From mboxrd@z Thu Jan 1 00:00:00 1970 From: Manuel Scunthorpe Subject: Re: audit 2.5.1 released Date: Sat, 30 Apr 2016 21:29:18 +0000 (UTC) Message-ID: <543804231.8112760.1462051758161.JavaMail.yahoo@mail.yahoo.com> References: <543804231.8112760.1462051758161.JavaMail.yahoo.ref@mail.yahoo.com> Reply-To: Manuel Scunthorpe Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0834987852925174685==" Return-path: Received: from mx1.redhat.com (ext-mx09.extmail.prod.ext.phx2.redhat.com [10.5.110.38]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u3ULXh9s009552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 30 Apr 2016 17:33:43 -0400 Received: from nm23-vm1.bullet.mail.ir2.yahoo.com (nm23-vm1.bullet.mail.ir2.yahoo.com [212.82.97.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7D644627CF for ; Sat, 30 Apr 2016 21:33:41 +0000 (UTC) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: "linux-audit@redhat.com" List-Id: linux-audit@redhat.com --===============0834987852925174685== Content-Type: multipart/alternative; boundary="----=_Part_8112759_1287425060.1462051758157" ------=_Part_8112759_1287425060.1462051758157 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dear Steve,thanks for your helpful observations. I was able to modify the P= KGBUILD and successfully build the package, and then build e4rat-lite which= was my ultimate aim. Sadly it didn't seem to work in Arch Linux due to the= kernel config options, e4rat-lite-collect didn't collect anything, complai= ned about being unable to log anything due to a bad file descriptor and the= re was a message at boot saying Cannot open audit socket, which was similar= to what auditctl said in the terminal. Of course it might work and I've go= t something else wrong, it doesn't look encouraging though without CONFIG_A= UDIT enabled. But I was just looking at my Void Linux kernel options:CONFIG= _AUDIT=3Dy CONFIG_HAVE_ARCH_AUDITSYSCALL=3Dy CONFIG_AUDITSYSCALL=3Dy CONFIG_AUDIT_WATCH=3Dy CONFIG_AUDIT_TREE=3Dy This looks more promising so I will have to try it here instead sometime, a= lthough what I will have to build to fulfill the various builddeps I don't = yet know. Would it be OK if I tried to make an 'audit' package for Void Lin= ux if they want one? There isn't one in the repo at present, so if I get a = working build then I might as well share it. It could take a while to get t= o that point though, and that's assuming I can get everything to work in Vo= id and don't end up using some other readahead utility altogether or accide= ntally corrupting my filesystem. But I can be happy I'm building audit corr= ectly now.I will try and pass on your comments about zos servers and openld= ap-devel to the Arch packagers as I can only take credit for the confusion = over the systemd support option in my earlier PKGBUILD. Here's my successful modified PKGBUILD with the correct checksum for 2.5.1,= which downloads and builds cleanly:# Edit /etc/makepkg.conf: staticlibs no= t !staticlibs or they are deleted by makepkg. # $Id: PKGBUILD 146469 2015-11-10 05:04:55Z thestinger $ # Maintainer: Daniel Micay # Contributor: # Contributor: Massimiliano Torromeo # Contributor: Connor Behan # Contributor: henning mueller pkgname=3Daudit pkgver=3D2.5.1 pkgrel=3D1 pkgdesc=3D'Userspace components of the audit framework' url=3D'https://people.redhat.com/sgrubb/audit' arch=3D(i686 x86_64) depends=3D(krb5 libcap-ng) makedepends=3D(libldap swig linux-headers python) license=3D(GPL) options=3D(emptydirs) groups=3D('modified') backup=3D( =C2=A0 etc/libaudit.conf =C2=A0 etc/audit/auditd.conf =C2=A0 etc/audisp/audispd.conf =C2=A0 etc/audisp/audisp-remote.conf =C2=A0 etc/audisp/plugins.d/af_unix.conf =C2=A0 etc/audisp/plugins.d/au-remote.conf =C2=A0 etc/audisp/plugins.d/syslog.conf ) source=3D("$url/$pkgname-$pkgver.tar.gz") sha256sums=3D('3c6ec72d8c16d1e85cc2b9c260cc6440319eb294cb54ca41a7bbe9283cc9= f421') install=3D$pkgname.install build() { =C2=A0 cd $pkgname-$pkgver =C2=A0 export PYTHON=3D/usr/bin/python3 =C2=A0 ./configure \ =C2=A0=C2=A0=C2=A0 --prefix=3D/usr \ =C2=A0=C2=A0=C2=A0 --sbindir=3D/usr/bin \ =C2=A0=C2=A0=C2=A0 --sysconfdir=3D/etc \ =C2=A0=C2=A0=C2=A0 --libexecdir=3D/usr/lib/audit \ =C2=A0=C2=A0=C2=A0 --with-python=3Dyes \ =C2=A0=C2=A0=C2=A0 --enable-gssapi-krb5=3Dyes \ =C2=A0=C2=A0=C2=A0 --enable-systemd=3Dno \ =C2=A0=C2=A0=C2=A0 --with-libcap-ng=3Dyes \ =C2=A0=C2=A0=C2=A0 --disable-zos-remote \ =C2=A0=C2=A0=C2=A0 --enable-static=3Dyes =C2=A0 make } package() { =C2=A0 cd $pkgname-$pkgver =C2=A0 make DESTDIR=3D"$pkgdir" install =C2=A0 cd "$pkgdir" =C2=A0 install -d var/log/audit =C2=A0 rm -rf etc/rc.d etc/sysconfig usr/lib/audit =C2=A0 sed -ri 's|/sbin|/usr/bin|' \ =C2=A0=C2=A0=C2=A0 etc/audit/*.conf \ =C2=A0=C2=A0=C2=A0 etc/audisp/plugins.d/*.conf ------=_Part_8112759_1287425060.1462051758157 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dear Steve,
thanks for your helpful observations. I was able to modify the PKGBUILD= and successfully build the package, and then build e4rat-lite which was my= ultimate aim. Sadly it didn't seem to work in Arch Linux due to the kernel= config options, e4rat-lite-collect didn't collect anything, complained abo= ut being unable to log anything due to a bad file descriptor and there was = a message at boot saying Cannot open audit socket, which was similar to wha= t auditctl said in the terminal. Of course it might work and I've got somet= hing else wrong, it doesn't look encouraging though without CONFIG_AUDIT en= abled. But I was just looking at my Void Linux kernel options:
CONFIG_AUDIT=3Dy
CONFIG_HAVE_ARCH_AUDITSYSCALL=3D= y
CONFIG_AUDITSYSCALL=3DyCONFIG_AUDIT_WATCH=3Dy
CONFIG_AUDIT_TREE=3Dy
This looks more promising so I will hav= e to try it here instead sometime, although what I will have to build to fu= lfill the various builddeps I don't yet know. Would it be OK if I tried to = make an 'audit' package for Void Linux if they want one? There isn't one in= the repo at present, so if I get a working build then I might as well shar= e it. It could take a while to get to that point though, and that's assumin= g I can get everything to work in Void and don't end up using some other re= adahead utility altogether or accidentally corrupting my filesystem. But I = can be happy I'm building audit correctly now.
I will try and pass on your comments = about zos servers and openldap-devel to the Arch packagers as I can only ta= ke credit for the confusion over the systemd support option in my earlier P= KGBUILD.

= Here's my successful modified PKGBUILD with the correct checksum for 2.5.1,= which downloads and builds cleanly:
# Edit /etc/makepkg.conf: staticlibs not !stati= clibs or they are deleted by makepkg.

# $Id: PKGBUILD 1= 46469 2015-11-10 05:04:55Z thestinger $
# Maintainer: Daniel Micay <danielmicay@gmail.com>
# Contributor: <kang@insecure.= ws>
# Contributor: Massim= iliano Torromeo <massimiliano.torromeo@gmail.com>
# Contributor: Connor Behan <connor.behan@gm= ail.com>
# Contributor: h= enning mueller <henning@orgizm.net>

pkgname=3Daud= it
pkgver=3D2.5.1
pkgrel=3D1
pkgdesc=3D'Userspace components of the audit framework'=
url=3D'https://people.redha= t.com/sgrubb/audit'
arch=3D(= i686 x86_64)
depends=3D(krb5= libcap-ng)
makedepends=3D(l= ibldap swig linux-headers python)
license=3D(GPL)
option= s=3D(emptydirs)
groups=3D('m= odified')
backup=3D(
  etc/libaudit.conf
  etc/audit/auditd.conf
  etc/audisp/audispd.conf  etc/audisp/audisp-remot= e.conf
  etc/audisp/plu= gins.d/af_unix.conf
  e= tc/audisp/plugins.d/au-remote.conf
  etc/audisp/plugins.d/syslog.conf
)
source= =3D("$url/$pkgname-$pkgver.tar.gz")
sha256sums=3D('3c6ec72d8c16d1e85cc2b9c260cc6440319eb294cb54ca41a7bb= e9283cc9f421')
install=3D$pk= gname.install

build() {
  cd $pkgname-$pkgver
  export PYTHON=3D/usr/bin/python3
  ./configure \
    --prefix=3D/usr \
    --sbindir=3D/usr/bin \
    --sysconfdir= =3D/etc \
   = --libexecdir=3D/usr/lib/audit \
    --with-python=3Dyes \
    --enable-gssapi-krb5=3Dyes \
    --enable-systemd= =3Dno \
    -= -with-libcap-ng=3Dyes \
&nbs= p;   --disable-zos-remote \
    --enable-static=3Dyes
  make
}

package() {
  cd $pkgname-$pkgver
  make DESTDIR=3D"$pkgdir" install

&nb= sp; cd "$pkgdir"
  inst= all -d var/log/audit
  = rm -rf etc/rc.d etc/sysconfig usr/lib/audit

  sed = -ri 's|/sbin|/usr/bin|' \
&n= bsp;   etc/audit/*.conf \
    etc/audisp/plugins.d/*.conf

------=_Part_8112759_1287425060.1462051758157-- --===============0834987852925174685== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============0834987852925174685==--