mirror of
https://github.com/hanwckf/immortalwrt-mt798x.git
synced 2025-01-09 02:43:53 +08:00
audit: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [fix build with GCC 10 and disable MIPS16 as build emits sync instruction] Signed-off-by: W. Michael Petullo <mike@flyn.org>
This commit is contained in:
parent
2f0d672088
commit
73912b850b
127
package/utils/audit/Makefile
Normal file
127
package/utils/audit/Makefile
Normal file
@ -0,0 +1,127 @@
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=audit
|
||||
PKG_VERSION:=2.8.5
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://people.redhat.com/sgrubb/audit
|
||||
PKG_HASH:=0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7
|
||||
|
||||
PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
||||
PKG_FIXUP:=autoreconf
|
||||
|
||||
PKG_USE_MIPS16:=0
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/audit/Default
|
||||
SECTION:=utils
|
||||
TITLE:=Audit Daemon
|
||||
URL:=http://people.redhat.com/sgrubb/audit/
|
||||
endef
|
||||
|
||||
define Package/audit/Default/description
|
||||
The audit package contains the user space utilities for
|
||||
storing and searching the audit records generated by
|
||||
the audit subsystem in the Linux 2.6 kernel
|
||||
endef
|
||||
|
||||
define Package/libaudit
|
||||
$(call Package/audit/Default)
|
||||
CATEGORY:=Libraries
|
||||
TITLE+= (library)
|
||||
DEPENDS:=+@KERNEL_AUDIT
|
||||
endef
|
||||
|
||||
define Package/libaudit/description
|
||||
$(call Package/audit/Default/description)
|
||||
This package contains the audit shared library.
|
||||
endef
|
||||
|
||||
define Package/audit
|
||||
$(call Package/audit/Default)
|
||||
CATEGORY:=Utilities
|
||||
TITLE+= (daemon)
|
||||
DEPENDS:= +libaudit
|
||||
endef
|
||||
|
||||
define Package/audit/description
|
||||
$(call Package/audit/Default/description)
|
||||
This package contains the audit daemon.
|
||||
endef
|
||||
|
||||
CONFIGURE_VARS += \
|
||||
LDFLAGS_FOR_BUILD="$(HOST_LDFLAGS)" \
|
||||
CPPFLAGS_FOR_BUILD="$(HOST_CPPFLAGS)" \
|
||||
CFLAGS_FOR_BUILD="$(HOST_CFLAGS)" \
|
||||
CC_FOR_BUILD="$(HOSTCC)"
|
||||
|
||||
CONFIGURE_ARGS += \
|
||||
--without-libcap-ng \
|
||||
--disable-systemd \
|
||||
--without-python \
|
||||
--without-python3 \
|
||||
--disable-zos-remote
|
||||
|
||||
ifeq ($(ARCH),aarch64)
|
||||
CONFIGURE_ARGS += --with-aarch64
|
||||
else ifeq ($(ARCH),arm)
|
||||
CONFIGURE_ARGS += --with-arm
|
||||
endif
|
||||
|
||||
# We can't use the default, as the default passes $(MAKE_ARGS), which
|
||||
# overrides CC, CFLAGS, etc. and defeats the *_FOR_BUILD definitions
|
||||
# passed in CONFIGURE_VARS
|
||||
define Build/Compile
|
||||
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH)
|
||||
endef
|
||||
|
||||
define Build/Install
|
||||
$(call Build/Install/Default,install)
|
||||
$(SED) 's%^dispatcher *=.*%dispatcher = /usr/sbin/audispd%' $(PKG_INSTALL_DIR)/etc/audit/auditd.conf
|
||||
endef
|
||||
|
||||
define Build/InstallDev
|
||||
$(INSTALL_DIR) $(1)/usr/include
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
|
||||
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
|
||||
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig/
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
|
||||
endef
|
||||
|
||||
define Package/libaudit/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so.* $(1)/usr/lib/
|
||||
$(INSTALL_DIR) $(1)/etc
|
||||
$(CP) $(PKG_INSTALL_DIR)/etc/libaudit.conf $(1)/etc/
|
||||
endef
|
||||
|
||||
define Package/audit/install
|
||||
$(INSTALL_DIR) $(1)/usr/bin
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/* $(1)/usr/sbin/
|
||||
$(INSTALL_DIR) $(1)/etc/audit
|
||||
$(CP) $(PKG_INSTALL_DIR)/etc/audit/* $(1)/etc/audit/
|
||||
$(INSTALL_DIR) $(1)/etc/init.d
|
||||
$(INSTALL_BIN) ./files/audit.init $(1)/etc/init.d/audit
|
||||
endef
|
||||
|
||||
include $(INCLUDE_DIR)/host-build.mk
|
||||
|
||||
HOST_CONFIGURE_ARGS += \
|
||||
--without-python \
|
||||
--without-python3 \
|
||||
--disable-zos-remote \
|
||||
--without-libcap-ng
|
||||
|
||||
$(eval $(call HostBuild))
|
||||
$(eval $(call BuildPackage,libaudit))
|
||||
$(eval $(call BuildPackage,audit))
|
16
package/utils/audit/files/audit.init
Normal file
16
package/utils/audit/files/audit.init
Normal file
@ -0,0 +1,16 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (c) 2014 OpenWrt.org
|
||||
|
||||
START=11
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/auditd
|
||||
|
||||
start_service() {
|
||||
mkdir -p /var/log/audit
|
||||
procd_open_instance
|
||||
procd_set_param command "$PROG" -n
|
||||
procd_set_param respawn
|
||||
procd_close_instance
|
||||
test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules
|
||||
}
|
@ -0,0 +1,133 @@
|
||||
From c39a071e7c021f6ff3554aca2758e97b47a9777c Mon Sep 17 00:00:00 2001
|
||||
From: Steve Grubb <sgrubb@redhat.com>
|
||||
Date: Tue, 26 Feb 2019 18:33:33 -0500
|
||||
Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
|
||||
|
||||
(cherry picked from commit d579a08bb1cde71f939c13ac6b2261052ae9f77e)
|
||||
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
||||
---
|
||||
auparse/auparse.c | 12 +++++++++++-
|
||||
auparse/interpret.c | 9 ++++++++-
|
||||
configure.ac | 14 +++++++++++++-
|
||||
src/ausearch-lol.c | 12 +++++++++++-
|
||||
4 files changed, 43 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/auparse/auparse.c b/auparse/auparse.c
|
||||
index 650db02..2e1c737 100644
|
||||
--- a/auparse/auparse.c
|
||||
+++ b/auparse/auparse.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/* auparse.c --
|
||||
- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
|
||||
+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
|
||||
* All Rights Reserved.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifndef HAVE_STRNDUPA
|
||||
+static inline char *strndupa(const char *old, size_t n)
|
||||
+{
|
||||
+ size_t len = strnlen(old, n);
|
||||
+ char *tmp = alloca(len + 1);
|
||||
+ tmp[len] = 0;
|
||||
+ return memcpy(tmp, old, len);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/* Returns 0 on success and 1 on error */
|
||||
static int extract_timestamp(const char *b, au_event_t *e)
|
||||
{
|
||||
diff --git a/auparse/interpret.c b/auparse/interpret.c
|
||||
index 51c4a5e..67b7b77 100644
|
||||
--- a/auparse/interpret.c
|
||||
+++ b/auparse/interpret.c
|
||||
@@ -853,6 +853,13 @@ err_out:
|
||||
return print_escaped(id->val);
|
||||
}
|
||||
|
||||
+// rawmemchr is faster. Let's use it if we have it.
|
||||
+#ifdef HAVE_RAWMEMCHR
|
||||
+#define STRCHR rawmemchr
|
||||
+#else
|
||||
+#define STRCHR strchr
|
||||
+#endif
|
||||
+
|
||||
static const char *print_proctitle(const char *val)
|
||||
{
|
||||
char *out = (char *)print_escaped(val);
|
||||
@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
|
||||
// Proctitle has arguments separated by NUL bytes
|
||||
// We need to write over the NUL bytes with a space
|
||||
// so that we can see the arguments
|
||||
- while ((ptr = rawmemchr(ptr, '\0'))) {
|
||||
+ while ((ptr = STRCHR(ptr, '\0'))) {
|
||||
if (ptr >= end)
|
||||
break;
|
||||
*ptr = ' ';
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 6e345f1..6f3007e 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1,7 +1,7 @@
|
||||
dnl
|
||||
define([AC_INIT_NOTICE],
|
||||
[### Generated automatically using autoconf version] AC_ACVERSION [
|
||||
-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
|
||||
+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
|
||||
###
|
||||
### Permission is hereby granted, free of charge, to any person obtaining a
|
||||
### copy of this software and associated documentation files (the "Software"),
|
||||
@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
|
||||
AC_CHECK_FUNCS([posix_fallocate])
|
||||
dnl; signalfd is needed for libev
|
||||
AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
|
||||
+dnl; check if rawmemchr is available
|
||||
+AC_CHECK_FUNCS([rawmemchr])
|
||||
+dnl; check if strndupa is available
|
||||
+AC_LINK_IFELSE(
|
||||
+ [AC_LANG_SOURCE(
|
||||
+ [[
|
||||
+ #define _GNU_SOURCE
|
||||
+ #include <string.h>
|
||||
+ int main() { (void) strndupa("test", 10); return 0; }]])],
|
||||
+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
|
||||
+ []
|
||||
+)
|
||||
|
||||
ALLWARNS=""
|
||||
ALLDEBUG="-g"
|
||||
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
|
||||
index 5d17a72..758c33e 100644
|
||||
--- a/src/ausearch-lol.c
|
||||
+++ b/src/ausearch-lol.c
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* ausearch-lol.c - linked list of linked lists library
|
||||
-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
|
||||
+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
|
||||
* All Rights Reserved.
|
||||
*
|
||||
* This software may be freely redistributed and/or modified under the
|
||||
@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifndef HAVE_STRNDUPA
|
||||
+static inline char *strndupa(const char *old, size_t n)
|
||||
+{
|
||||
+ size_t len = strnlen(old, n);
|
||||
+ char *tmp = alloca(len + 1);
|
||||
+ tmp[len] = 0;
|
||||
+ return memcpy(tmp, old, len);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* This function will look at the line and pick out pieces of it.
|
||||
*/
|
||||
--
|
||||
2.21.0
|
||||
|
26
package/utils/audit/patches/0002-fix-gcc-10.patch
Normal file
26
package/utils/audit/patches/0002-fix-gcc-10.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 017e6c6ab95df55f34e339d2139def83e5dada1f Mon Sep 17 00:00:00 2001
|
||||
From: Steve Grubb <sgrubb@redhat.com>
|
||||
Date: Fri, 10 Jan 2020 21:13:50 -0500
|
||||
Subject: [PATCH 01/30] Header definitions need to be external when building
|
||||
with -fno-common (which is default in GCC 10) - Tony Jones
|
||||
|
||||
---
|
||||
src/ausearch-common.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ausearch-common.h b/src/ausearch-common.h
|
||||
index 6669203..3040547 100644
|
||||
--- a/src/ausearch-common.h
|
||||
+++ b/src/ausearch-common.h
|
||||
@@ -50,7 +50,7 @@ extern pid_t event_pid;
|
||||
extern int event_exact_match;
|
||||
extern uid_t event_uid, event_euid, event_loginuid;
|
||||
extern const char *event_tuid, *event_teuid, *event_tauid;
|
||||
-slist *event_node_list;
|
||||
+extern slist *event_node_list;
|
||||
extern const char *event_comm;
|
||||
extern const char *event_filename;
|
||||
extern const char *event_hostname;
|
||||
--
|
||||
2.26.2
|
||||
|
Loading…
x
Reference in New Issue
Block a user