audit-2.7.1.ebuild |
275 |
@@ -0,0 +1,230 @@ |
276 |
+# Copyright 1999-2017 Gentoo Foundation |
277 |
+# Distributed under the terms of the GNU General Public License v2 |
278 |
+ |
279 |
+EAPI=6 |
280 |
+ |
281 |
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) |
282 |
+ |
283 |
+inherit autotools multilib multilib-minimal toolchain-funcs python-r1 linux-info systemd |
284 |
+ |
285 |
+DESCRIPTION="Userspace utilities for storing and processing auditing records" |
286 |
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/" |
287 |
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz" |
288 |
+ |
289 |
+LICENSE="GPL-2" |
290 |
+SLOT="0" |
291 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
292 |
+IUSE="gssapi ldap python static-libs" |
293 |
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
294 |
+# Testcases are pretty useless as they are built for RedHat users/groups and kernels. |
295 |
+RESTRICT="test" |
296 |
+ |
297 |
+RDEPEND="gssapi? ( virtual/krb5 ) |
298 |
+ ldap? ( net-nds/openldap ) |
299 |
+ sys-libs/libcap-ng |
300 |
+ python? ( ${PYTHON_DEPS} )" |
301 |
+DEPEND="${RDEPEND} |
302 |
+ >=sys-kernel/linux-headers-2.6.34 |
303 |
+ python? ( dev-lang/swig:0 )" |
304 |
+# Do not use os-headers as this is linux specific |
305 |
+ |
306 |
+CONFIG_CHECK="~AUDIT" |
307 |
+ |
308 |
+pkg_setup() { |
309 |
+ linux-info_pkg_setup |
310 |
+} |
311 |
+ |
312 |
+src_prepare() { |
313 |
+ eapply_user |
314 |
+ |
315 |
+ # Do not build GUI tools |
316 |
+ sed -i \ |
317 |
+ -e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \ |
318 |
+ "${S}"/configure.ac || die |
319 |
+ sed -i \ |
320 |
+ -e 's,system-config-audit,,g' \ |
321 |
+ "${S}"/Makefile.am || die |
322 |
+ rm -rf "${S}"/system-config-audit |
323 |
+ |
324 |
+ if ! use ldap; then |
325 |
+ sed -i \ |
326 |
+ -e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \ |
327 |
+ "${S}"/configure.ac || die |
328 |
+ sed -i \ |
329 |
+ -e '/^SUBDIRS/s,zos-remote,,g' \ |
330 |
+ "${S}"/audisp/plugins/Makefile.am || die |
331 |
+ fi |
332 |
+ |
333 |
+ # Don't build static version of Python module. |
334 |
+ eapply "${FILESDIR}"/${PN}-2.4.3-python.patch |
335 |
+ |
336 |
+ # glibc/kernel upstreams suck with both defining ia64_fpreg |
337 |
+ # This patch is a horribly workaround that is only valid as long as you |
338 |
+ # don't need the OTHER definitions in fpu.h. |
339 |
+ eapply "${FILESDIR}"/${PN}-2.1.3-ia64-compile-fix.patch |
340 |
+ |
341 |
+ # there is no --without-golang conf option |
342 |
+ sed -e "/^SUBDIRS =/s/ @gobind_dir@//" -i bindings/Makefile.am || die |
343 |
+ |
344 |
+ # Regenerate autotooling |
345 |
+ eautoreconf |
346 |
+} |
347 |
+ |
348 |
+multilib_src_configure() { |
349 |
+ local ECONF_SOURCE=${S} |
350 |
+ econf \ |
351 |
+ --sbindir="${EPREFIX}/sbin" \ |
352 |
+ $(use_enable gssapi gssapi-krb5) \ |
353 |
+ $(use_enable static-libs static) \ |
354 |
+ --enable-systemd \ |
355 |
+ --without-python \ |
356 |
+ --without-python3 |
357 |
+ |
358 |
+ if multilib_is_native_abi; then |
359 |
+ python_configure() { |
360 |
+ mkdir -p "${BUILD_DIR}" || die |
361 |
+ cd "${BUILD_DIR}" || die |
362 |
+ |
363 |
+ if python_is_python3; then |
364 |
+ econf --without-python --with-python3 |
365 |
+ else |
366 |
+ econf --with-python --without-python3 |
367 |
+ fi |
368 |
+ } |
369 |
+ |
370 |
+ use python && python_foreach_impl python_configure |
371 |
+ fi |
372 |
+} |
373 |
+ |
374 |
+src_configure() { |
375 |
+ tc-export_build_env BUILD_{CC,CPP} |
376 |
+ export CC_FOR_BUILD="${BUILD_CC}" |
377 |
+ export CPP_FOR_BUILD="${BUILD_CPP}" |
378 |
+ |
379 |
+ multilib-minimal_src_configure |
380 |
+} |
381 |
+ |
382 |
+multilib_src_compile() { |
383 |
+ if multilib_is_native_abi; then |
384 |
+ default |
385 |
+ |
386 |
+ python_compile() { |
387 |
+ local pysuffix pydef |
388 |
+ if python_is_python3; then |
389 |
+ pysuffix=3 |
390 |
+ pydef='USE_PYTHON3=true' |
391 |
+ else |
392 |
+ pysuffix=2 |
393 |
+ pydef='HAVE_PYTHON=true' |
394 |
+ fi |
395 |
+ |
396 |
+ emake -C "${BUILD_DIR}"/bindings/swig \ |
397 |
+ VPATH="${native_build}/lib" \ |
398 |
+ LIBS="${native_build}/lib/libaudit.la" \ |
399 |
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \ |
400 |
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \ |
401 |
+ ${pydef} |
402 |
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \ |
403 |
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \ |
404 |
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \ |
405 |
+ ${pydef} |
406 |
+ } |
407 |
+ |
408 |
+ local native_build="${BUILD_DIR}" |
409 |
+ use python && python_foreach_impl python_compile |
410 |
+ else |
411 |
+ emake -C lib |
412 |
+ emake -C auparse |
413 |
+ fi |
414 |
+} |
415 |
+ |
416 |
+multilib_src_install() { |
417 |
+ if multilib_is_native_abi; then |
418 |
+ emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install |
419 |
+ |
420 |
+ python_install() { |
421 |
+ local pysuffix pydef |
422 |
+ if python_is_python3; then |
423 |
+ pysuffix=3 |
424 |
+ pydef='USE_PYTHON3=true' |
425 |
+ else |
426 |
+ pysuffix=2 |
427 |
+ pydef='HAVE_PYTHON=true' |
428 |
+ fi |
429 |
+ |
430 |
+ emake -C "${BUILD_DIR}"/bindings/swig \ |
431 |
+ VPATH="${native_build}/lib" \ |
432 |
+ LIBS="${native_build}/lib/libaudit.la" \ |
433 |
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \ |
434 |
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \ |
435 |
+ ${pydef} \ |
436 |
+ DESTDIR="${D}" install |
437 |
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \ |
438 |
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \ |
439 |
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \ |
440 |
+ ${pydef} \ |
441 |
+ DESTDIR="${D}" install |
442 |
+ } |
443 |
+ |
444 |
+ local native_build=${BUILD_DIR} |
445 |
+ use python && python_foreach_impl python_install |
446 |
+ |
447 |
+ # things like shadow use this so we need to be in / |
448 |
+ gen_usr_ldscript -a audit auparse |
449 |
+ else |
450 |
+ emake -C lib DESTDIR="${D}" install |
451 |
+ emake -C auparse DESTDIR="${D}" install |
452 |
+ fi |
453 |
+} |
454 |
+ |
455 |
+multilib_src_install_all() { |
456 |
+ dodoc AUTHORS ChangeLog README* THANKS TODO |
457 |
+ docinto contrib |
458 |
+ dodoc contrib/{avc_snap,skeleton.c} |
459 |
+ docinto contrib/plugin |
460 |
+ dodoc contrib/plugin/* |
461 |
+ docinto rules |
462 |
+ dodoc rules/* |
463 |
+ |
464 |
+ newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd |
465 |
+ newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd |
466 |
+ |
467 |
+ fperms 644 "$(systemd_get_systemunitdir)"/auditd.service # 556436 |
468 |
+ |
469 |
+ [ -f "${ED}"/sbin/audisp-remote ] && \ |
470 |
+ dodir /usr/sbin && \ |
471 |
+ mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die |
472 |
+ |
473 |
+ # Gentoo rules |
474 |
+ insinto /etc/audit/ |
475 |
+ newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules |
476 |
+ doins "${FILESDIR}"/audit.rules.stop* |
477 |
+ |
478 |
+ # audit logs go here |
479 |
+ keepdir /var/log/audit/ |
480 |
+ |
481 |
+ # Security |
482 |
+ lockdown_perms "${ED}" |
483 |
+ |
484 |
+ prune_libtool_files --modules |
485 |
+} |
486 |
+ |
487 |
+pkg_preinst() { |
488 |
+ # Preserve from the audit-1 series |
489 |
+ preserve_old_lib /$(get_libdir)/libaudit.so.0 |
490 |
+} |
491 |
+ |
492 |
+pkg_postinst() { |
493 |
+ lockdown_perms "${EROOT}" |
494 |
+ # Preserve from the audit-1 series |
495 |
+ preserve_old_lib_notify /$(get_libdir)/libaudit.so.0 |
496 |
+} |
497 |
+ |
498 |
+lockdown_perms() { |
499 |
+ # Upstream wants these to have restrictive perms. |
500 |
+ # Should not || die as not all paths may exist. |
501 |
+ local basedir="$1" |
502 |
+ chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null |
503 |
+ chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null |
504 |
+ chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null |
505 |
+} |
506 |
|
507 |
diff --git a/sys-process/audit/files/audit-2.1.3-ia64-compile-fix.patch b/sys-process/audit/files/audit-2.1.3-ia64-compile-fix.patch |
508 |
new file mode 100644 |
509 |
index 0000000..3ec60fb |
510 |
--- /dev/null |
511 |
+++ b/sys-process/audit/files/audit-2.1.3-ia64-compile-fix.patch |
512 |
@@ -0,0 +1,212 @@ |
513 |
+diff -Nuar -X exclude audit-2.1.3.orig/configure.ac audit-2.1.3/configure.ac |
514 |
+--- audit-2.1.3.orig/configure.ac 2011-08-15 17:30:58.000000000 +0000 |
515 |
++++ audit-2.1.3/configure.ac 2012-12-18 20:03:22.000000000 +0000 |
516 |
+@@ -79,6 +79,9 @@ |
517 |
+ esac |
518 |
+ fi |
519 |
+ |
520 |
++AC_CHECK_HEADER([asm/ptrace.h], [AC_DEFINE([HAVE_ASM_PTRACE_H],[],[Define to 1 if you have asm/ptrace.h])], []) |
521 |
++AC_CHECK_HEADER([linux/ptrace.h], [AC_DEFINE([HAVE_LINUX_PTRACE_H],[],[Define to 1 if you have linux/ptrace.h])], []) |
522 |
++ |
523 |
+ #gssapi |
524 |
+ AC_ARG_ENABLE(gssapi_krb5, |
525 |
+ [AS_HELP_STRING([--enable-gssapi-krb5],[Enable GSSAPI Kerberos 5 support @<:@default=no@:>@])], |
526 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditctl.c audit-2.1.3/src/auditctl.c |
527 |
+--- audit-2.1.3.orig/src/auditctl.c 2011-08-15 17:31:00.000000000 +0000 |
528 |
++++ audit-2.1.3/src/auditctl.c 2012-12-18 20:21:21.000000000 +0000 |
529 |
+@@ -22,6 +22,7 @@ |
530 |
+ */ |
531 |
+ |
532 |
+ #include "config.h" |
533 |
++#include "fixup.h" |
534 |
+ #include <stdio.h> |
535 |
+ #include <stdlib.h> |
536 |
+ #include <string.h> /* strdup needs xopen define */ |
537 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditd-config.c audit-2.1.3/src/auditd-config.c |
538 |
+--- audit-2.1.3.orig/src/auditd-config.c 2011-08-15 17:31:00.000000000 +0000 |
539 |
++++ audit-2.1.3/src/auditd-config.c 2012-12-18 20:21:23.000000000 +0000 |
540 |
+@@ -22,6 +22,7 @@ |
541 |
+ */ |
542 |
+ |
543 |
+ #include "config.h" |
544 |
++#include "fixup.h" |
545 |
+ #include <stdio.h> |
546 |
+ #include <unistd.h> |
547 |
+ #include <sys/stat.h> |
548 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditd-dispatch.c audit-2.1.3/src/auditd-dispatch.c |
549 |
+--- audit-2.1.3.orig/src/auditd-dispatch.c 2011-08-15 17:31:00.000000000 +0000 |
550 |
++++ audit-2.1.3/src/auditd-dispatch.c 2012-12-18 20:21:27.000000000 +0000 |
551 |
+@@ -22,6 +22,7 @@ |
552 |
+ */ |
553 |
+ |
554 |
+ #include "config.h" |
555 |
++#include "fixup.h" |
556 |
+ #include <unistd.h> |
557 |
+ #include <sys/uio.h> |
558 |
+ #include <fcntl.h> |
559 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditd-event.c audit-2.1.3/src/auditd-event.c |
560 |
+--- audit-2.1.3.orig/src/auditd-event.c 2011-08-15 17:31:00.000000000 +0000 |
561 |
++++ audit-2.1.3/src/auditd-event.c 2012-12-18 20:21:29.000000000 +0000 |
562 |
+@@ -22,6 +22,7 @@ |
563 |
+ */ |
564 |
+ |
565 |
+ #include "config.h" |
566 |
++#include "fixup.h" |
567 |
+ #include <stdio.h> |
568 |
+ #include <stdlib.h> |
569 |
+ #include <unistd.h> |
570 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditd-listen.c audit-2.1.3/src/auditd-listen.c |
571 |
+--- audit-2.1.3.orig/src/auditd-listen.c 2011-08-15 17:31:00.000000000 +0000 |
572 |
++++ audit-2.1.3/src/auditd-listen.c 2012-12-18 20:21:31.000000000 +0000 |
573 |
+@@ -22,6 +22,7 @@ |
574 |
+ */ |
575 |
+ |
576 |
+ #include "config.h" |
577 |
++#include "fixup.h" |
578 |
+ #include <stdio.h> |
579 |
+ #include <unistd.h> |
580 |
+ #include <sys/stat.h> |
581 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditd-reconfig.c audit-2.1.3/src/auditd-reconfig.c |
582 |
+--- audit-2.1.3.orig/src/auditd-reconfig.c 2011-08-15 17:31:00.000000000 +0000 |
583 |
++++ audit-2.1.3/src/auditd-reconfig.c 2012-12-18 20:21:33.000000000 +0000 |
584 |
+@@ -22,6 +22,7 @@ |
585 |
+ */ |
586 |
+ |
587 |
+ #include "config.h" |
588 |
++#include "fixup.h" |
589 |
+ #include <pthread.h> |
590 |
+ #include <signal.h> |
591 |
+ #include <stdlib.h> |
592 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditd-sendmail.c audit-2.1.3/src/auditd-sendmail.c |
593 |
+--- audit-2.1.3.orig/src/auditd-sendmail.c 2011-08-15 17:31:00.000000000 +0000 |
594 |
++++ audit-2.1.3/src/auditd-sendmail.c 2012-12-18 20:21:34.000000000 +0000 |
595 |
+@@ -22,6 +22,7 @@ |
596 |
+ */ |
597 |
+ |
598 |
+ #include "config.h" |
599 |
++#include "fixup.h" |
600 |
+ #include <stdio.h> |
601 |
+ #include <unistd.h> // for access() |
602 |
+ #include <string.h> |
603 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/auditd.c audit-2.1.3/src/auditd.c |
604 |
+--- audit-2.1.3.orig/src/auditd.c 2011-08-15 17:31:00.000000000 +0000 |
605 |
++++ audit-2.1.3/src/auditd.c 2012-12-18 20:21:38.000000000 +0000 |
606 |
+@@ -22,6 +22,7 @@ |
607 |
+ */ |
608 |
+ |
609 |
+ #include "config.h" |
610 |
++#include "fixup.h" |
611 |
+ #include <stdio.h> |
612 |
+ #include <sys/types.h> |
613 |
+ #include <unistd.h> |
614 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/autrace.c audit-2.1.3/src/autrace.c |
615 |
+--- audit-2.1.3.orig/src/autrace.c 2011-08-15 17:31:00.000000000 +0000 |
616 |
++++ audit-2.1.3/src/autrace.c 2012-12-18 20:21:43.000000000 +0000 |
617 |
+@@ -21,6 +21,7 @@ |
618 |
+ */ |
619 |
+ |
620 |
+ #include "config.h" |
621 |
++#include "fixup.h" |
622 |
+ #include <stdio.h> |
623 |
+ #include <string.h> |
624 |
+ #include <sys/wait.h> |
625 |
+diff -Nuar -X exclude audit-2.1.3.orig/src/delete_all.c audit-2.1.3/src/delete_all.c |
626 |
+--- audit-2.1.3.orig/src/delete_all.c 2011-08-15 17:31:00.000000000 +0000 |
627 |
++++ audit-2.1.3/src/delete_all.c 2012-12-18 20:21:48.000000000 +0000 |
628 |
+@@ -20,6 +20,7 @@ |
629 |
+ * Steve Grubb <sgrubb@××××××.com> |
630 |
+ */ |
631 |
+ #include "config.h" |
632 |
++#include "fixup.h" |
633 |
+ #include <stdio.h> |
634 |
+ #include <string.h> |
635 |
+ #include <errno.h> |
636 |
+diff -Nuar -X exclude audit-2.1.3.orig/lib/fixup.h audit-2.1.3/lib/fixup.h |
637 |
+--- audit-2.1.3.orig/lib/fixup.h 1970-01-01 00:00:00.000000000 +0000 |
638 |
++++ audit-2.1.3/lib/fixup.h 2012-12-18 20:21:02.000000000 +0000 |
639 |
+@@ -0,0 +1,17 @@ |
640 |
++#ifndef _AUDIT_IA64_FIXUP_H_ |
641 |
++#define _AUDIT_IA64_FIXUP_H_ |
642 |
++ |
643 |
++#ifdef __ia64__ /* what a pos */ |
644 |
++# include <linux/types.h> |
645 |
++# define _ASM_IA64_FPU_H |
646 |
++#endif |
647 |
++#include <signal.h> |
648 |
++/* |
649 |
++#ifdef HAVE_ASM_PTRACE_H |
650 |
++# include <asm/ptrace.h> |
651 |
++#endif |
652 |
++#ifdef HAVE_LINUX_PTRACE_H |
653 |
++# include <linux/ptrace.h> |
654 |
++#endif |
655 |
++*/ |
656 |
++#endif |
657 |
+--- audit-2.1.3/src/ausearch.c 2012-12-22 03:09:54.000000000 +0000 |
658 |
++++ audit-2.1.3/src/ausearch.c 2012-12-22 03:10:02.000000000 +0000 |
659 |
+@@ -22,6 +22,7 @@ |
660 |
+ */ |
661 |
+ |
662 |
+ #include "config.h" |
663 |
++#include "fixup.h" |
664 |
+ #include <stdio.h> |
665 |
+ #include <stdio_ext.h> |
666 |
+ #include <string.h> |
667 |
+diff -Nuar audit-2.1.3.orig/audisp/audispd.c audit-2.1.3/audisp/audispd.c |
668 |
+--- audit-2.1.3.orig/audisp/audispd.c 2011-08-15 17:30:59.000000000 +0000 |
669 |
++++ audit-2.1.3/audisp/audispd.c 2012-12-22 03:25:15.000000000 +0000 |
670 |
+@@ -21,6 +21,7 @@ |
671 |
+ */ |
672 |
+ |
673 |
+ #include "config.h" |
674 |
++#include "fixup.h" |
675 |
+ #include <stdio.h> |
676 |
+ #include <unistd.h> |
677 |
+ #include <stdlib.h> |
678 |
+diff -Nuar audit-2.1.3.orig/audisp/plugins/prelude/audisp-prelude.c audit-2.1.3/audisp/plugins/prelude/audisp-prelude.c |
679 |
+--- audit-2.1.3.orig/audisp/plugins/prelude/audisp-prelude.c 2011-08-15 17:30:59.000000000 +0000 |
680 |
++++ audit-2.1.3/audisp/plugins/prelude/audisp-prelude.c 2012-12-22 03:25:20.000000000 +0000 |
681 |
+@@ -21,6 +21,8 @@ |
682 |
+ * |
683 |
+ */ |
684 |
+ |
685 |
++#include "config.h" |
686 |
++#include "fixup.h" |
687 |
+ #include <stdio.h> |
688 |
+ #include <stdlib.h> |
689 |
+ #include <signal.h> |
690 |
+diff -Nuar audit-2.1.3.orig/audisp/plugins/remote/audisp-remote.c audit-2.1.3/audisp/plugins/remote/audisp-remote.c |
691 |
+--- audit-2.1.3.orig/audisp/plugins/remote/audisp-remote.c 2011-08-15 17:30:59.000000000 +0000 |
692 |
++++ audit-2.1.3/audisp/plugins/remote/audisp-remote.c 2012-12-22 03:25:22.000000000 +0000 |
693 |
+@@ -22,6 +22,7 @@ |
694 |
+ */ |
695 |
+ |
696 |
+ #include "config.h" |
697 |
++#include "fixup.h" |
698 |
+ #include <stdio.h> |
699 |
+ #include <signal.h> |
700 |
+ #include <syslog.h> |
701 |
+diff -Nuar audit-2.1.3.orig/contrib/plugin/audisp-example.c audit-2.1.3/contrib/plugin/audisp-example.c |
702 |
+--- audit-2.1.3.orig/contrib/plugin/audisp-example.c 2011-08-15 17:31:02.000000000 +0000 |
703 |
++++ audit-2.1.3/contrib/plugin/audisp-example.c 2012-12-22 03:25:27.000000000 +0000 |
704 |
+@@ -37,6 +37,8 @@ |
705 |
+ */ |
706 |
+ |
707 |
+ #define _GNU_SOURCE |
708 |
++#include "config.h" |
709 |
++#include "fixup.h" |
710 |
+ #include <stdio.h> |
711 |
+ #include <signal.h> |
712 |
+ #include <string.h> |
713 |
+diff -Nuar audit-2.1.3.orig/contrib/skeleton.c audit-2.1.3/contrib/skeleton.c |
714 |
+--- audit-2.1.3.orig/contrib/skeleton.c 2011-08-15 17:31:02.000000000 +0000 |
715 |
++++ audit-2.1.3/contrib/skeleton.c 2012-12-22 03:25:40.000000000 +0000 |
716 |
+@@ -7,6 +7,8 @@ |
717 |
+ * gcc skeleton.c -o skeleton -laudit |
718 |
+ */ |
719 |
+ |
720 |
++#include "config.h" |
721 |
++#include "fixup.h" |
722 |
+ #include <stdio.h> |
723 |
+ #include <sys/types.h> |
724 |
+ #include <sys/uio.h> |
725 |
|
726 |
diff --git a/sys-process/audit/files/audit-2.4.3-python.patch b/sys-process/audit/files/audit-2.4.3-python.patch |
727 |
new file mode 100644 |
728 |
index 0000000..7b9ea53 |
729 |
--- /dev/null |
730 |
+++ b/sys-process/audit/files/audit-2.4.3-python.patch |
731 |
@@ -0,0 +1,46 @@ |
732 |
+diff -ur audit-2.4.3.orig/bindings/python/python2/Makefile.am audit-2.4.3/bindings/python/python2/Makefile.am |
733 |
+--- audit-2.4.3.orig/bindings/python/python2/Makefile.am 2015-07-22 23:35:24.315424091 +0800 |
734 |
++++ audit-2.4.3/bindings/python/python2/Makefile.am 2015-07-22 23:37:16.861510504 +0800 |
735 |
+@@ -29,5 +29,6 @@ |
736 |
+ |
737 |
+ auparse_la_SOURCES = $(top_srcdir)/bindings/python/auparse_python.c |
738 |
+ auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS) |
739 |
+-auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro |
740 |
++auparse_la_CFLAGS = -shared |
741 |
++auparse_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro |
742 |
+ auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la |
743 |
+diff -ur audit-2.4.3.orig/bindings/python/python3/Makefile.am audit-2.4.3/bindings/python/python3/Makefile.am |
744 |
+--- audit-2.4.3.orig/bindings/python/python3/Makefile.am 2015-07-22 23:35:24.315424091 +0800 |
745 |
++++ audit-2.4.3/bindings/python/python3/Makefile.am 2015-07-22 23:37:30.395400641 +0800 |
746 |
+@@ -28,5 +28,6 @@ |
747 |
+ |
748 |
+ auparse_la_SOURCES = $(top_srcdir)/bindings/python/auparse_python.c |
749 |
+ auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS) |
750 |
+-auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro |
751 |
++auparse_la_CFLAGS = -shared |
752 |
++auparse_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro |
753 |
+ auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la |
754 |
+diff -ur audit-2.4.3.orig/bindings/swig/python/Makefile.am audit-2.4.3/bindings/swig/python/Makefile.am |
755 |
+--- audit-2.4.3.orig/bindings/swig/python/Makefile.am 2015-07-22 23:35:24.316424083 +0800 |
756 |
++++ audit-2.4.3/bindings/swig/python/Makefile.am 2015-07-22 23:35:53.244189263 +0800 |
757 |
+@@ -28,7 +28,7 @@ |
758 |
+ pyexec_LTLIBRARIES = _audit.la |
759 |
+ pyexec_SOLIBRARIES = _audit.so |
760 |
+ _audit_la_CFLAGS = -shared |
761 |
+-_audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro |
762 |
++_audit_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro |
763 |
+ _audit_la_HEADERS: $(top_builddir)/config.h |
764 |
+ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la |
765 |
+ _audit_la_LIBADD = $(top_builddir)/lib/libaudit.la |
766 |
+diff -ur audit-2.4.3.orig/bindings/swig/python3/Makefile.am audit-2.4.3/bindings/swig/python3/Makefile.am |
767 |
+--- audit-2.4.3.orig/bindings/swig/python3/Makefile.am 2015-07-22 23:35:24.316424083 +0800 |
768 |
++++ audit-2.4.3/bindings/swig/python3/Makefile.am 2015-07-22 23:36:27.833908482 +0800 |
769 |
+@@ -29,7 +29,7 @@ |
770 |
+ py3exec_LTLIBRARIES = _audit.la |
771 |
+ py3exec_SOLIBRARIES = _audit.so |
772 |
+ _audit_la_CFLAGS = -shared |
773 |
+-_audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro |
774 |
++_audit_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro |
775 |
+ _audit_la_HEADERS: $(top_builddir)/config.h |
776 |
+ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la |
777 |
+ _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la |
778 |
|
779 |
diff --git a/sys-process/audit/files/audit.rules b/sys-process/audit/files/audit.rules |
780 |
new file mode 100644 |
781 |
index 0000000..ef0e6ee |
782 |
--- /dev/null |
783 |
+++ b/sys-process/audit/files/audit.rules |
784 |
@@ -0,0 +1,24 @@ |
785 |
+# Copyright 1999-2005 Gentoo Foundation |
786 |
+# Distributed under the terms of the GNU General Public License v2 |
787 |
+# |
788 |
+# This file contains the auditctl rules that are loaded |
789 |
+# whenever the audit daemon is started via the initscripts. |
790 |
+# The rules are simply the parameters that would be passed |
791 |
+# to auditctl. |
792 |
+ |
793 |
+# First rule - delete all |
794 |
+# This is to clear out old rules, so we don't append to them. |
795 |
+-D |
796 |
+ |
797 |
+# Feel free to add below this line. See auditctl man page |
798 |
+ |
799 |
+# The following rule would cause all of the syscalls listed to be ignored in logging. |
800 |
+# -a entry,never -S read -S write -S open -S fstat -S fstat64 -S mmap -S brk -S munmap -S _llseek -S nanosleep -S fcntl64 -S close -S dup2 -S rt_sigaction -S stat64 -S stat |
801 |
+ |
802 |
+# The following rule would cause the capture of all systems not caught above. |
803 |
+# -a entry,always -S all |
804 |
+ |
805 |
+# Increase the buffers to survive stress events |
806 |
+-b 256 |
807 |
+ |
808 |
+# vim:ft=conf: |
809 |
|
810 |
diff --git a/sys-process/audit/files/audit.rules-2.1.3 b/sys-process/audit/files/audit.rules-2.1.3 |
811 |
new file mode 100644 |
812 |
index 0000000..25dbedf |
813 |
--- /dev/null |
814 |
+++ b/sys-process/audit/files/audit.rules-2.1.3 |
815 |
@@ -0,0 +1,25 @@ |
816 |
+# Copyright 1999-2011 Gentoo Foundation |
817 |
+# Distributed under the terms of the GNU General Public License v2 |
818 |
+# |
819 |
+# This file contains the auditctl rules that are loaded |
820 |
+# whenever the audit daemon is started via the initscripts. |
821 |
+# The rules are simply the parameters that would be passed |
822 |
+# to auditctl. |
823 |
+ |
824 |
+# First rule - delete all |
825 |
+# This is to clear out old rules, so we don't append to them. |
826 |
+-D |
827 |
+ |
828 |
+# Feel free to add below this line. See auditctl man page |
829 |
+ |
830 |
+# The following rule would cause all of the syscalls listed to be ignored in logging. |
831 |
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat |
832 |
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat |
833 |
+ |
834 |
+# The following rule would cause the capture of all systems not caught above. |
835 |
+# -a exit,always -S all |
836 |
+ |
837 |
+# Increase the buffers to survive stress events |
838 |
+-b 8192 |
839 |
+ |
840 |
+# vim:ft=conf: |
841 |
|
842 |
diff --git a/sys-process/audit/files/audit.rules.stop.post b/sys-process/audit/files/audit.rules.stop.post |
843 |
new file mode 100644 |
844 |
index 0000000..29ae197 |
845 |
--- /dev/null |
846 |
+++ b/sys-process/audit/files/audit.rules.stop.post |
847 |
@@ -0,0 +1,12 @@ |
848 |
+# Copyright 1999-2005 Gentoo Foundation |
849 |
+# Distributed under the terms of the GNU General Public License v2 |
850 |
+# |
851 |
+# This file contains the auditctl rules that are loaded immediately after the |
852 |
+# audit deamon is stopped via the initscripts. |
853 |
+# The rules are simply the parameters that would be passed |
854 |
+# to auditctl. |
855 |
+ |
856 |
+# Not used for the default Gentoo configuration as of v1.2.3 |
857 |
+# Paranoid security types might wish to reconfigure kauditd here. |
858 |
+ |
859 |
+# vim:ft=conf: |
860 |
|
861 |
diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre |
862 |
new file mode 100644 |
863 |
index 0000000..1f34173 |
864 |
--- /dev/null |
865 |
+++ b/sys-process/audit/files/audit.rules.stop.pre |
866 |
@@ -0,0 +1,15 @@ |
867 |
+# Copyright 1999-2011 Gentoo Foundation |
868 |
+# Distributed under the terms of the GNU General Public License v2 |
869 |
+# |
870 |
+# This file contains the auditctl rules that are loaded immediately before the |
871 |
+# audit deamon is stopped via the initscripts. |
872 |
+# The rules are simply the parameters that would be passed |
873 |
+# to auditctl. |
874 |
+ |
875 |
+# auditd is stopping, don't capture events anymore |
876 |
+-D |
877 |
+ |
878 |
+# Disable kernel generating audit events |
879 |
+-e 0 |
880 |
+ |
881 |
+# vim:ft=conf: |
882 |
|
883 |
diff --git a/sys-process/audit/files/auditd-conf.d-2.1.3 b/sys-process/audit/files/auditd-conf.d-2.1.3 |
884 |
new file mode 100644 |
885 |
index 0000000..c66be16 |
886 |
--- /dev/null |
887 |
+++ b/sys-process/audit/files/auditd-conf.d-2.1.3 |
888 |
@@ -0,0 +1,22 @@ |
889 |
+# Copyright 1999-2011 Gentoo Foundation |
890 |
+# Distributed under the terms of the GNU General Public License v2 |
891 |
+ |
892 |
+# Configuration options for auditd |
893 |
+# -f for foreground mode |
894 |
+# There are some other options as well, but you'll have to look in the source |
895 |
+# code to find them as they aren't ready for use yet. |
896 |
+EXTRAOPTIONS='' |
897 |
+ |
898 |
+# Audit rules file to run after starting auditd |
899 |
+RULEFILE_STARTUP=/etc/audit/audit.rules |
900 |
+ |
901 |
+# Audit rules file to run before and after stopping auditd |
902 |
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre |
903 |
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post |
904 |
+ |
905 |
+# If you want to enforce a certain locale for auditd, |
906 |
+# uncomment one of the next lines: |
907 |
+#AUDITD_LANG=none |
908 |
+AUDITD_LANG=C |
909 |
+#AUDITD_LANG=en_US |
910 |
+#AUDITD_LANG=en_US.UTF-8 |
911 |
|
912 |
diff --git a/sys-process/audit/files/auditd-init.d-2.4.3 b/sys-process/audit/files/auditd-init.d-2.4.3 |
913 |
new file mode 100644 |
914 |
index 0000000..c952554 |
915 |
--- /dev/null |
916 |
+++ b/sys-process/audit/files/auditd-init.d-2.4.3 |
917 |
@@ -0,0 +1,90 @@ |
918 |
+#!/sbin/openrc-run |
919 |
+# Copyright 1999-2015 Gentoo Foundation |
920 |
+# Distributed under the terms of the GNU General Public License v2 |
921 |
+ |
922 |
+extra_started_commands='reload reload_auditd reload_rules' |
923 |
+description='Linux Auditing System' |
924 |
+description_reload='Reload daemon configuration and rules' |
925 |
+description_reload_rules='Reload daemon rules' |
926 |
+description_reload_auditd='Reload daemon configuration' |
927 |
+ |
928 |
+name='auditd' |
929 |
+pidfile='/var/run/auditd.pid' |
930 |
+command='/sbin/auditd' |
931 |
+ |
932 |
+start_auditd() { |
933 |
+ # Env handling taken from the upstream init script |
934 |
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then |
935 |
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE |
936 |
+ else |
937 |
+ LANG="$AUDITD_LANG" |
938 |
+ LC_TIME="$AUDITD_LANG" |
939 |
+ LC_ALL="$AUDITD_LANG" |
940 |
+ LC_MESSAGES="$AUDITD_LANG" |
941 |
+ LC_NUMERIC="$AUDITD_LANG" |
942 |
+ LC_MONETARY="$AUDITD_LANG" |
943 |
+ LC_COLLATE="$AUDITD_LANG" |
944 |
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE |
945 |
+ fi |
946 |
+ unset HOME MAIL USER USERNAME |
947 |
+ |
948 |
+ ebegin "Starting ${name}" |
949 |
+ start-stop-daemon \ |
950 |
+ --start --quiet --pidfile ${pidfile} \ |
951 |
+ --exec ${command} -- ${EXTRAOPTIONS} |
952 |
+ local ret=$? |
953 |
+ eend $ret |
954 |
+ return $ret |
955 |
+} |
956 |
+ |
957 |
+stop_auditd() { |
958 |
+ ebegin "Stopping ${name}" |
959 |
+ start-stop-daemon --stop --quiet --pidfile ${pidfile} |
960 |
+ local ret=$? |
961 |
+ eend $ret |
962 |
+ return $ret |
963 |
+} |
964 |
+ |
965 |
+loadfile() { |
966 |
+ local rules="$1" |
967 |
+ if [ -n "${rules}" -a -f "${rules}" ]; then |
968 |
+ einfo "Loading audit rules from ${rules}" |
969 |
+ /sbin/auditctl -R "${rules}" >/dev/null |
970 |
+ return $? |
971 |
+ else |
972 |
+ return 0 |
973 |
+ fi |
974 |
+} |
975 |
+ |
976 |
+start() { |
977 |
+ start_auditd |
978 |
+ local ret=$? |
979 |
+ if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then |
980 |
+ loadfile "${RULEFILE_STARTUP}" |
981 |
+ fi |
982 |
+ return $ret |
983 |
+} |
984 |
+ |
985 |
+reload_rules() { |
986 |
+ loadfile "${RULEFILE_STARTUP}" |
987 |
+} |
988 |
+ |
989 |
+reload_auditd() { |
990 |
+ ebegin "Reloading ${SVCNAME}" |
991 |
+ start-stop-daemon --signal HUP \ |
992 |
+ --exec "${command}" --pidfile "${pidfile}" |
993 |
+ eend $? |
994 |
+} |
995 |
+ |
996 |
+reload() { |
997 |
+ reload_auditd |
998 |
+ reload_rules |
999 |
+} |
1000 |
+ |
1001 |
+stop() { |
1002 |
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}" |
1003 |
+ stop_auditd |
1004 |
+ local ret=$? |
1005 |
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}" |
1006 |
+ return $ret |
1007 |
+} |
1008 |
|
1009 |
diff --git a/sys-process/audit/metadata.xml b/sys-process/audit/metadata.xml |
1010 |
new file mode 100644 |
1011 |
index 0000000..856de3a |
1012 |
--- /dev/null |
1013 |
+++ b/sys-process/audit/metadata.xml |
1014 |
@@ -0,0 +1,10 @@ |
1015 |
+<?xml version="1.0" encoding="UTF-8"?> |
1016 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
1017 |
+<pkgmetadata> |
1018 |
+ <maintainer type="person"> |
1019 |
+ <email>robbat2@g.o</email> |
1020 |
+ </maintainer> |
1021 |
+<use> |
1022 |
+ <flag name="gssapi">Enable GSSAPI support</flag> |
1023 |
+</use> |
1024 |
+</pkgmetadata> |