Get this into shape for full usage with OpenRC, and also the pending cleanup for the package.mask. Please see the new configuration options in the conf.d file. The upstream AUDITD_CLEAN_STOP and AUDITD_STOP_DISABLE sysconfig options are represented by the audit.rules.stop.pre sequence now.

(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
author: Robin H. Johnson <robbat2@gentoo.org> 2011-09-11 02:58:55 +0000
committer: Robin H. Johnson <robbat2@gentoo.org> 2011-09-11 02:58:55 +0000
commit: e8e6855655d15d075bebc37a7f6178420e44818d (patch)
tree: 09b9b58df624d7ad063b286f1ad066c2a649eaaf /sys-process
parent: Added missing DEPEND sys-devel/libtool (bug #382501). (diff)
download: gentoo-2-e8e6855655d15d075bebc37a7f6178420e44818d.tar.gz
gentoo-2-e8e6855655d15d075bebc37a7f6178420e44818d.tar.bz2
gentoo-2-e8e6855655d15d075bebc37a7f6178420e44818d.zip
6 files changed, 165 insertions, 8 deletions
diff --git a/sys-process/audit/ChangeLog b/sys-process/audit/ChangeLog
index a4e053327fc2..f5fe17d81935 100644
--- a/sys-process/audit/ChangeLog
+++ b/sys-process/audit/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-process/audit
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.70 2011/09/10 19:06:09 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.71 2011/09/11 02:58:55 robbat2 Exp $
+
+  11 Sep 2011; Robin H. Johnson <robbat2@gentoo.org>
+  +files/auditd-conf.d-2.1.3, +files/auditd-init.d-2.1.3, audit-2.1.3.ebuild,
+  files/audit.rules, files/audit.rules.stop.pre, +files/audit.rules-2.1.3:
+  Get this into shape for full usage with OpenRC, and also the pending cleanup
+  for the package.mask. Please see the new configuration options in the conf.d
+  file. The upstream AUDITD_CLEAN_STOP and AUDITD_STOP_DISABLE sysconfig
+  options are represented by the audit.rules.stop.pre sequence now.
 
 *audit-2.1.3 (10 Sep 2011)
 
diff --git a/sys-process/audit/audit-2.1.3.ebuild b/sys-process/audit/audit-2.1.3.ebuild
index 12902d29f61f..062b9a788c4c 100644
--- a/sys-process/audit/audit-2.1.3.ebuild
+++ b/sys-process/audit/audit-2.1.3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3.ebuild,v 1.1 2011/09/10 19:06:09 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3.ebuild,v 1.2 2011/09/11 02:58:55 robbat2 Exp $
 
 EAPI="3"
 PYTHON_DEPEND="2"
@@ -50,7 +50,6 @@ src_prepare() {
 		"${S}"/configure.ac || die
 	sed -i \
 		-e 's,system-config-audit,,g' \
-		-e '/^SUBDIRS/s,\\$,,g' \
 		"${S}"/Makefile.am || die
 	rm -rf "${S}"/system-config-audit
 
@@ -126,8 +125,8 @@ src_install() {
 	docinto contrib/plugin
 	dodoc contrib/plugin/*
 
-	newinitd "${FILESDIR}"/auditd-init.d-1.7.17 auditd
-	newconfd "${FILESDIR}"/auditd-conf.d-1.2.3 auditd
+	newinitd "${FILESDIR}"/auditd-init.d-2.1.3 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
 
 	# things like shadow use this so we need to be in /
 	dodir /$(get_libdir)
@@ -139,7 +138,8 @@ src_install() {
 
 	# Gentoo rules
 	insinto /etc/audit/
-	doins "${FILESDIR}"/audit.rules*
+	newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+	doins "${FILESDIR}"/audit.rules.stop*
 
 	# audit logs go here
 	keepdir /var/log/audit/
diff --git a/sys-process/audit/files/audit.rules-2.1.3 b/sys-process/audit/files/audit.rules-2.1.3
new file mode 100644
index 000000000000..b2b4f02f12f1
--- /dev/null
+++ b/sys-process/audit/files/audit.rules-2.1.3
@@ -0,0 +1,26 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a exit,always -S all
+
+# Increase the buffers to survive stress events
+-b 8192
+
+# vim:ft=conf:
diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre
index c404b515d8e1..c5fb4f9444ae 100644
--- a/sys-process/audit/files/audit.rules.stop.pre
+++ b/sys-process/audit/files/audit.rules.stop.pre
@@ -1,6 +1,6 @@
-# Copyright 1999-2005 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.2 2011/09/11 02:58:55 robbat2 Exp $
 #
 # This file contains the auditctl rules that are loaded immediately before the
 # audit deamon is stopped via the initscripts.
@@ -10,4 +10,7 @@
 # auditd is stopping, don't capture events anymore
 -D
 
+# Disable kernel generating audit events
+-e 0
+
 # vim:ft=conf:
diff --git a/sys-process/audit/files/auditd-conf.d-2.1.3 b/sys-process/audit/files/auditd-conf.d-2.1.3
new file mode 100644
index 000000000000..b5f389eaf596
--- /dev/null
+++ b/sys-process/audit/files/auditd-conf.d-2.1.3
@@ -0,0 +1,23 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
+
+# If you want to enforce a certain locale for auditd, 
+# uncomment one of the next lines:
+#AUDITD_LANG=none
+AUDITD_LANG=C
+#AUDITD_LANG=en_US
+#AUDITD_LANG=en_US.UTF-8
diff --git a/sys-process/audit/files/auditd-init.d-2.1.3 b/sys-process/audit/files/auditd-init.d-2.1.3
new file mode 100644
index 000000000000..6ac218d67225
--- /dev/null
+++ b/sys-process/audit/files/auditd-init.d-2.1.3
@@ -0,0 +1,97 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+
+extra_started_commands='reload reload_auditd reload_rules'
+description='Linux Auditing System'
+description_reload='Reload daemon configuration and rules'
+description_reload_rules='Reload daemon rules'
+description_reload_auditd='Reload daemon configuration'
+
+name='auditd'
+pidfile='/var/run/auditd.pid'
+command='/sbin/auditd'
+
+start_auditd() {
+	# Env handling taken from the upstream init script
+    if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+        unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+    else
+        LANG="$AUDITD_LANG"
+        LC_TIME="$AUDITD_LANG"
+        LC_ALL="$AUDITD_LANG"
+        LC_MESSAGES="$AUDITD_LANG"
+        LC_NUMERIC="$AUDITD_LANG"
+        LC_MONETARY="$AUDITD_LANG"
+        LC_COLLATE="$AUDITD_LANG"
+        export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+    fi  
+	unset HOME MAIL USER USERNAME
+
+	ebegin "Starting ${name}"
+	start-stop-daemon \
+		--start --quiet --pidfile ${pidfile} \
+		--exec ${command} -- ${EXTRAOPTIONS}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+stop_auditd() {	
+	ebegin "Stopping ${name}"
+	start-stop-daemon --stop --quiet --pidfile ${pidfile}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+
+loadfile() {
+	local rules="$1"
+	if [ -n "${rules}" -a -f "${rules}" ]; then
+		einfo "Loading audit rules from ${rules}"
+		/sbin/auditctl -R "${rules}" 1>/dev/null
+		return $?
+	else
+		return 0
+	fi
+}
+
+start() {
+	start_auditd
+	local ret=$?
+	if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
+		touch /var/lock/subsys/${name}
+		loadfile "${RULEFILE_STARTUP}"
+	fi
+	return $ret
+}
+
+reload_rules() {
+	loadfile "${RULEFILE_STARTUP}"
+}
+
+reload_auditd() {
+	[ -f ${pidfile} ] && kill -HUP `cat ${pidfile}`
+}
+
+reload() {
+	reload_auditd
+	reload_rules
+}
+
+stop() {
+	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
+	stop_auditd
+	rm -f /var/lock/subsys/${name}
+	local ret=$?
+	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
+	return $ret
+}
+
+# This is a special case, we do not want to touch the rules at all
+restart() {
+	stop_auditd
+	start_auditd
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2011-09-11 02:58:55 +0000
committer	Robin H. Johnson <robbat2@gentoo.org>	2011-09-11 02:58:55 +0000
commit	e8e6855655d15d075bebc37a7f6178420e44818d (patch)
tree	09b9b58df624d7ad063b286f1ad066c2a649eaaf /sys-process
parent	Added missing DEPEND sys-devel/libtool (bug #382501). (diff)
download	gentoo-2-e8e6855655d15d075bebc37a7f6178420e44818d.tar.gz gentoo-2-e8e6855655d15d075bebc37a7f6178420e44818d.tar.bz2 gentoo-2-e8e6855655d15d075bebc37a7f6178420e44818d.zip