From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: audit 2.5.1 released
Date: Mon, 09 May 2016 10:01:26 -0400
Message-ID: <2117655.doZgnVdfSe@x2>
References: <543804231.8112760.1462051758161.JavaMail.yahoo.ref@mail.yahoo.com>
	<543804231.8112760.1462051758161.JavaMail.yahoo@mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <543804231.8112760.1462051758161.JavaMail.yahoo@mail.yahoo.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com, Manuel Scunthorpe <u7181-wlodsazi@yahoo.co.uk>
List-Id: linux-audit@redhat.com

On Saturday, April 30, 2016 09:29:18 PM Manuel Scunthorpe wrote:
> Dear Steve,thanks for your helpful observations. I was able to modify the
> PKGBUILD and successfully build the package, and then build e4rat-lite
> which was my ultimate aim. Sadly it didn't seem to work in Arch Linux due
> to the kernel config options, e4rat-lite-collect didn't collect anything,
> complained about being unable to log anything due to a bad file descriptor
> and there was a message at boot saying Cannot open audit socket, which was
> similar to what auditctl said in the terminal. Of course it might work and
> I've got something else wrong, it doesn't look encouraging though without
> CONFIG_AUDIT enabled. But I was just looking at my Void Linux kernel
> options:CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y
> CONFIG_AUDITSYSCALL=y
> CONFIG_AUDIT_WATCH=y
> CONFIG_AUDIT_TREE=y
> This looks more promising so I will have to try it here instead sometime,
> although what I will have to build to fulfill the various builddeps I don't
> yet know. Would it be OK if I tried to make an 'audit' package for Void
> Linux if they want one?

Sure.

> There isn't one in the repo at present, so if I get
> a working build then I might as well share it. It could take a while to get
> to that point though, and that's assuming I can get everything to work in
> Void and don't end up using some other readahead utility altogether or
> accidentally corrupting my filesystem. But I can be happy I'm building
> audit correctly now.I will try and pass on your comments about zos servers
> and openldap-devel to the Arch packagers as I can only take credit for the
> confusion over the systemd support option in my earlier PKGBUILD.
> 
> Here's my successful modified PKGBUILD with the correct checksum for 2.5.1,
> which downloads and builds cleanly:# Edit /etc/makepkg.conf: staticlibs not
> !staticlibs or they are deleted by makepkg.
> 
> # $Id: PKGBUILD 146469 2015-11-10 05:04:55Z thestinger $
> # Maintainer: Daniel Micay <danielmicay@gmail.com>
> # Contributor: <kang@insecure.ws>
> # Contributor: Massimiliano Torromeo <massimiliano.torromeo@gmail.com>
> # Contributor: Connor Behan <connor.behan@gmail.com>
> # Contributor: henning mueller <henning@orgizm.net>
> 
> pkgname=audit
> pkgver=2.5.1
> pkgrel=1
> pkgdesc='Userspace components of the audit framework'
> url='https://people.redhat.com/sgrubb/audit'
> arch=(i686 x86_64)
> depends=(krb5 libcap-ng)
> makedepends=(libldap swig linux-headers python)

You can drop libldap since you disable zos support below. Its harmless as is 
but not necessary for the configure options below.

-Steve

> license=(GPL)
> options=(emptydirs)
> groups=('modified')
> backup=(
>   etc/libaudit.conf
>   etc/audit/auditd.conf
>   etc/audisp/audispd.conf
>   etc/audisp/audisp-remote.conf
>   etc/audisp/plugins.d/af_unix.conf
>   etc/audisp/plugins.d/au-remote.conf
>   etc/audisp/plugins.d/syslog.conf
> )
> source=("$url/$pkgname-$pkgver.tar.gz")
> sha256sums=('3c6ec72d8c16d1e85cc2b9c260cc6440319eb294cb54ca41a7bbe9283cc9f42
> 1') install=$pkgname.install
> 
> build() {
>   cd $pkgname-$pkgver
>   export PYTHON=/usr/bin/python3
>   ./configure \
>     --prefix=/usr \
>     --sbindir=/usr/bin \
>     --sysconfdir=/etc \
>     --libexecdir=/usr/lib/audit \
>     --with-python=yes \
>     --enable-gssapi-krb5=yes \
>     --enable-systemd=no \
>     --with-libcap-ng=yes \
>     --disable-zos-remote \
>     --enable-static=yes
>   make
> }
> 
> package() {
>   cd $pkgname-$pkgver
>   make DESTDIR="$pkgdir" install
> 
>   cd "$pkgdir"
>   install -d var/log/audit
>   rm -rf etc/rc.d etc/sysconfig usr/lib/audit
> 
>   sed -ri 's|/sbin|/usr/bin|' \
>     etc/audit/*.conf \
>     etc/audisp/plugins.d/*.conf