Commit 2a11831e authored by Tycho Andersen's avatar Tycho Andersen Committed by Ariadne Conill

testing/audit: initial import

An initial import of the audit daemon, libraries, and utilities.
Signed-off-by: default avatarTycho Andersen <tycho@docker.com>
parent eeb569f3
From 12e2693a4868c7f925ad528bb1dafd15d80616bb Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho@docker.com>
Date: Mon, 13 Mar 2017 22:44:19 +0000
Subject: [PATCH 1/3] auditctl: include headers to make build work with musl
technically select is defined in sys/select.h, and `struct timeval`
requires sys/time.h
Signed-off-by: Tycho Andersen <tycho@docker.com>
---
src/auditctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/auditctl.c b/src/auditctl.c
index e112b16..11d2dc7 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -32,6 +32,8 @@
#include <ctype.h>
#include <unistd.h>
#include <sys/utsname.h>
+#include <sys/select.h>
+#include <sys/time.h>
#include <fcntl.h>
#include <errno.h>
#include <libgen.h> /* For basename */
--
2.11.1
From d28763047fd0937a4f150402d2760b3ddcd3a651 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho@docker.com>
Date: Mon, 13 Mar 2017 16:17:10 -0700
Subject: [PATCH 2/3] auparse: remove use of rawmemchr
just iterate over the string instead, it's much simpler and doesn't use a
glibc extension.
Signed-off-by: Tycho Andersen <tycho@docker.com>
---
auparse/interpret.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 1f517d7..57da00c 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -803,10 +803,9 @@ static const char *print_proctitle(const char *val)
size_t len = strlen(val) / 2;
const char *end = out + len;
char *ptr = out;
- while ((ptr = rawmemchr(ptr, '\0'))) {
- if (ptr >= end)
- break;
- *ptr = ' ';
+ while (ptr < end) {
+ if (*ptr == '\0')
+ *ptr = ' ';
ptr++;
}
}
--
2.11.1
From f45e805033c6aed205863d87fe56f5bc7e6fd0c4 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho@docker.com>
Date: Mon, 13 Mar 2017 16:40:08 -0700
Subject: [PATCH 3/3] all: get rid of strndupa
in one case (src/auditd.c) we don't even need to allocate a buffer, in the
other two we do it in two steps to avoid using a non-standard function.
Signed-off-by: Tycho Andersen <tycho@docker.com>
---
auparse/auparse.c | 6 ++++--
src/auditd.c | 10 +++++-----
src/ausearch-lol.c | 6 ++++--
3 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 3677ad7..b428330 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -1096,10 +1096,12 @@ static int extract_timestamp(const char *b, au_event_t *e)
int rc = 1;
e->host = NULL;
+
+ tmp = alloca(340);
if (*b == 'n')
- tmp = strndupa(b, 340);
+ tmp = strncpy(tmp, b, 340);
else
- tmp = strndupa(b, 80);
+ tmp = strncpy(tmp, b, 80);
ptr = audit_strsplit(tmp);
if (ptr) {
// Optionally grab the node - may or may not be included
diff --git a/src/auditd.c b/src/auditd.c
index 3f0162d..a1c2c51 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -185,7 +185,7 @@ static void child_handler2( int sig )
static int extract_type(const char *str)
{
- const char *tptr, *ptr2, *ptr = str;
+ const char *ptr2, *ptr = str;
if (*str == 'n') {
ptr = strchr(str+1, ' ');
if (ptr == NULL)
@@ -194,12 +194,12 @@ static int extract_type(const char *str)
}
// ptr should be at 't'
ptr2 = strchr(ptr, ' ');
- // get type=xxx in a buffer
- tptr = strndupa(ptr, ptr2 - ptr);
+
// find =
- str = strchr(tptr, '=');
- if (str == NULL)
+ str = strchr(ptr, '=');
+ if (str == NULL || str >= ptr2)
return -1; // Malformed - bomb out
+
// name is 1 past
str++;
return audit_name_to_msg_type(str);
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index b1aec06..5d461b0 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -135,10 +135,12 @@ static int extract_timestamp(const char *b, event *e)
char *ptr, *tmp, *tnode, *ttype;
e->node = NULL;
+
+ tmp = alloca(340);
if (*b == 'n')
- tmp = strndupa(b, 340);
+ tmp = strncpy(tmp, b, 340);
else
- tmp = strndupa(b, 80);
+ tmp = strncpy(tmp, b, 80);
ptr = audit_strsplit(tmp);
if (ptr) {
// Check to see if this is the node info
--
2.11.1
# Maintainer: Tycho Andersen <tycho@docker.com>
pkgname=audit
pkgver=2.7.2
pkgrel=0
pkgdesc="User space tools for 2.6 kernel auditing"
url="http://people.redhat.com/sgrubb/audit/"
arch="all"
license="GPLv2+"
depends=""
depends_dev=""
makedepends="$depends_dev linux-headers libcap-ng-dev python3"
install=""
subpackages="$pkgname-dev $pkgname-doc"
source="http://people.redhat.com/sgrubb/audit/audit-$pkgver.tar.gz
0001-auditctl-include-headers-to-make-build-work-with-mus.patch
0002-auparse-remove-use-of-rawmemchr.patch
0003-all-get-rid-of-strndupa.patch
"
builddir="$srcdir/audit-$pkgver"
build() {
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--localstatedir=/var \
--disable-zos-remote \
--enable-shared=audit \
|| return 1
make || return 1
make DESTDIR="$pkgdir" install || return 1
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install || return 1
}
sha512sums="a3974547a6da15e87c9070f3aa8a40232555afbd8d6cdf41e6d3c2a059f766ae75febbe8ff72fdadb522222eefda08e55f10dd8d20a3cee2625a6048d38c152b audit-2.7.2.tar.gz
9070de8b9d778c2907adfcb78a02c3a243ed1951d399184679518493a7eca1560878616ace1f661005bda9384e8fc6fde103298c9c57d8883786210939927ecc 0001-auditctl-include-headers-to-make-build-work-with-mus.patch
bede955da1a31b42fbb259ea88cfca97e9a4263987e5982eeeee78a74524ce5f819872cbf404551dcce490ad188cd6a0eee65312ca7665c295581801c92bbb05 0002-auparse-remove-use-of-rawmemchr.patch
41c50d8203ba8d31bd0e4fbcacbf9f15d6d83aae77660d815aecfe75e0cd40e587730becb725431f0416da14468b85c7a13739040498869d64a30ef0602081c1 0003-all-get-rid-of-strndupa.patch"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment