* [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements
@ 2018-11-03 16:42 Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 1/4] audit: fix audispd path in auditd.conf Carlos Santos
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Carlos Santos @ 2018-11-03 16:42 UTC (permalink / raw)
To: buildroot
I stomped on these problems while working on the logging init scripts,
so let's fix them right now, since this does not depend on other
changes.
Patch 1: Fixes broken auditd package. audispd is installed at /usr/sbin
but the configuration file pointed to /sbin, causing auditd to fail on
startup. Add a patch fixing auditd.conf.
Patch 2: Rename S01auditd to S02auditd to ensure that auditd is starded
after the syslog daemon, otherwise the initial log messages will be sent
to the console (and probably lost, since almost nobody watches the
system console on embedded systems).
Patch 3: Enable AUDIT in the kernel if the audit package is selected,
since auditd is useless and fails to load otherwise.
Patch 4: Since we are here, bump audit to version 2.8.4.
Carlos Santos (4):
audit: fix audispd path in auditd.conf
audit: ensure that it starts after the logging daemon
linux: enble AUDIT if the audit package is selected
audit: bump to version 2.8.4
linux/linux.mk | 3 ++
...0001-Fix-audispd-path-in-auditd.conf.patch | 32 +++++++++++++++++++
package/audit/{S01auditd => S02auditd} | 0
package/audit/audit.hash | 2 +-
package/audit/audit.mk | 4 +--
5 files changed, 38 insertions(+), 3 deletions(-)
create mode 100644 package/audit/0001-Fix-audispd-path-in-auditd.conf.patch
rename package/audit/{S01auditd => S02auditd} (100%)
--
2.17.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/4] audit: fix audispd path in auditd.conf
2018-11-03 16:42 [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Carlos Santos
@ 2018-11-03 16:42 ` Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 2/4] audit: ensure that it starts after the logging daemon Carlos Santos
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Carlos Santos @ 2018-11-03 16:42 UTC (permalink / raw)
To: buildroot
audispd is installed at /usr/sbin but the configuration file pointed
to /sbin, causing auditd to fail on startup.
This patch cannot be sent upstream because audispd does not exist
anymore on the master branch (it was merged to auditd).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
---
...0001-Fix-audispd-path-in-auditd.conf.patch | 32 +++++++++++++++++++
1 file changed, 32 insertions(+)
create mode 100644 package/audit/0001-Fix-audispd-path-in-auditd.conf.patch
diff --git a/package/audit/0001-Fix-audispd-path-in-auditd.conf.patch b/package/audit/0001-Fix-audispd-path-in-auditd.conf.patch
new file mode 100644
index 0000000000..ccf45db911
--- /dev/null
+++ b/package/audit/0001-Fix-audispd-path-in-auditd.conf.patch
@@ -0,0 +1,32 @@
+From 6e1fd09f7bc131c8f16d9cc43e2455ba4650c651 Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.com.br>
+Date: Sat, 3 Nov 2018 08:25:58 -0300
+Subject: [PATCH] Fix audispd path in auditd.conf
+
+audispd is installed at /usr/sbin but the configuration file pointed
+to /sbin, causing auditd to fail on startup.
+
+This patch cannot be sent upstream because audispd does not exist
+anymore on the master branch (it was merged to auditd).
+
+Signed-off-by: Carlos Santos <casantos@datacom.com.br>
+---
+ init.d/auditd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/init.d/auditd.conf b/init.d/auditd.conf
+index 4dcda83..998904f 100644
+--- a/init.d/auditd.conf
++++ b/init.d/auditd.conf
+@@ -13,7 +13,7 @@ max_log_file = 8
+ num_logs = 5
+ priority_boost = 4
+ disp_qos = lossy
+-dispatcher = /sbin/audispd
++dispatcher = /usr/sbin/audispd
+ name_format = NONE
+ ##name = mydomain
+ max_log_file_action = ROTATE
+--
+2.17.1
+
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/4] audit: ensure that it starts after the logging daemon
2018-11-03 16:42 [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 1/4] audit: fix audispd path in auditd.conf Carlos Santos
@ 2018-11-03 16:42 ` Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 3/4] linux: enble AUDIT if the audit package is selected Carlos Santos
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Carlos Santos @ 2018-11-03 16:42 UTC (permalink / raw)
To: buildroot
audit uses syslog(). Rename its init script to S02auditd to ensure that
it will start after syslogd. Otherwise the initial log messages will be
sent to the console (and probably lost, since almost nobody watches the
system console on embedded systems).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
---
package/audit/{S01auditd => S02auditd} | 0
package/audit/audit.mk | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
rename package/audit/{S01auditd => S02auditd} (100%)
diff --git a/package/audit/S01auditd b/package/audit/S02auditd
similarity index 100%
rename from package/audit/S01auditd
rename to package/audit/S02auditd
diff --git a/package/audit/audit.mk b/package/audit/audit.mk
index 2f6e6653b3..228ef9998c 100644
--- a/package/audit/audit.mk
+++ b/package/audit/audit.mk
@@ -38,7 +38,7 @@ AUDIT_CONF_OPTS += --disable-systemd
endif
define AUDIT_INSTALL_INIT_SYSV
- $(INSTALL) -D -m 755 package/audit/S01auditd $(TARGET_DIR)/etc/init.d/S01auditd
+ $(INSTALL) -D -m 755 package/audit/S02auditd $(TARGET_DIR)/etc/init.d/S02auditd
endef
define AUDIT_INSTALL_INIT_SYSTEMD
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/4] linux: enble AUDIT if the audit package is selected
2018-11-03 16:42 [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 1/4] audit: fix audispd path in auditd.conf Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 2/4] audit: ensure that it starts after the logging daemon Carlos Santos
@ 2018-11-03 16:42 ` Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 4/4] audit: bump to version 2.8.4 Carlos Santos
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Carlos Santos @ 2018-11-03 16:42 UTC (permalink / raw)
To: buildroot
We already turn on kernel features for several packages, so let's do it
for audit too, since the daemon is useless and fails to load otherwise.
Notice that we also turn NET on, since AUDIT depends on NET, like we do
for the wireguard package.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
---
linux/linux.mk | 3 +++
1 file changed, 3 insertions(+)
diff --git a/linux/linux.mk b/linux/linux.mk
index e9c75153b2..476ff16329 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -320,6 +320,9 @@ define LINUX_KCONFIG_FIXUP_CMDS
$(call KCONFIG_ENABLE_OPT,CONFIG_DEVTMPFS_MOUNT,$(@D)/.config))
$(if $(BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV),
$(call KCONFIG_ENABLE_OPT,CONFIG_INOTIFY_USER,$(@D)/.config))
+ $(if $(BR2_PACKAGE_AUDIT),
+ $(call KCONFIG_ENABLE_OPT,CONFIG_NET,$(@D)/.config)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config))
$(if $(BR2_PACKAGE_KTAP),
$(call KCONFIG_ENABLE_OPT,CONFIG_DEBUG_FS,$(@D)/.config)
$(call KCONFIG_ENABLE_OPT,CONFIG_ENABLE_DEFAULT_TRACERS,$(@D)/.config)
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 4/4] audit: bump to version 2.8.4
2018-11-03 16:42 [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Carlos Santos
` (2 preceding siblings ...)
2018-11-03 16:42 ` [Buildroot] [PATCH 3/4] linux: enble AUDIT if the audit package is selected Carlos Santos
@ 2018-11-03 16:42 ` Carlos Santos
2018-11-03 21:28 ` [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Thomas Petazzoni
2018-11-25 20:40 ` Peter Korsgaard
5 siblings, 0 replies; 7+ messages in thread
From: Carlos Santos @ 2018-11-03 16:42 UTC (permalink / raw)
To: buildroot
Fix a segfault in auditd when dns resolution isn't available. Additional
changes since 2.8.2 can be seen at
http://people.redhat.com/sgrubb/audit/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
---
package/audit/audit.hash | 2 +-
package/audit/audit.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/audit/audit.hash b/package/audit/audit.hash
index fb37577782..8c3c9dc4af 100644
--- a/package/audit/audit.hash
+++ b/package/audit/audit.hash
@@ -1,4 +1,4 @@
#Locally computed
-sha256 67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba audit-2.8.2.tar.gz
+sha256 a410694d09fc5708d980a61a5abcb9633a591364f1ecc7e97ad5daef9c898c38 audit-2.8.4.tar.gz
sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 COPYING
sha256 f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa COPYING.LIB
diff --git a/package/audit/audit.mk b/package/audit/audit.mk
index 228ef9998c..0988f88d8d 100644
--- a/package/audit/audit.mk
+++ b/package/audit/audit.mk
@@ -4,7 +4,7 @@
#
################################################################################
-AUDIT_VERSION = 2.8.2
+AUDIT_VERSION = 2.8.4
AUDIT_SITE = http://people.redhat.com/sgrubb/audit
AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
AUDIT_LICENSE_FILES = COPYING COPYING.LIB
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements
2018-11-03 16:42 [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Carlos Santos
` (3 preceding siblings ...)
2018-11-03 16:42 ` [Buildroot] [PATCH 4/4] audit: bump to version 2.8.4 Carlos Santos
@ 2018-11-03 21:28 ` Thomas Petazzoni
2018-11-25 20:40 ` Peter Korsgaard
5 siblings, 0 replies; 7+ messages in thread
From: Thomas Petazzoni @ 2018-11-03 21:28 UTC (permalink / raw)
To: buildroot
Hello,
On Sat, 3 Nov 2018 13:42:40 -0300, Carlos Santos wrote:
> Carlos Santos (4):
> audit: fix audispd path in auditd.conf
> audit: ensure that it starts after the logging daemon
> linux: enble AUDIT if the audit package is selected
> audit: bump to version 2.8.4
Series applied to master. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements
2018-11-03 16:42 [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Carlos Santos
` (4 preceding siblings ...)
2018-11-03 21:28 ` [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Thomas Petazzoni
@ 2018-11-25 20:40 ` Peter Korsgaard
5 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2018-11-25 20:40 UTC (permalink / raw)
To: buildroot
>>>>> "Carlos" == Carlos Santos <casantos@datacom.com.br> writes:
> I stomped on these problems while working on the logging init scripts,
> so let's fix them right now, since this does not depend on other
> changes.
> Patch 1: Fixes broken auditd package. audispd is installed at /usr/sbin
> but the configuration file pointed to /sbin, causing auditd to fail on
> startup. Add a patch fixing auditd.conf.
> Patch 2: Rename S01auditd to S02auditd to ensure that auditd is starded
> after the syslog daemon, otherwise the initial log messages will be sent
> to the console (and probably lost, since almost nobody watches the
> system console on embedded systems).
> Patch 3: Enable AUDIT in the kernel if the audit package is selected,
> since auditd is useless and fails to load otherwise.
> Patch 4: Since we are here, bump audit to version 2.8.4.
> Carlos Santos (4):
> audit: fix audispd path in auditd.conf
> audit: ensure that it starts after the logging daemon
> linux: enble AUDIT if the audit package is selected
> audit: bump to version 2.8.4
Committed series to 2018.02.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-11-25 20:40 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-03 16:42 [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 1/4] audit: fix audispd path in auditd.conf Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 2/4] audit: ensure that it starts after the logging daemon Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 3/4] linux: enble AUDIT if the audit package is selected Carlos Santos
2018-11-03 16:42 ` [Buildroot] [PATCH 4/4] audit: bump to version 2.8.4 Carlos Santos
2018-11-03 21:28 ` [Buildroot] [PATCH 0/4] audit: fix broken startup and make some improvements Thomas Petazzoni
2018-11-25 20:40 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox