summaryrefslogtreecommitdiffstats
path: root/recipes-security/audit
Commit message (Collapse)AuthorAgeFilesLines
* audit: pkg now in meta-oeArmin Kuster2021-05-145-348/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: upgrade 3.0 -> 3.0.1Yi Zhao2021-03-032-51/+1
| | | | | | | | Drop backported patch: 0001-lib-arm_table.h-update-arm-syscall-table.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: move audisp-* to audispd-plugins packageYi Zhao2021-03-031-4/+10
| | | | | | | | The audisp-* files should be in audispd-plugins package rather than auditd package. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit:: update arm syscall tableYi Zhao2021-01-202-0/+50
| | | | | | | Refer to Glibc 2.32, add *_time64 syscalls. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: upgrade 2.8.5 -> 3.0Yi Zhao2021-01-146-234/+35
| | | | | | | | | | | | | | | * Drop backported patches: 0001-Header-definitions-need-to-be-external-when-building.patch 0001-lib-i386_table.h-add-new-syscall.patch Add-substitue-functions-for-strndupa-rawmemchr.patch * Refresh patch: Fixed-swig-host-contamination-issue.patch * Update auditd.service. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: enable arm/aarch64 processor support by defaultYi Zhao2021-01-141-2/+2
| | | | | | | | | | | | | | | | | We encountered a runtime error for auditctl on lib32 image for aarch64: root@xilinx-zynqmp:~# auditctl -a always,exit -F arch=b32 -S adjtimex -k TEST-time-change arch elf mapping not found The root cause is the aarch64 processor support is not enabled for arm build. Refer to Debian[1] and Fedora[2], actually we can enable arm/aarch64 processor support unconditionally. [1] https://salsa.debian.org/debian/audit/-/commit/8c6b2049bafb52712ca981e73d5b79d5bd97e08e [2] https://src.fedoraproject.org/rpms/audit/blob/master/f/audit.spec Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: Backport gcc10 fix for common defaultAlex Kiernan2020-09-182-0/+29
| | | | | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: set correct security context for /var/log/auditYi Zhao2020-07-141-1/+1
| | | | | | | | | | | | | | By default /var/log is a symbolic link of /var/volatile/log. But restorecon does not follow symbolic links then we will encounter the following error when set /var/log/audit directory: $ /sbin/restorecon -F /var/log/audit /sbin/restorecon: SELinux: Could not get canonical path for /var/log/audit restorecon: Permission denied. Use readlink to find the real path before set security context. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: add clock_settime64 syscallMingli Yu2020-02-192-0/+43
| | | | | | | | | | | | | | | | | | | | | | | On 32bit system, After upgrade glibc to 2.31 # strace -o /tmp/test.log date -s 09:16:45 # tail -f /tmp/test.log close(3) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=114, ...}) = 0 clock_settime64(CLOCK_REALTIME, {tv_sec=1582103805, tv_nsec=0}) = 0 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x4, 0x40), ...}) = 0 ioctl(1, TCGETS, {B115200 opost isig icanon echo ...}) = 0 write(1, "Wed Feb 19 09:16:45 UTC 2020\n", 29) = 29 close(1) = 0 close(2) = 0 exit_group(0) = ? +++ exited with 0 +++ It means the clock_settime64 syscall is used, so add the syscall. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: fix host contamination for swigYi Zhao2019-12-302-0/+58
| | | | | | | | | | | | | | The audit build uses swig to generate a python wrapper. But there is a hardcoded include directory in auditswig.i, which causes header files on the host to be used when building. This will cause build error on some old systems. e.g. on CentOS7 with buildtools: audit_wrap.c: In function '_wrap_audit_rule_flags_set': audit_wrap.c:5018:19: error: dereferencing pointer to incomplete type 'struct audit_rule' 5018 if (arg1) (arg1)->flags = arg2; ^~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: switch to python3Yi Zhao2019-12-194-173/+4
| | | | | | | | | | | | * Switch to python3 * Drop patches: audit-python-configure.patch audit-python.patch fix-swig-host-contamination.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: explicitly disable golang bindingsYi Zhao2019-09-171-0/+1
| | | | | | | | Disable golang bindings to avoid potential host contamination issue. Fixes: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13166 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: use git fetcher instead of the tarball sourceMingli Yu2019-07-081-3/+4
| | | | | | | | | | | Per http://people.redhat.com/sgrubb/audit/, the tarball source moves to https://github.com/linux-audit/audit-userspace, and since commit [21f84fc insane: add sanity checks to SRC_URI] applied in oe-core, do not use unstable github archive tarballs, so use git instead. Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: upgrade 2.8.4 -> 2.8.5Yi Zhao2019-07-087-84/+35
| | | | | | | | | | * Drop backport patch: 0001-Remove-strdupa-as-suggested-in-pull-request-25.patch * Refresh all patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: change to use ${WORKDIR} instead ${S}/../Chen Qi2019-04-151-1/+1
| | | | | | | | | | The do_install function is assuming that ${S}/../ is ${WORKDIR}, but this is not true when using `devtool modify audit'. So change to use ${WORKDIR}. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* Backport patches from upstream to fix build with muslLuca Boccassi2019-03-253-0/+183
| | | | | | | | | Audit 2.8.4 fails to build with musl. The fixes have been committed to the upstream master branch and can be backported. Building with glibc is unaffected. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: uprev to 2.8.4Yi Zhao2018-09-071-9/+10
| | | | | | | Add aarch64 support Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: fix pkgconfigdirKai Kang2018-05-081-1/+1
| | | | | | | | | | | | | | Because 'libdir' is set with ${base_libdir} in recipe file of audit, package config files(.pc) are installed to ${base_libdir}/pkgconfig that variable pkgconfigdir is set with ${libdir}/pkgconfig in makefile. Set pkgconfigdir directly to install .pc files to right directory. And remove setting of FILES_${PN}-dev which has been done in bitbake.conf in oe-core. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit 2.7.1 -> 2.7.6susanbian2017-09-081-2/+2
| | | | | | Upgrade audit from 2.7.1 to 2.7.6 Signed-off-by: susanbian <bianyq@cn.fujitsu.com>
* audit: fix the wrong packaging for auditd.serviceJackie Huang2017-09-081-1/+2
| | | | | | | | auditd.service should be packaged in 'auditd' instead of 'audit' since the required binaries and config files are all in 'auditd'. Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
* audit: update to v2.7.1Tim Orling2017-02-241-2/+2
| | | | | | | Added swig-native to DEPENDS Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* audit: add swig-native to DEPENDSRobert Yang2017-02-241-1/+1
| | | | | | | | | Fixed: make[4]: swig: Command not found make[4]: *** [audit_wrap.c] Error 127 Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* audit: upgrade 2.6.6 -> 2.7Wenzong Fan2017-01-091-2/+2
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: 2.5 -> 2.6.6Wang Xin2016-09-012-3/+3
| | | | | | | | 1) Upgrade audit from 2.5 to 2.6.6. 2) Modify audit-python.patch, since the data has changed. Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: upgrade 2.4.4 -> 2.5T.O. Radzy Radzykewycz2016-03-063-78/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * rebase patch audit-python-configure.patch * remove audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch as it had already been applied upstream * 2.5 includes miscellaneous enhancements and fixes: 2.5 - Make augenrules the default method to load audit rules - Put rules in its own directory and break out rules into groups - Have auditd do a fsync before closing log - Make default flush setting larger - In auparse. terminate the generated strings (Burn Alting) - In auditd, add incremental_async flushing mode - Clean up dangling fields in DAEMON events - Add audit by process name support to auditctl (Richard Briggs) - Relax permissions on systemd files - Fix auparse to handle interlaced events (Burn Alting) - Allow more syslog facilities in audispd-syslog (Aleksander Adamowski) 2.4.5 - Fix auditd disk flushing for data and sync modes - Fix auditctl to not show options not supported on older OS - Add audit.m4 file to aid adding support to other projects - Fix C99 inline function build issue - Add account lock and unlock event types - Change logging loophole check to geteuid() - Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn Alting) - Fix ausearch to parse FEATURE_CHANGE events ( From http://people.redhat.com/sgrubb/audit/ChangeLog ) Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> Signed-off-by: Philip Tricca <flihp@twobit.us>
* audit: upgrade 2.4.3 -> 2.4.4Wenzong Fan2015-11-272-5/+6
| | | | | | | | | | * rebase patch audit-python-configure.patch * 2.4.4 includes CVE-2015-5186 and bug fixes, detials refer to: http://people.redhat.com/sgrubb/audit/ChangeLog Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit/auvirt: get inline functions work with both gnu89 & gnu11Wenzong Fan2015-09-212-0/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After gcc upgraded to gcc5, and if the codes are compiled without optimization (-O0), and the below error will happen: auvirt.c:484: undefined reference to `copy_str' auvirt.c:667: undefined reference to `is_resource' collect2: error: ld returned 1 exit status gcc5 defaults to -std=gnu11 instead of -std=gnu89, and it requires that exactly one C source file has the callable copy of the inline function. Consider the following program: inline int foo (void) { return 42; } int main (void) { return foo (); } The program above will not link with the C99 inline semantics, because no out-of-line function foo is generated. To fix this, either mark the function foo as static, or add the following declaration: static inline int foo (void); More information refer to: https://gcc.gnu.org/gcc-5/porting_to.html Note: using "extern inline" will fail to build with gcc4.x, so replace inline with "static inline". Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: remove add-system-call-table-for-ARM.patchRobert Yang2015-08-142-48/+0
| | | | | | | | | | There isn't lib/machinetabs.h any more, there isn't data structures like "static const char machine_strings", either. This fixed a do_patch error when arm. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: fix qa warning, update config optionShrikant Bobade2015-08-141-1/+1
| | | | | | | | update config option '--with-armeb' to '--with-arm' for audit qa warning fix. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: upgrade 2.3.2 -> 2.4.3Li xin2015-08-076-3065/+125
| | | | | | | | | | | | | | | | 1) Remove audit-for-cross-compiling.patch and disable-ldap.patch since it it not needed anymore. 2) Modify audit-python-configure.patch audit-python.patch fix-swig-host-contamination.patch,since configure.ac and Makefile.am has been changed in 2.4.3 3) Warning Fix: -WARNING: QA Issue: audit: configure was passed unrecognised options: --without-ldap [unknown-configure-option] -WARNING: QA Issue: audit: Files/directories were installed but not shipped in any package Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: add bash to audtid runtime dependsDmitry Eremin-Solenikov2015-04-161-0/+1
| | | | | | | | | This is to fix the following QA warning: audit-2.3.2: auditd requires /bin/bash, but no providers in its RDEPENDS [file-rdeps] Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit-systemd: allow manual stop as sysvinitJackie Huang2015-01-261-1/+0
| | | | | | | The audit service should be manually stopped with systemd. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Globally replace 'base_contains' calls with 'bb.utils.contains'Joe MacDonald2014-09-161-1/+1
| | | | | | | | | | | | | | | Based on oe-core commit: commit 1528e596d4906c33e4be83fcf691cfe76d340ff3 Author: Otavio Salvador <otavio@ossystems.com.br> Date: Thu Apr 24 15:59:20 2014 -0300 Globally replace 'base_contains' calls with 'bb.utils.contains' The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* audit: Enable ARM System Call Audit in user space.Han Chao2014-04-242-0/+48
| | | | | | | | | | | | Audit System Call needs kernel and user space support. In user space it needs system call table for ARM. It also needs a configure option --with-armeb for build audit. Audit system call also needs enable kernel config CONFIG_AUDITSYSCALL. Signed-off-by: Han Chao <chan@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: Fix lack of a default audit.rulesMark Hatle2014-04-072-1/+6
| | | | | | | | | | | | | | | Various components were failing, and upon investigation it was noted that the audit.rules file referenced by the initscript wasn't available. There was however a copy under the rules.d directory. Investigating the audit.spec file (which in the upstream source) showed that it was expected that the version in the rules.d should be copied into /etc/audit. Do this and correct the systemd services file to use the same file. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: fix the permission of configuration fileRoy Li2014-04-031-0/+3
| | | | | | | A ordinary use should not to access auditd configuration files Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: Add systemd supportRoy Li2014-04-033-2/+38
| | | | | | | Audit unit file is from https://fedorahosted.org/audit/browser/trunk/init.d/auditd.service Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* Revert "libsemanage: add audit dependency"Wenzong Fan2014-01-201-7/+1
| | | | | | | This reverts commit 146bd8c6bc3bc0e9e96a8517263f28f7915b871d. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* audit: the ldap option should be "--without-ldap"Xin Ouyang2014-01-131-1/+1
| | | | Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* libsemanage: add audit dependencyWenzong Fan2014-01-101-1/+7
| | | | | | | Building libsemanage 2.2 need the header libaudit.h. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* audit: address x-compile issuesJoe MacDonald2013-10-231-416/+2933
| | | | | | | | | The previous approach works well for modern hosts but older ones still require the pre-gen'd header files to behave nicely in a x-compile environment. So we generate them, patch them in and remove the bits of the Makefile that may take it upon itself to re-gen them again. Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: Uprev to audit 2.3.2Mark Hatle2013-10-026-2564/+234
| | | | | | | | Refactor the audit cross compiling patch. The new patch might have some minor host dependencies. If so, let me know! Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* always force to restore file contexts in initscriptsXin Ouyang2013-10-022-2/+2
| | | | | | | | | | | In policycoreutils-2.13+, restorecon changes its default behaviour, and does not restore context if the file' type is correct, even its mcs/mls level is incorrect. We should force it always to restore file contexts in initscripts to avoid issues. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: Fixed swig host contamination issueAnders Hedlund2013-08-013-5/+56
| | | | | | | | | | | | | CQID: 428272 The audit build uses swig to generate a python wrapper. Unfortunately, the swig info file references host include directories. Some of these were previously noticed and eliminated, but the one fixed here was not. Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* audit: use generated headers for cross compilingXin Ouyang2013-04-013-334/+2442
| | | | | | | | | | | | | | | | | | | Default audit Makefile will generate native executables in lib/ and auparse/, which are named as gen_*_h and run on the hosts to create *_tables.h/*tabs.h header files for the targets. This is inappropriate for our cross compiling because they need linux-libc-headers from the host. Even worse, on some old hosts, build will fail because some .h files in the old linux-libc-headers (<= 2.6.29) has incomplete DEFINE lists for the audit system. So add *tables.h/*tabs.h header files which are generated from linux-libc-headers-3.4, and do not generate and run those native executables. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit: admin tools&daemons install to base_sbindirXin Ouyang2013-01-223-39/+7
| | | | | | | | audit admin tools and daemons should install to base_sbindir, so they can get correct security labels after selinux restorecon command. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit: enable auditd service for default runlevelsXin Ouyang2013-01-071-2/+6
| | | | | | CQID: WIND00397456 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit: fix package issues.Xin Ouyang2012-10-111-9/+20
| | | | | | | | | | | | Rename two packages and change files in them. * audit-libs -> audit : main package, for libraries * audit -> auditd : for daemon binaries Libraries are changed to install into ${base_libdir}. The two fixes are used to fix QA issues and fit the Debian policy. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit-2.2.1: copy bits/socket_type.h only if it existsXin Ouyang2012-09-071-2/+6
| | | | | | | | | eglibc-2.16 splits enum __socket_type from bits/socket.h to bits/socket_type.h, so old eglibc does not have bits/socket_type.h We should copy it only if it exists. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit-2.2.1: Add bits/socket_type.h from target libc-headers.Xin Ouyang2012-08-171-0/+1
| | | | | | | | We have copied some target kernel headers in 72fb6da. We may get build failures because of missing bits/socket_type.h on some hosts, so add it. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-21 09:38:29 +0000