audit 2.5.1 released
Steve Grubb
sgrubb at redhat.com
Mon May 9 14:01:26 UTC 2016
On Saturday, April 30, 2016 09:29:18 PM Manuel Scunthorpe wrote:
> Dear Steve,thanks for your helpful observations. I was able to modify the
> PKGBUILD and successfully build the package, and then build e4rat-lite
> which was my ultimate aim. Sadly it didn't seem to work in Arch Linux due
> to the kernel config options, e4rat-lite-collect didn't collect anything,
> complained about being unable to log anything due to a bad file descriptor
> and there was a message at boot saying Cannot open audit socket, which was
> similar to what auditctl said in the terminal. Of course it might work and
> I've got something else wrong, it doesn't look encouraging though without
> CONFIG_AUDIT enabled. But I was just looking at my Void Linux kernel
> options:CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y
> CONFIG_AUDITSYSCALL=y
> CONFIG_AUDIT_WATCH=y
> CONFIG_AUDIT_TREE=y
> This looks more promising so I will have to try it here instead sometime,
> although what I will have to build to fulfill the various builddeps I don't
> yet know. Would it be OK if I tried to make an 'audit' package for Void
> Linux if they want one?
Sure.
> There isn't one in the repo at present, so if I get
> a working build then I might as well share it. It could take a while to get
> to that point though, and that's assuming I can get everything to work in
> Void and don't end up using some other readahead utility altogether or
> accidentally corrupting my filesystem. But I can be happy I'm building
> audit correctly now.I will try and pass on your comments about zos servers
> and openldap-devel to the Arch packagers as I can only take credit for the
> confusion over the systemd support option in my earlier PKGBUILD.
>
> Here's my successful modified PKGBUILD with the correct checksum for 2.5.1,
> which downloads and builds cleanly:# Edit /etc/makepkg.conf: staticlibs not
> !staticlibs or they are deleted by makepkg.
>
> # $Id: PKGBUILD 146469 2015-11-10 05:04:55Z thestinger $
> # Maintainer: Daniel Micay <danielmicay at gmail.com>
> # Contributor: <kang at insecure.ws>
> # Contributor: Massimiliano Torromeo <massimiliano.torromeo at gmail.com>
> # Contributor: Connor Behan <connor.behan at gmail.com>
> # Contributor: henning mueller <henning at orgizm.net>
>
> pkgname=audit
> pkgver=2.5.1
> pkgrel=1
> pkgdesc='Userspace components of the audit framework'
> url='https://people.redhat.com/sgrubb/audit'
> arch=(i686 x86_64)
> depends=(krb5 libcap-ng)
> makedepends=(libldap swig linux-headers python)
You can drop libldap since you disable zos support below. Its harmless as is
but not necessary for the configure options below.
-Steve
> license=(GPL)
> options=(emptydirs)
> groups=('modified')
> backup=(
> etc/libaudit.conf
> etc/audit/auditd.conf
> etc/audisp/audispd.conf
> etc/audisp/audisp-remote.conf
> etc/audisp/plugins.d/af_unix.conf
> etc/audisp/plugins.d/au-remote.conf
> etc/audisp/plugins.d/syslog.conf
> )
> source=("$url/$pkgname-$pkgver.tar.gz")
> sha256sums=('3c6ec72d8c16d1e85cc2b9c260cc6440319eb294cb54ca41a7bbe9283cc9f42
> 1') install=$pkgname.install
>
> build() {
> cd $pkgname-$pkgver
> export PYTHON=/usr/bin/python3
> ./configure \
> --prefix=/usr \
> --sbindir=/usr/bin \
> --sysconfdir=/etc \
> --libexecdir=/usr/lib/audit \
> --with-python=yes \
> --enable-gssapi-krb5=yes \
> --enable-systemd=no \
> --with-libcap-ng=yes \
> --disable-zos-remote \
> --enable-static=yes
> make
> }
>
> package() {
> cd $pkgname-$pkgver
> make DESTDIR="$pkgdir" install
>
> cd "$pkgdir"
> install -d var/log/audit
> rm -rf etc/rc.d etc/sysconfig usr/lib/audit
>
> sed -ri 's|/sbin|/usr/bin|' \
> etc/audit/*.conf \
> etc/audisp/plugins.d/*.conf
More information about the Linux-audit
mailing list