diff options
Diffstat (limited to 'meta-oe/recipes-security/audit')
5 files changed, 363 insertions, 0 deletions
diff --git a/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch b/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch new file mode 100644 index 0000000000..f2755d5c08 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch @@ -0,0 +1,57 @@ +From 5cdc667aeb7a014cdc1f8c7df8f8080408773dbe Mon Sep 17 00:00:00 2001 +From: Li xin <lixin.fnst@cn.fujitsu.com> +Date: Sun, 19 Jul 2015 02:42:58 +0900 +Subject: [PATCH] Fixed swig host contamination issue + +The audit build uses swig to generate a python wrapper. +Unfortunately, the swig info file references host include +directories. Some of these were previously noticed and +eliminated, but the one fixed here was not. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> +Signed-off-by: Joe Slater <jslater@windriver.com> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bindings/swig/python3/Makefile.am | 3 ++- + bindings/swig/src/auditswig.i | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am +index c2c6def4..bcc2836c 100644 +--- a/bindings/swig/python3/Makefile.am ++++ b/bindings/swig/python3/Makefile.am +@@ -23,6 +23,7 @@ + CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) + AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) ++STDINC ?= /usr/include + LIBS = $(top_builddir)/lib/libaudit.la + SWIG_FLAGS = -python + SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/audit_logging.h ${top_builddir}/lib/li + _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la + nodist__audit_la_SOURCES = audit_wrap.c + audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i +- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i ++ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i + + CLEANFILES = audit.py* audit_wrap.c *~ + +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i +index 6b267844..5a4e442f 100644 +--- a/bindings/swig/src/auditswig.i ++++ b/bindings/swig/src/auditswig.i +@@ -50,7 +50,7 @@ typedef unsigned uid_t; + */ + %ignore audit_rule_data::buf; + +-%include "/usr/include/linux/audit.h" ++%include "../lib/audit.h" + #define __extension__ /*nothing*/ + %include <stdint.i> + %include "../lib/audit-records.h" +-- +2.25.1 + diff --git a/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch b/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch new file mode 100644 index 0000000000..b1f324f22d --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch @@ -0,0 +1,49 @@ +From 88c9b2c5cebebf13f90890baebbadc60d9fe8d16 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 9 Aug 2022 23:57:03 -0700 +Subject: [PATCH] Replace __attribute_malloc__ with __attribute__((__malloc__)) + +__attribute_malloc__ is not available on musl + +Fixes +| ../../git/auparse/auparse.h:54:2: error: expected function body after function declarator +| __attribute_malloc__ __attr_dealloc (auparse_destroy, 1); +| ^ + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + audisp/plugins/remote/queue.h | 2 +- + auparse/auparse.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/audisp/plugins/remote/queue.h b/audisp/plugins/remote/queue.h +index 36b70d04..031507dc 100644 +--- a/audisp/plugins/remote/queue.h ++++ b/audisp/plugins/remote/queue.h +@@ -53,7 +53,7 @@ void q_close(struct queue *q); + * On error, return NULL and set errno. */ + struct queue *q_open(int q_flags, const char *path, size_t num_entries, + size_t entry_size) +- __attribute_malloc__ __attr_dealloc (q_close, 1) __wur; ++ __attribute__((__malloc__)) __attr_dealloc (q_close, 1) __wur; + + /* Add DATA to tail of Q. Return 0 on success, -1 on error and set errno. */ + int q_append(struct queue *q, const char *data); +diff --git a/auparse/auparse.h b/auparse/auparse.h +index c27f1ff9..87c52965 100644 +--- a/auparse/auparse.h ++++ b/auparse/auparse.h +@@ -55,7 +55,7 @@ typedef void (*auparse_callback_ptr)(auparse_state_t *au, + void auparse_destroy(auparse_state_t *au); + void auparse_destroy_ext(auparse_state_t *au, auparse_destroy_what_t what); + auparse_state_t *auparse_init(ausource_t source, const void *b) +- __attribute_malloc__ __attr_dealloc (auparse_destroy, 1); ++ __attribute__((__malloc__)) __attr_dealloc (auparse_destroy, 1); + int auparse_new_buffer(auparse_state_t *au, const char *data, size_t data_len) + __attr_access ((__read_only__, 2, 3)); + int auparse_feed(auparse_state_t *au, const char *data, size_t data_len) +-- +2.25.1 + diff --git a/meta-oe/recipes-security/audit/audit/audit-volatile.conf b/meta-oe/recipes-security/audit/audit/audit-volatile.conf new file mode 100644 index 0000000000..9cbe1547a3 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/audit-volatile.conf @@ -0,0 +1 @@ +d /var/log/audit 0750 root root - diff --git a/meta-oe/recipes-security/audit/audit/auditd b/meta-oe/recipes-security/audit/audit/auditd new file mode 100644 index 0000000000..6aa7f94751 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/auditd @@ -0,0 +1,153 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: auditd +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Audit Daemon +# Description: Collects audit information from Linux 2.6 Kernels. +### END INIT INFO + +# Author: Philipp Matthias Hahn <pmhahn@debian.org> +# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init + +# June, 2012: Adopted for yocto <amy.fong@windriver.com> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="audit daemon" +NAME=auditd +DAEMON=/sbin/auditd +PIDFILE=/var/run/"$NAME".pid +SCRIPTNAME=/etc/init.d/"$NAME" + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME" + +. /etc/default/rcS + +. /etc/init.d/functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \ + || return 1 + start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \ + $EXTRAOPTIONS \ + || return 2 + if [ -f /etc/audit/audit.rules ] + then + /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + fi +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon -K --quiet --pidfile "$PIDFILE" --name "$NAME" + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f "$PIDFILE" + rm -f /var/run/audit_events + # Remove watches so shutdown works cleanly + case "$AUDITD_CLEAN_STOP" in + no|NO) ;; + *) /sbin/auditctl -D >/dev/null ;; + esac + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +if [ ! -e /var/log/audit ]; then + mkdir -p /var/log/audit + [ -x /sbin/restorecon ] && /sbin/restorecon -F $(readlink -f /var/log/audit) +fi + +case "$1" in + start) + [ "$VERBOSE" != no ] && echo "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && echo 0 ;; + 2) [ "$VERBOSE" != no ] && echo 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && echo "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && echo 0 ;; + 2) [ "$VERBOSE" != no ] && echo 1 ;; + esac + ;; + reload|force-reload) + echo "Reloading $DESC" "$NAME" + do_reload + echo $? + ;; + restart) + echo "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) echo 0 ;; + 1) echo 1 ;; # Old process is still running + *) echo 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + echo 1 + ;; + esac + ;; + rotate) + echo "Rotating $DESC logs" "$NAME" + start-stop-daemon -K --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME" + echo $? + ;; + status) + pidofproc "$DAEMON" >/dev/null + status=$? + if [ $status -eq 0 ]; then + echo "$NAME is running." + else + echo "$NAME is not running." + fi + exit $status + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2 + exit 3 + ;; +esac + +: diff --git a/meta-oe/recipes-security/audit/audit_4.0.1.bb b/meta-oe/recipes-security/audit/audit_4.0.1.bb new file mode 100644 index 0000000000..c189cfea55 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit_4.0.1.bb @@ -0,0 +1,103 @@ +SUMMARY = "User space tools for kernel auditing" +DESCRIPTION = "The audit package contains the user space utilities for \ +storing and searching the audit records generated by the audit subsystem \ +in the Linux kernel." +HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" +SECTION = "base" +LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" + +SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \ + file://0001-Fixed-swig-host-contamination-issue.patch \ + file://auditd \ + file://audit-volatile.conf \ + " + +SRC_URI:append:libc-musl = " file://0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch" + +S = "${WORKDIR}/git" +SRCREV = "22ccbd984e493524050ac445f796e9a7e90e1149" + +inherit autotools python3targetconfig update-rc.d systemd + +UPDATERCPN = "auditd" +INITSCRIPT_NAME = "auditd" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_PACKAGES = "auditd" +SYSTEMD_SERVICE:auditd = "auditd.service audit-rules.service" + +DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native python3-setuptools-native coreutils-native" + +EXTRA_OECONF = " \ + --with-libwrap \ + --with-libcap-ng \ + --with-python3 \ + --with-arm \ + --with-aarch64 \ + --without-golang \ + --disable-gssapi-krb5 \ + --disable-zos-remote \ + --sbindir=${base_sbindir} \ + --runstatedir=/run \ + " + +EXTRA_OEMAKE = " \ + PYTHON=python3 \ + pythondir=${PYTHON_SITEPACKAGES_DIR} \ + pyexecdir=${PYTHON_SITEPACKAGES_DIR} \ + STDINC='${STAGING_INCDIR}' \ + " + +SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +interface to the audit system, audispd. These plugins can do things \ +like relay events to remote machines or analyze events for suspicious \ +behavior." + +PACKAGES =+ "audispd-plugins" +PACKAGES += "auditd ${PN}-python" + +FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*" +FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit-rules/* ${libexecdir}/*" +FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ + ${sysconfdir}/audit/plugins.d/au-remote.conf \ + ${sysconfdir}/audit/plugins.d/syslog.conf \ + ${base_sbindir}/audisp-remote \ + ${base_sbindir}/audisp-syslog \ + ${localstatedir}/spool/audit \ + " +FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" + +CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" + +do_configure:prepend() { + sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h + sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h +} + +do_install:append() { + sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h + + # Install default rules + install -d -m 750 ${D}/etc/audit + install -d -m 750 ${D}/etc/audit/rules.d + + install -m 0640 ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules + + # Based on the audit.spec "Copy default rules into place on new installation" + install -m 0640 ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -D -m 0644 ${UNPACKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/audit.conf + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -D -m 0755 ${UNPACKDIR}/auditd ${D}/etc/init.d/auditd + rm -rf ${D}${libdir}/systemd + fi + + # Create /var/spool/audit directory for audisp-remote + install -d -m 0700 ${D}${localstatedir}/spool/audit +} |