audit: Uprev audit

The recipe is derived from 2.1.3 with some changes made.
1. configuration files are updated to look for sbin binaries in /usr/sbin
2. a init.d file was derived from Debian to work with busybox's start-stop-daemon
3. the plugin package contents was fine tuned as some of the files from 2.1.3 were required
   to let audit run.

Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>

4 files changed, 554 insertions, 0 deletions

diff --git a/recipes-security/audit/audit-2.2.1/2.2.1-audit-for-cross-compiling.patch b/recipes-security/audit/audit-2.2.1/2.2.1-audit-for-cross-compiling.patch
new file mode 100644
index 0000000..e2eea95
--- /dev/null
+++ b/recipes-security/audit/audit-2.2.1/2.2.1-audit-for-cross-compiling.patch
@@ -0,0 +1,311 @@
+Fix audit for cross compiling
+
+Add support for CC_FOR_BUILD to the gen_captabs_h....
+
+Signed-off-by: Amy Fong <amy.fong@windriver.com>
+---
+ auparse/Makefile.am |   44 ++++++++++++++++++++++++++++++++++++++++++++
+ configure.ac        |    9 +++++++++
+ lib/Makefile.am     |   32 ++++++++++++++++++++++++++++++++
+ 3 files changed, 85 insertions(+)
+
+--- a/auparse/Makefile.am
++++ b/auparse/Makefile.am
+@@ -58,114 +58,158 @@
+ 
+ gen_captabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h captab.h
+ gen_captabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="captab.h"'
++gen_captabs_h: $(gen_captabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_captabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ captabs.h: gen_captabs_h Makefile
+        ./gen_captabs_h --i2s cap > $@
+ 
+ gen_clock_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h clocktab.h
+ gen_clock_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="clocktab.h"'
++gen_clock_h: $(gen_clock_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_clock_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ clocktabs.h: gen_clock_h Makefile
+        ./gen_clock_h --i2s clock > $@
+ 
+ gen_clone_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \
+        clone-flagtab.h
+ gen_clone_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="clone-flagtab.h"'
++gen_clone-flagtabs_h: $(gen_clone_flagtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_clone_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ clone-flagtabs.h: gen_clone-flagtabs_h Makefile
+        ./gen_clone-flagtabs_h --i2s-transtab clone_flag > $@
+ 
+ gen_epoll_ctls_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h epoll_ctl.h
+ gen_epoll_ctls_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="epoll_ctl.h"'
++gen_epoll_ctls_h: $(gen_epoll_ctls_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_epoll_ctls_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ epoll_ctls.h: gen_epoll_ctls_h Makefile
+        ./gen_epoll_ctls_h --i2s epoll_ctl > $@
+ 
+ gen_famtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h famtab.h
+ gen_famtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="famtab.h"'
++gen_famtabs_h: $(gen_famtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_famtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ famtabs.h: gen_famtabs_h Makefile
+        ./gen_famtabs_h --i2s fam > $@
+ 
+ gen_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h flagtab.h
+ # ../auparse/ is used to avoid using ../lib/flagtab.h
+ gen_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="../auparse/flagtab.h"'
++gen_flagtabs_h: $(gen_flagtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ flagtabs.h: gen_flagtabs_h Makefile
+        ./gen_flagtabs_h --i2s-transtab flag > $@
+ 
+ gen_fcntl_cmdtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \
+        fcntl-cmdtab.h
+ gen_fcntl_cmdtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="fcntl-cmdtab.h"'
++gen_fcntl-cmdtabs_h: $(gen_fcntl_cmdtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_fcntl_cmdtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ fcntl-cmdtabs.h: gen_fcntl-cmdtabs_h Makefile
+        ./gen_fcntl-cmdtabs_h --i2s fcntl > $@
+ 
+ gen_icmptypetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h icmptypetab.h
+ gen_icmptypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="icmptypetab.h"'
++gen_icmptypetabs_h: $(gen_icmptypetabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_icmptypetabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ icmptypetabs.h: gen_icmptypetabs_h Makefile
+        ./gen_icmptypetabs_h --i2s icmptype > $@
+ 
+ gen_ipctabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ipctab.h
+ gen_ipctabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ipctab.h"'
++gen_ipctabs_h: $(gen_ipctabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_ipctabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ ipctabs.h: gen_ipctabs_h Makefile
+        ./gen_ipctabs_h --i2s ipc > $@
+ 
+ gen_mmaptabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h mmaptab.h
+ gen_mmaptabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="mmaptab.h"'
++gen_mmaptabs_h: $(gen_mmaptabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_mmaptabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ mmaptabs.h: gen_mmaptabs_h Makefile
+        ./gen_mmaptabs_h --i2s-transtab mmap > $@
+ 
+ gen_mounttabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h mounttab.h
+ gen_mounttabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="mounttab.h"'
++gen_mounttabs_h: $(gen_mounttabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_mounttabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ mounttabs.h: gen_mounttabs_h Makefile
+        ./gen_mounttabs_h --i2s-transtab mount > $@
+ 
+ gen_nfprototabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h nfprototab.h
+ gen_nfprototabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="nfprototab.h"'
++gen_nfprototabs_h: $(gen_nfprototabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_nfprototabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ nfprototabs.h: gen_nfprototabs_h Makefile
+        ./gen_nfprototabs_h --i2s nfproto > $@
+ 
+ gen_open_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \
+        open-flagtab.h
+ gen_open_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="open-flagtab.h"'
++gen_open-flagtabs_h: $(gen_open_flagtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_open_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ open-flagtabs.h: gen_open-flagtabs_h Makefile
+        ./gen_open-flagtabs_h --i2s-transtab open_flag > $@
+ 
+ gen_persontabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h persontab.h
+ gen_persontabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="persontab.h"'
++gen_persontabs_h: $(gen_persontabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_persontabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ persontabs.h: gen_persontabs_h Makefile
+        ./gen_persontabs_h --i2s person > $@
+ 
+ gen_ptracetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ptracetab.h
+ gen_ptracetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ptracetab.h"'
++gen_ptracetabs_h: $(gen_ptracetabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_ptracetabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ ptracetabs.h: gen_ptracetabs_h Makefile
+        ./gen_ptracetabs_h --i2s ptrace > $@
+ 
+ gen_prottabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h prottab.h
+ gen_prottabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="prottab.h"'
++gen_prottabs_h: $(gen_prottabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_prottabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ prottabs.h: gen_prottabs_h Makefile
+        ./gen_prottabs_h --i2s-transtab prot > $@
+ 
+ gen_recvtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h recvtab.h
+ gen_recvtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="recvtab.h"'
++gen_recvtabs_h: $(gen_recvtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_recvtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ recvtabs.h: gen_recvtabs_h Makefile
+        ./gen_recvtabs_h --i2s-transtab recv > $@
+ 
+ gen_rlimit_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h rlimittab.h
+ gen_rlimit_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="rlimittab.h"'
++gen_rlimit_h: $(gen_rlimit_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_rlimit_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ rlimittabs.h: gen_rlimit_h Makefile
+        ./gen_rlimit_h --i2s rlimit > $@
+ 
+ gen_signals_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h signaltab.h
+ gen_signals_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="signaltab.h"'
++gen_signals_h: $(gen_signals_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_signals_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ signaltabs.h: gen_signals_h Makefile
+        ./gen_signals_h --i2s signal > $@
+ 
+ gen_socktabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h socktab.h
+ gen_socktabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="socktab.h"'
++gen_socktabs_h: $(gen_socktabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_socktabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ socktabs.h: gen_socktabs_h Makefile
+        ./gen_socktabs_h --i2s sock > $@
+ 
+ gen_socktypetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h socktypetab.h
+ gen_socktypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="socktypetab.h"'
++gen_socktypetabs_h: $(gen_socktypetabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_socktypetabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ socktypetabs.h: gen_socktypetabs_h Makefile
+        ./gen_socktypetabs_h --i2s sock_type > $@
+ 
+ gen_typetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h typetab.h
+ gen_typetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="typetab.h"'
++gen_typetabs_h: $(gen_typetabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_typetabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ typetabs.h: gen_typetabs_h Makefile
+        ./gen_typetabs_h --s2i type > $@
+--- a/configure.ac
++++ b/configure.ac
+@@ -104,6 +104,15 @@
+ fi
+ AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes")
+ 
++if test -z "$CC_FOR_BUILD"; then
++       if test "x$cross_compiling" = "xno"; then
++           CC_FOR_BUILD='$(CC)'
++    else
++           CC_FOR_BUILD=gcc
++    fi
++fi
++AC_SUBST(CC_FOR_BUILD)
++
+ #gssapi
+ AC_ARG_ENABLE(gssapi_krb5,
+        [AS_HELP_STRING([--enable-gssapi-krb5],[Enable GSSAPI Kerberos 5 support @<:@default=no@:>@])],
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -60,12 +60,16 @@
+ endif
+ gen_actiontabs_h_SOURCES = gen_tables.c gen_tables.h actiontab.h
+ gen_actiontabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="actiontab.h"'
++gen_actiontabs_h: $(gen_actiontabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_actiontabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ actiontabs.h: gen_actiontabs_h Makefile
+        ./gen_actiontabs_h --lowercase --i2s --s2i action > $@
+ 
+ if USE_ALPHA
+ gen_alpha_tables_h_SOURCES = gen_tables.c gen_tables.h alpha_table.h
+ gen_alpha_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="alpha_table.h"'
++gen_alpha_tables_h: $(gen_alpha_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_alpha_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ alpha_tables.h: gen_alpha_tables_h Makefile
+        ./gen_alpha_tables_h --lowercase --i2s --s2i alpha_syscall > $@
+ endif
+@@ -73,73 +77,101 @@
+ if USE_ARMEB
+ gen_armeb_tables_h_SOURCES = gen_tables.c gen_tables.h armeb_table.h
+ gen_armeb_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="armeb_table.h"'
++gen_armeb_tables_h: $(gen_armeb_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_armeb_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ armeb_tables.h: gen_armeb_tables_h Makefile
+        ./gen_armeb_tables_h --lowercase --i2s --s2i armeb_syscall > $@
+ endif
+ 
+ gen_errtabs_h_SOURCES = gen_tables.c gen_tables.h errtab.h
+ gen_errtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="errtab.h"'
++gen_errtabs_h: $(gen_errtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_errtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ errtabs.h: gen_errtabs_h Makefile
+        ./gen_errtabs_h --duplicate-ints --uppercase --i2s --s2i err > $@
+ 
+ gen_fieldtabs_h_SOURCES = gen_tables.c gen_tables.h fieldtab.h
+ gen_fieldtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="fieldtab.h"'
++gen_fieldtabs_h: $(gen_fieldtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_fieldtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ fieldtabs.h: gen_fieldtabs_h Makefile
+        ./gen_fieldtabs_h --duplicate-ints --lowercase --i2s --s2i field > $@
+ 
+ gen_flagtabs_h_SOURCES = gen_tables.c gen_tables.h flagtab.h
+ gen_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="flagtab.h"'
++gen_flagtabs_h: $(gen_flagtabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ flagtabs.h: gen_flagtabs_h Makefile
+        ./gen_flagtabs_h --lowercase --i2s --s2i flag > $@
+ 
+ gen_ftypetabs_h_SOURCES = gen_tables.c gen_tables.h ftypetab.h
+ gen_ftypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ftypetab.h"'
++gen_ftypetabs_h: $(gen_ftypetabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_ftypetabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ ftypetabs.h: gen_ftypetabs_h Makefile
+        ./gen_ftypetabs_h --lowercase --i2s --s2i ftype > $@
+ 
+ gen_i386_tables_h_SOURCES = gen_tables.c gen_tables.h i386_table.h
+ gen_i386_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="i386_table.h"'
++gen_i386_tables_h: $(gen_i386_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_i386_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ i386_tables.h: gen_i386_tables_h Makefile
+        ./gen_i386_tables_h --duplicate-ints --lowercase --i2s --s2i \
+                i386_syscall > $@
+ 
+ gen_ia64_tables_h_SOURCES = gen_tables.c gen_tables.h ia64_table.h
+ gen_ia64_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ia64_table.h"'
++gen_ia64_tables_h: $(gen_ia64_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_ia64_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ ia64_tables.h: gen_ia64_tables_h Makefile
+        ./gen_ia64_tables_h --lowercase --i2s --s2i ia64_syscall > $@
+ 
+ gen_machinetabs_h_SOURCES = gen_tables.c gen_tables.h machinetab.h
+ gen_machinetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="machinetab.h"'
++gen_machinetabs_h: $(gen_machinetabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_machinetabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ machinetabs.h: gen_machinetabs_h Makefile
+        ./gen_machinetabs_h --duplicate-ints --lowercase --i2s --s2i machine \
+                > $@
+ 
+ gen_msg_typetabs_h_SOURCES = gen_tables.c gen_tables.h msg_typetab.h
+ gen_msg_typetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="msg_typetab.h"'
++gen_msg_typetabs_h: $(gen_msg_typetabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_msg_typetabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ msg_typetabs.h: gen_msg_typetabs_h Makefile
+        ./gen_msg_typetabs_h --uppercase --i2s --s2i msg_type > $@
+ 
+ gen_optabs_h_SOURCES = gen_tables.c gen_tables.h optab.h
+ gen_optabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="optab.h"'
++gen_optabs_h: $(gen_optabs_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_optabs_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ optabs.h: gen_optabs_h Makefile
+        ./gen_optabs_h --i2s op > $@
+ 
+ gen_ppc_tables_h_SOURCES = gen_tables.c gen_tables.h ppc_table.h
+ gen_ppc_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ppc_table.h"'
++gen_ppc_tables_h: $(gen_ppc_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_ppc_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ ppc_tables.h: gen_ppc_tables_h Makefile
+        ./gen_ppc_tables_h --lowercase --i2s --s2i ppc_syscall > $@
+ 
+ gen_s390_tables_h_SOURCES = gen_tables.c gen_tables.h s390_table.h
+ gen_s390_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="s390_table.h"'
++gen_s390_tables_h: $(gen_s390_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_s390_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ s390_tables.h: gen_s390_tables_h Makefile
+        ./gen_s390_tables_h --lowercase --i2s --s2i s390_syscall > $@
+ 
+ gen_s390x_tables_h_SOURCES = gen_tables.c gen_tables.h s390x_table.h
+ gen_s390x_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="s390x_table.h"'
++gen_s390x_tables_h: $(gen_s390x_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_s390x_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ s390x_tables.h: gen_s390x_tables_h Makefile
+        ./gen_s390x_tables_h --lowercase --i2s --s2i s390x_syscall > $@
+ 
+ gen_x86_64_tables_h_SOURCES = gen_tables.c gen_tables.h x86_64_table.h
+ gen_x86_64_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="x86_64_table.h"'
++gen_x86_64_tables_h: $(gen_x86_64_tables_h_SOURCES)
++       $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_x86_64_tables_h_CFLAGS) $(LDFLAGS) -o $@ $<
+ x86_64_tables.h: gen_x86_64_tables_h Makefile
+        ./gen_x86_64_tables_h --lowercase --i2s --s2i x86_64_syscall > $@
diff --git a/recipes-security/audit/audit-2.2.1/auditd b/recipes-security/audit/audit-2.2.1/auditd
new file mode 100755
index 0000000..cda836a
--- /dev/null
+++ b/recipes-security/audit/audit-2.2.1/auditd
@@ -0,0 +1,152 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          auditd
+# Required-Start:    $local_fs
+# Required-Stop:     $local_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Audit Daemon
+# Description:       Collects audit information from Linux 2.6 Kernels.
+### END INIT INFO
+
+# Author: Philipp Matthias Hahn <pmhahn@debian.org>
+# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init
+
+# June, 2012: Adopted for yocto <amy.fong@windriver.com>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC="audit daemon"
+NAME=auditd
+DAEMON=/usr/sbin/auditd
+PIDFILE=/var/run/"$NAME".pid
+SCRIPTNAME=/etc/init.d/"$NAME"
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME"
+
+. /etc/default/rcS
+
+. /etc/init.d/functions                                                
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+        # Return
+        #   0 if daemon has been started
+        #   1 if daemon was already running
+        #   2 if daemon could not be started
+        start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \
+                || return 1
+        start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \
+                $EXTRAOPTIONS \
+                || return 2
+        if [ -f /etc/audit/audit.rules ]
+        then
+                /usr/sbin/auditctl -R /etc/audit/audit.rules >/dev/null
+        fi
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+        # Return
+        #   0 if daemon has been stopped
+        #   1 if daemon was already stopped
+        #   2 if daemon could not be stopped
+        #   other if a failure occurred
+        start-stop-daemon -K --quiet --pidfile "$PIDFILE" --name "$NAME"
+        RETVAL="$?"
+        [ "$RETVAL" = 2 ] && return 2
+        # Many daemons don't delete their pidfiles when they exit.
+        rm -f "$PIDFILE"
+        rm -f /var/run/audit_events
+        # Remove watches so shutdown works cleanly
+        case "$AUDITD_CLEAN_STOP" in
+                no|NO) ;;
+                *) /usr/sbin/auditctl -D >/dev/null ;;
+        esac
+        return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+        start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME
+        return 0
+}
+
+if [ ! -e /var/log/audit ]; then
+        mkdir -p /var/log/audit
+fi
+
+case "$1" in
+  start)
+        [ "$VERBOSE" != no ] && echo "Starting $DESC" "$NAME"
+        do_start
+        case "$?" in
+                0|1) [ "$VERBOSE" != no ] && echo 0 ;;
+                2) [ "$VERBOSE" != no ] && echo 1 ;;
+        esac
+        ;;
+  stop)
+        [ "$VERBOSE" != no ] && echo "Stopping $DESC" "$NAME"
+        do_stop
+        case "$?" in
+                0|1) [ "$VERBOSE" != no ] && echo 0 ;;
+                2) [ "$VERBOSE" != no ] && echo 1 ;;
+        esac
+        ;;
+  reload|force-reload)
+        echo "Reloading $DESC" "$NAME"
+        do_reload
+        echo $?
+        ;;
+  restart)
+        echo "Restarting $DESC" "$NAME"
+        do_stop
+        case "$?" in
+          0|1)
+                do_start
+                case "$?" in
+                        0) echo 0 ;;
+                        1) echo 1 ;; # Old process is still running
+                        *) echo 1 ;; # Failed to start
+                esac
+                ;;
+          *)
+                # Failed to stop
+                echo 1
+                ;;
+        esac
+        ;;
+  rotate)
+        echo "Rotating $DESC logs" "$NAME"
+        start-stop-daemon -K --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME"
+        echo $?
+        ;;
+  status)
+        pidofproc "$DAEMON" >/dev/null
+        status=$?
+        if [ $status -eq 0 ]; then
+                echo "$NAME is running."
+        else
+                echo "$NAME is not running."
+        fi
+        exit $status
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2
+        exit 3
+        ;;
+esac
+
+:
diff --git a/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch b/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch
new file mode 100644
index 0000000..95f98a2
--- /dev/null
+++ b/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch
@@ -0,0 +1,33 @@
+Fix sbindir paths in config files
+                                                                                                                     
+Change the default PATH of apps to reflect the location of sbindir
+in /usr/sbin
+                                                                                                                     
+Signed-off-by: Amy Fong <amy.fong@windriver.com>
+---
+ audisp/plugins/remote/au-remote.conf |    2 +-
+ init.d/auditd.conf                   |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/audisp/plugins/remote/au-remote.conf
++++ b/audisp/plugins/remote/au-remote.conf
+@@ -5,7 +5,7 @@
+ 
+ active = no
+ direction = out
+-path = /sbin/audisp-remote
++path = /usr/sbin/audisp-remote
+ type = always
+ #args =
+ format = string
+--- a/init.d/auditd.conf
++++ b/init.d/auditd.conf
+@@ -10,7 +10,7 @@
+ freq = 20
+ num_logs = 5
+ disp_qos = lossy
+-dispatcher = /sbin/audispd
++dispatcher = /usr/sbin/audispd
+ name_format = NONE
+ ##name = mydomain
+ max_log_file = 6 
diff --git a/recipes-security/audit/audit_2.2.1.bb b/recipes-security/audit/audit_2.2.1.bb
new file mode 100644
index 0000000..8fb9e03
--- /dev/null
+++ b/recipes-security/audit/audit_2.2.1.bb
@@ -0,0 +1,58 @@
+SUMMARY = "User space tools for kernel auditing"
+DESCRIPTION = "The audit package contains the user space utilities for \
+storing and searching the audit records generated by the audit subsystem \
+in the Linux kernel."
+HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
+SECTION = "base"
+PR = "r1"
+LICENSE = "GPLv2+ & LGPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
+           file://disable-ldap.patch \
+           file://audit-python.patch"
+
+SRC_URI += "file://2.2.1-audit-for-cross-compiling.patch file://sbin-in-usr.patch file://auditd"
+
+inherit autotools
+
+SRC_URI[md5sum] = "dc099fcb2f9242d47ecc35b46d71dfd1"
+SRC_URI[sha256sum] = "9865ca89f5b975ccf25441ddf45a874448f2bba944005aa8cd5e3c3148713a63"
+
+DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
+
+EXTRA_OECONF += "--without-prelude --with-libwrap --enable-gssapi-krb5=no --disable-ldap --with-libcap-ng=yes --with-python=yes"
+
+EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' PYINC='${STAGING_INCDIR}/$(PYLIBVER)'"
+
+SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
+DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
+interface to the audit system, audispd. These plugins can do things \
+like relay events to remote machines or analyze events for suspicious \
+behavior."
+
+PACKAGES =+ "audispd-plugins ${PN}-libs"
+PACKAGES += "${PN}-python"
+
+FILES_${PN}-libs += "${sysconfdir}/libaudit.conf ${libdir}/libaudit.so.1* ${libdir}/libauparse.so.*"
+FILES_${PN} += "${bindir} ${sbindir}"
+FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
+        ${sysconfdir}/audisp/plugins.d/au-remote.conf \
+        ${base_sbindir}/audisp-remote ${localstatedir}/spool/audit \
+        ${mandir}/man8/audisp-remote.8 ${mandir}/man5/audisp-remote.conf.5"
+FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
+FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
+
+do_install_append() {
+        rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
+        rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
+
+        # reuse auditd config
+        [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
+        mv ${D}/etc/sysconfig/auditd ${D}/etc/default
+        rmdir ${D}/etc/sysconfig/
+
+        # replace init.d
+        install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
+        rm -rf ${D}/etc/rc.d
+}