Re: audit 2.5.1 released

From: Manuel Scunthorpe <u7181-wlodsazi@yahoo.co.uk>
To: "linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: Re: audit 2.5.1 released
Date: Sat, 30 Apr 2016 21:29:18 +0000 (UTC)	[thread overview]
Message-ID: <543804231.8112760.1462051758161.JavaMail.yahoo@mail.yahoo.com> (raw)
In-Reply-To: 543804231.8112760.1462051758161.JavaMail.yahoo.ref@mail.yahoo.com

[-- Attachment #1.1: Type: text/plain, Size: 3471 bytes --]

Dear Steve,thanks for your helpful observations. I was able to modify the PKGBUILD and successfully build the package, and then build e4rat-lite which was my ultimate aim. Sadly it didn't seem to work in Arch Linux due to the kernel config options, e4rat-lite-collect didn't collect anything, complained about being unable to log anything due to a bad file descriptor and there was a message at boot saying Cannot open audit socket, which was similar to what auditctl said in the terminal. Of course it might work and I've got something else wrong, it doesn't look encouraging though without CONFIG_AUDIT enabled. But I was just looking at my Void Linux kernel options:CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
This looks more promising so I will have to try it here instead sometime, although what I will have to build to fulfill the various builddeps I don't yet know. Would it be OK if I tried to make an 'audit' package for Void Linux if they want one? There isn't one in the repo at present, so if I get a working build then I might as well share it. It could take a while to get to that point though, and that's assuming I can get everything to work in Void and don't end up using some other readahead utility altogether or accidentally corrupting my filesystem. But I can be happy I'm building audit correctly now.I will try and pass on your comments about zos servers and openldap-devel to the Arch packagers as I can only take credit for the confusion over the systemd support option in my earlier PKGBUILD.

Here's my successful modified PKGBUILD with the correct checksum for 2.5.1, which downloads and builds cleanly:# Edit /etc/makepkg.conf: staticlibs not !staticlibs or they are deleted by makepkg.

# $Id: PKGBUILD 146469 2015-11-10 05:04:55Z thestinger $
# Maintainer: Daniel Micay <danielmicay@gmail.com>
# Contributor: <kang@insecure.ws>
# Contributor: Massimiliano Torromeo <massimiliano.torromeo@gmail.com>
# Contributor: Connor Behan <connor.behan@gmail.com>
# Contributor: henning mueller <henning@orgizm.net>

pkgname=audit
pkgver=2.5.1
pkgrel=1
pkgdesc='Userspace components of the audit framework'
url='https://people.redhat.com/sgrubb/audit'
arch=(i686 x86_64)
depends=(krb5 libcap-ng)
makedepends=(libldap swig linux-headers python)
license=(GPL)
options=(emptydirs)
groups=('modified')
backup=(
  etc/libaudit.conf
  etc/audit/auditd.conf
  etc/audisp/audispd.conf
  etc/audisp/audisp-remote.conf
  etc/audisp/plugins.d/af_unix.conf
  etc/audisp/plugins.d/au-remote.conf
  etc/audisp/plugins.d/syslog.conf
)
source=("$url/$pkgname-$pkgver.tar.gz")
sha256sums=('3c6ec72d8c16d1e85cc2b9c260cc6440319eb294cb54ca41a7bbe9283cc9f421')
install=$pkgname.install

build() {
  cd $pkgname-$pkgver
  export PYTHON=/usr/bin/python3
  ./configure \
    --prefix=/usr \
    --sbindir=/usr/bin \
    --sysconfdir=/etc \
    --libexecdir=/usr/lib/audit \
    --with-python=yes \
    --enable-gssapi-krb5=yes \
    --enable-systemd=no \
    --with-libcap-ng=yes \
    --disable-zos-remote \
    --enable-static=yes
  make
}

package() {
  cd $pkgname-$pkgver
  make DESTDIR="$pkgdir" install

  cd "$pkgdir"
  install -d var/log/audit
  rm -rf etc/rc.d etc/sysconfig usr/lib/audit

  sed -ri 's|/sbin|/usr/bin|' \
    etc/audit/*.conf \
    etc/audisp/plugins.d/*.conf

[-- Attachment #1.2: Type: text/html, Size: 7249 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]