From 614837afa1d92fcfef65135c18974165cfcd2612 Mon Sep 17 00:00:00 2001 From: Amy Fong Date: Mon, 18 Jun 2012 11:52:31 -0400 Subject: audit: Uprev audit The recipe is derived from 2.1.3 with some changes made. 1. configuration files are updated to look for sbin binaries in /usr/sbin 2. a init.d file was derived from Debian to work with busybox's start-stop-daemon 3. the plugin package contents was fine tuned as some of the files from 2.1.3 were required to let audit run. Signed-off-by: Amy Fong Signed-off-by: Mark Hatle --- .../2.2.1-audit-for-cross-compiling.patch | 311 +++++++++++++++++++++ recipes-security/audit/audit-2.2.1/auditd | 152 ++++++++++ .../audit/audit-2.2.1/sbin-in-usr.patch | 33 +++ recipes-security/audit/audit_2.2.1.bb | 58 ++++ 4 files changed, 554 insertions(+) create mode 100644 recipes-security/audit/audit-2.2.1/2.2.1-audit-for-cross-compiling.patch create mode 100755 recipes-security/audit/audit-2.2.1/auditd create mode 100644 recipes-security/audit/audit-2.2.1/sbin-in-usr.patch create mode 100644 recipes-security/audit/audit_2.2.1.bb diff --git a/recipes-security/audit/audit-2.2.1/2.2.1-audit-for-cross-compiling.patch b/recipes-security/audit/audit-2.2.1/2.2.1-audit-for-cross-compiling.patch new file mode 100644 index 0000000..e2eea95 --- /dev/null +++ b/recipes-security/audit/audit-2.2.1/2.2.1-audit-for-cross-compiling.patch @@ -0,0 +1,311 @@ +Fix audit for cross compiling + +Add support for CC_FOR_BUILD to the gen_captabs_h.... + +Signed-off-by: Amy Fong +--- + auparse/Makefile.am | 44 ++++++++++++++++++++++++++++++++++++++++++++ + configure.ac | 9 +++++++++ + lib/Makefile.am | 32 ++++++++++++++++++++++++++++++++ + 3 files changed, 85 insertions(+) + +--- a/auparse/Makefile.am ++++ b/auparse/Makefile.am +@@ -58,114 +58,158 @@ + + gen_captabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h captab.h + gen_captabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="captab.h"' ++gen_captabs_h: $(gen_captabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_captabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + captabs.h: gen_captabs_h Makefile + ./gen_captabs_h --i2s cap > $@ + + gen_clock_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h clocktab.h + gen_clock_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="clocktab.h"' ++gen_clock_h: $(gen_clock_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_clock_h_CFLAGS) $(LDFLAGS) -o $@ $< + clocktabs.h: gen_clock_h Makefile + ./gen_clock_h --i2s clock > $@ + + gen_clone_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \ + clone-flagtab.h + gen_clone_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="clone-flagtab.h"' ++gen_clone-flagtabs_h: $(gen_clone_flagtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_clone_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + clone-flagtabs.h: gen_clone-flagtabs_h Makefile + ./gen_clone-flagtabs_h --i2s-transtab clone_flag > $@ + + gen_epoll_ctls_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h epoll_ctl.h + gen_epoll_ctls_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="epoll_ctl.h"' ++gen_epoll_ctls_h: $(gen_epoll_ctls_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_epoll_ctls_h_CFLAGS) $(LDFLAGS) -o $@ $< + epoll_ctls.h: gen_epoll_ctls_h Makefile + ./gen_epoll_ctls_h --i2s epoll_ctl > $@ + + gen_famtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h famtab.h + gen_famtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="famtab.h"' ++gen_famtabs_h: $(gen_famtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_famtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + famtabs.h: gen_famtabs_h Makefile + ./gen_famtabs_h --i2s fam > $@ + + gen_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h flagtab.h + # ../auparse/ is used to avoid using ../lib/flagtab.h + gen_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="../auparse/flagtab.h"' ++gen_flagtabs_h: $(gen_flagtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + flagtabs.h: gen_flagtabs_h Makefile + ./gen_flagtabs_h --i2s-transtab flag > $@ + + gen_fcntl_cmdtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \ + fcntl-cmdtab.h + gen_fcntl_cmdtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="fcntl-cmdtab.h"' ++gen_fcntl-cmdtabs_h: $(gen_fcntl_cmdtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_fcntl_cmdtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + fcntl-cmdtabs.h: gen_fcntl-cmdtabs_h Makefile + ./gen_fcntl-cmdtabs_h --i2s fcntl > $@ + + gen_icmptypetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h icmptypetab.h + gen_icmptypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="icmptypetab.h"' ++gen_icmptypetabs_h: $(gen_icmptypetabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_icmptypetabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + icmptypetabs.h: gen_icmptypetabs_h Makefile + ./gen_icmptypetabs_h --i2s icmptype > $@ + + gen_ipctabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ipctab.h + gen_ipctabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ipctab.h"' ++gen_ipctabs_h: $(gen_ipctabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_ipctabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + ipctabs.h: gen_ipctabs_h Makefile + ./gen_ipctabs_h --i2s ipc > $@ + + gen_mmaptabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h mmaptab.h + gen_mmaptabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="mmaptab.h"' ++gen_mmaptabs_h: $(gen_mmaptabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_mmaptabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + mmaptabs.h: gen_mmaptabs_h Makefile + ./gen_mmaptabs_h --i2s-transtab mmap > $@ + + gen_mounttabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h mounttab.h + gen_mounttabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="mounttab.h"' ++gen_mounttabs_h: $(gen_mounttabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_mounttabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + mounttabs.h: gen_mounttabs_h Makefile + ./gen_mounttabs_h --i2s-transtab mount > $@ + + gen_nfprototabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h nfprototab.h + gen_nfprototabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="nfprototab.h"' ++gen_nfprototabs_h: $(gen_nfprototabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_nfprototabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + nfprototabs.h: gen_nfprototabs_h Makefile + ./gen_nfprototabs_h --i2s nfproto > $@ + + gen_open_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \ + open-flagtab.h + gen_open_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="open-flagtab.h"' ++gen_open-flagtabs_h: $(gen_open_flagtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_open_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + open-flagtabs.h: gen_open-flagtabs_h Makefile + ./gen_open-flagtabs_h --i2s-transtab open_flag > $@ + + gen_persontabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h persontab.h + gen_persontabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="persontab.h"' ++gen_persontabs_h: $(gen_persontabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_persontabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + persontabs.h: gen_persontabs_h Makefile + ./gen_persontabs_h --i2s person > $@ + + gen_ptracetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ptracetab.h + gen_ptracetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ptracetab.h"' ++gen_ptracetabs_h: $(gen_ptracetabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_ptracetabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + ptracetabs.h: gen_ptracetabs_h Makefile + ./gen_ptracetabs_h --i2s ptrace > $@ + + gen_prottabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h prottab.h + gen_prottabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="prottab.h"' ++gen_prottabs_h: $(gen_prottabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_prottabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + prottabs.h: gen_prottabs_h Makefile + ./gen_prottabs_h --i2s-transtab prot > $@ + + gen_recvtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h recvtab.h + gen_recvtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="recvtab.h"' ++gen_recvtabs_h: $(gen_recvtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_recvtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + recvtabs.h: gen_recvtabs_h Makefile + ./gen_recvtabs_h --i2s-transtab recv > $@ + + gen_rlimit_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h rlimittab.h + gen_rlimit_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="rlimittab.h"' ++gen_rlimit_h: $(gen_rlimit_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_rlimit_h_CFLAGS) $(LDFLAGS) -o $@ $< + rlimittabs.h: gen_rlimit_h Makefile + ./gen_rlimit_h --i2s rlimit > $@ + + gen_signals_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h signaltab.h + gen_signals_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="signaltab.h"' ++gen_signals_h: $(gen_signals_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_signals_h_CFLAGS) $(LDFLAGS) -o $@ $< + signaltabs.h: gen_signals_h Makefile + ./gen_signals_h --i2s signal > $@ + + gen_socktabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h socktab.h + gen_socktabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="socktab.h"' ++gen_socktabs_h: $(gen_socktabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_socktabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + socktabs.h: gen_socktabs_h Makefile + ./gen_socktabs_h --i2s sock > $@ + + gen_socktypetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h socktypetab.h + gen_socktypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="socktypetab.h"' ++gen_socktypetabs_h: $(gen_socktypetabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_socktypetabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + socktypetabs.h: gen_socktypetabs_h Makefile + ./gen_socktypetabs_h --i2s sock_type > $@ + + gen_typetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h typetab.h + gen_typetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="typetab.h"' ++gen_typetabs_h: $(gen_typetabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../lib $(gen_typetabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + typetabs.h: gen_typetabs_h Makefile + ./gen_typetabs_h --s2i type > $@ +--- a/configure.ac ++++ b/configure.ac +@@ -104,6 +104,15 @@ + fi + AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes") + ++if test -z "$CC_FOR_BUILD"; then ++ if test "x$cross_compiling" = "xno"; then ++ CC_FOR_BUILD='$(CC)' ++ else ++ CC_FOR_BUILD=gcc ++ fi ++fi ++AC_SUBST(CC_FOR_BUILD) ++ + #gssapi + AC_ARG_ENABLE(gssapi_krb5, + [AS_HELP_STRING([--enable-gssapi-krb5],[Enable GSSAPI Kerberos 5 support @<:@default=no@:>@])], +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -60,12 +60,16 @@ + endif + gen_actiontabs_h_SOURCES = gen_tables.c gen_tables.h actiontab.h + gen_actiontabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="actiontab.h"' ++gen_actiontabs_h: $(gen_actiontabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_actiontabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + actiontabs.h: gen_actiontabs_h Makefile + ./gen_actiontabs_h --lowercase --i2s --s2i action > $@ + + if USE_ALPHA + gen_alpha_tables_h_SOURCES = gen_tables.c gen_tables.h alpha_table.h + gen_alpha_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="alpha_table.h"' ++gen_alpha_tables_h: $(gen_alpha_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_alpha_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + alpha_tables.h: gen_alpha_tables_h Makefile + ./gen_alpha_tables_h --lowercase --i2s --s2i alpha_syscall > $@ + endif +@@ -73,73 +77,101 @@ + if USE_ARMEB + gen_armeb_tables_h_SOURCES = gen_tables.c gen_tables.h armeb_table.h + gen_armeb_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="armeb_table.h"' ++gen_armeb_tables_h: $(gen_armeb_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_armeb_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + armeb_tables.h: gen_armeb_tables_h Makefile + ./gen_armeb_tables_h --lowercase --i2s --s2i armeb_syscall > $@ + endif + + gen_errtabs_h_SOURCES = gen_tables.c gen_tables.h errtab.h + gen_errtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="errtab.h"' ++gen_errtabs_h: $(gen_errtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_errtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + errtabs.h: gen_errtabs_h Makefile + ./gen_errtabs_h --duplicate-ints --uppercase --i2s --s2i err > $@ + + gen_fieldtabs_h_SOURCES = gen_tables.c gen_tables.h fieldtab.h + gen_fieldtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="fieldtab.h"' ++gen_fieldtabs_h: $(gen_fieldtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_fieldtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + fieldtabs.h: gen_fieldtabs_h Makefile + ./gen_fieldtabs_h --duplicate-ints --lowercase --i2s --s2i field > $@ + + gen_flagtabs_h_SOURCES = gen_tables.c gen_tables.h flagtab.h + gen_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="flagtab.h"' ++gen_flagtabs_h: $(gen_flagtabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_flagtabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + flagtabs.h: gen_flagtabs_h Makefile + ./gen_flagtabs_h --lowercase --i2s --s2i flag > $@ + + gen_ftypetabs_h_SOURCES = gen_tables.c gen_tables.h ftypetab.h + gen_ftypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ftypetab.h"' ++gen_ftypetabs_h: $(gen_ftypetabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_ftypetabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + ftypetabs.h: gen_ftypetabs_h Makefile + ./gen_ftypetabs_h --lowercase --i2s --s2i ftype > $@ + + gen_i386_tables_h_SOURCES = gen_tables.c gen_tables.h i386_table.h + gen_i386_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="i386_table.h"' ++gen_i386_tables_h: $(gen_i386_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_i386_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + i386_tables.h: gen_i386_tables_h Makefile + ./gen_i386_tables_h --duplicate-ints --lowercase --i2s --s2i \ + i386_syscall > $@ + + gen_ia64_tables_h_SOURCES = gen_tables.c gen_tables.h ia64_table.h + gen_ia64_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ia64_table.h"' ++gen_ia64_tables_h: $(gen_ia64_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_ia64_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + ia64_tables.h: gen_ia64_tables_h Makefile + ./gen_ia64_tables_h --lowercase --i2s --s2i ia64_syscall > $@ + + gen_machinetabs_h_SOURCES = gen_tables.c gen_tables.h machinetab.h + gen_machinetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="machinetab.h"' ++gen_machinetabs_h: $(gen_machinetabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_machinetabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + machinetabs.h: gen_machinetabs_h Makefile + ./gen_machinetabs_h --duplicate-ints --lowercase --i2s --s2i machine \ + > $@ + + gen_msg_typetabs_h_SOURCES = gen_tables.c gen_tables.h msg_typetab.h + gen_msg_typetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="msg_typetab.h"' ++gen_msg_typetabs_h: $(gen_msg_typetabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_msg_typetabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + msg_typetabs.h: gen_msg_typetabs_h Makefile + ./gen_msg_typetabs_h --uppercase --i2s --s2i msg_type > $@ + + gen_optabs_h_SOURCES = gen_tables.c gen_tables.h optab.h + gen_optabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="optab.h"' ++gen_optabs_h: $(gen_optabs_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_optabs_h_CFLAGS) $(LDFLAGS) -o $@ $< + optabs.h: gen_optabs_h Makefile + ./gen_optabs_h --i2s op > $@ + + gen_ppc_tables_h_SOURCES = gen_tables.c gen_tables.h ppc_table.h + gen_ppc_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ppc_table.h"' ++gen_ppc_tables_h: $(gen_ppc_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_ppc_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + ppc_tables.h: gen_ppc_tables_h Makefile + ./gen_ppc_tables_h --lowercase --i2s --s2i ppc_syscall > $@ + + gen_s390_tables_h_SOURCES = gen_tables.c gen_tables.h s390_table.h + gen_s390_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="s390_table.h"' ++gen_s390_tables_h: $(gen_s390_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_s390_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + s390_tables.h: gen_s390_tables_h Makefile + ./gen_s390_tables_h --lowercase --i2s --s2i s390_syscall > $@ + + gen_s390x_tables_h_SOURCES = gen_tables.c gen_tables.h s390x_table.h + gen_s390x_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="s390x_table.h"' ++gen_s390x_tables_h: $(gen_s390x_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_s390x_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + s390x_tables.h: gen_s390x_tables_h Makefile + ./gen_s390x_tables_h --lowercase --i2s --s2i s390x_syscall > $@ + + gen_x86_64_tables_h_SOURCES = gen_tables.c gen_tables.h x86_64_table.h + gen_x86_64_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="x86_64_table.h"' ++gen_x86_64_tables_h: $(gen_x86_64_tables_h_SOURCES) ++ $(CC_FOR_BUILD) -DHAVE_CONFIG_H -I. -I.. -I../auparse $(gen_x86_64_tables_h_CFLAGS) $(LDFLAGS) -o $@ $< + x86_64_tables.h: gen_x86_64_tables_h Makefile + ./gen_x86_64_tables_h --lowercase --i2s --s2i x86_64_syscall > $@ diff --git a/recipes-security/audit/audit-2.2.1/auditd b/recipes-security/audit/audit-2.2.1/auditd new file mode 100755 index 0000000..cda836a --- /dev/null +++ b/recipes-security/audit/audit-2.2.1/auditd @@ -0,0 +1,152 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: auditd +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Audit Daemon +# Description: Collects audit information from Linux 2.6 Kernels. +### END INIT INFO + +# Author: Philipp Matthias Hahn +# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init + +# June, 2012: Adopted for yocto + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="audit daemon" +NAME=auditd +DAEMON=/usr/sbin/auditd +PIDFILE=/var/run/"$NAME".pid +SCRIPTNAME=/etc/init.d/"$NAME" + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME" + +. /etc/default/rcS + +. /etc/init.d/functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \ + || return 1 + start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \ + $EXTRAOPTIONS \ + || return 2 + if [ -f /etc/audit/audit.rules ] + then + /usr/sbin/auditctl -R /etc/audit/audit.rules >/dev/null + fi +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon -K --quiet --pidfile "$PIDFILE" --name "$NAME" + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f "$PIDFILE" + rm -f /var/run/audit_events + # Remove watches so shutdown works cleanly + case "$AUDITD_CLEAN_STOP" in + no|NO) ;; + *) /usr/sbin/auditctl -D >/dev/null ;; + esac + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +if [ ! -e /var/log/audit ]; then + mkdir -p /var/log/audit +fi + +case "$1" in + start) + [ "$VERBOSE" != no ] && echo "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && echo 0 ;; + 2) [ "$VERBOSE" != no ] && echo 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && echo "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && echo 0 ;; + 2) [ "$VERBOSE" != no ] && echo 1 ;; + esac + ;; + reload|force-reload) + echo "Reloading $DESC" "$NAME" + do_reload + echo $? + ;; + restart) + echo "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) echo 0 ;; + 1) echo 1 ;; # Old process is still running + *) echo 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + echo 1 + ;; + esac + ;; + rotate) + echo "Rotating $DESC logs" "$NAME" + start-stop-daemon -K --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME" + echo $? + ;; + status) + pidofproc "$DAEMON" >/dev/null + status=$? + if [ $status -eq 0 ]; then + echo "$NAME is running." + else + echo "$NAME is not running." + fi + exit $status + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2 + exit 3 + ;; +esac + +: diff --git a/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch b/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch new file mode 100644 index 0000000..95f98a2 --- /dev/null +++ b/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch @@ -0,0 +1,33 @@ +Fix sbindir paths in config files + +Change the default PATH of apps to reflect the location of sbindir +in /usr/sbin + +Signed-off-by: Amy Fong +--- + audisp/plugins/remote/au-remote.conf | 2 +- + init.d/auditd.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/audisp/plugins/remote/au-remote.conf ++++ b/audisp/plugins/remote/au-remote.conf +@@ -5,7 +5,7 @@ + + active = no + direction = out +-path = /sbin/audisp-remote ++path = /usr/sbin/audisp-remote + type = always + #args = + format = string +--- a/init.d/auditd.conf ++++ b/init.d/auditd.conf +@@ -10,7 +10,7 @@ + freq = 20 + num_logs = 5 + disp_qos = lossy +-dispatcher = /sbin/audispd ++dispatcher = /usr/sbin/audispd + name_format = NONE + ##name = mydomain + max_log_file = 6 diff --git a/recipes-security/audit/audit_2.2.1.bb b/recipes-security/audit/audit_2.2.1.bb new file mode 100644 index 0000000..8fb9e03 --- /dev/null +++ b/recipes-security/audit/audit_2.2.1.bb @@ -0,0 +1,58 @@ +SUMMARY = "User space tools for kernel auditing" +DESCRIPTION = "The audit package contains the user space utilities for \ +storing and searching the audit records generated by the audit subsystem \ +in the Linux kernel." +HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" +SECTION = "base" +PR = "r1" +LICENSE = "GPLv2+ & LGPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" + +SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ + file://disable-ldap.patch \ + file://audit-python.patch" + +SRC_URI += "file://2.2.1-audit-for-cross-compiling.patch file://sbin-in-usr.patch file://auditd" + +inherit autotools + +SRC_URI[md5sum] = "dc099fcb2f9242d47ecc35b46d71dfd1" +SRC_URI[sha256sum] = "9865ca89f5b975ccf25441ddf45a874448f2bba944005aa8cd5e3c3148713a63" + +DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)" + +EXTRA_OECONF += "--without-prelude --with-libwrap --enable-gssapi-krb5=no --disable-ldap --with-libcap-ng=yes --with-python=yes" + +EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' PYINC='${STAGING_INCDIR}/$(PYLIBVER)'" + +SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +interface to the audit system, audispd. These plugins can do things \ +like relay events to remote machines or analyze events for suspicious \ +behavior." + +PACKAGES =+ "audispd-plugins ${PN}-libs" +PACKAGES += "${PN}-python" + +FILES_${PN}-libs += "${sysconfdir}/libaudit.conf ${libdir}/libaudit.so.1* ${libdir}/libauparse.so.*" +FILES_${PN} += "${bindir} ${sbindir}" +FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ + ${sysconfdir}/audisp/plugins.d/au-remote.conf \ + ${base_sbindir}/audisp-remote ${localstatedir}/spool/audit \ + ${mandir}/man8/audisp-remote.8 ${mandir}/man5/audisp-remote.conf.5" +FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" + +do_install_append() { + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la + + # reuse auditd config + [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default + mv ${D}/etc/sysconfig/auditd ${D}/etc/default + rmdir ${D}/etc/sysconfig/ + + # replace init.d + install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd + rm -rf ${D}/etc/rc.d +} -- cgit v1.2.3-54-g00ecf