Version bump to 1.2.3. The kernel is close to being usable, I've now been able to use this for the first time in a very long way.

(Portage version: 2.1.1_pre1-r1)

9 files changed, 218 insertions, 1 deletions

diff --git a/sys-process/audit/ChangeLog b/sys-process/audit/ChangeLog
index 0929aea3d567..74f354d21215 100644
--- a/sys-process/audit/ChangeLog
+++ b/sys-process/audit/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-process/audit
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.11 2006/04/19 23:17:16 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.12 2006/06/22 07:41:46 robbat2 Exp $
+
+*audit-1.2.3 (22 Jun 2006)
+
+  22 Jun 2006; Robin H. Johnson <robbat2@gentoo.org>
+  +files/auditd-conf.d-1.2.3, +files/auditd-init.d-1.2.3,
+  +files/audit-1.2.3-syscall-partial.patch, +files/audit.rules,
+  +files/audit.rules.stop.post, +files/audit.rules.stop.pre,
+  +audit-1.2.3.ebuild:
+  Version bump to 1.2.3. The kernel is close to being usable, I've now been
+  able to use this for the first time in a very long way.
 
 *audit-1.2.1 (19 Apr 2006)
 *audit-1.1.6 (19 Apr 2006)
diff --git a/sys-process/audit/audit-1.2.3.ebuild b/sys-process/audit/audit-1.2.3.ebuild
new file mode 100644
index 000000000000..7c8099708a4c
--- /dev/null
+++ b/sys-process/audit/audit-1.2.3.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-1.2.3.ebuild,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+
+inherit eutils autotools
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records."
+HOMEPAGE="http://people.redhat.com/sgrubb/audit/"
+SRC_URI="${HOMEPAGE}${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="-*"
+IUSE=""
+
+RDEPEND=">=dev-lang/python-2.4"
+DEPEND="${RDEPEND}
+		dev-lang/swig
+		>=sys-kernel/linux-headers-2.6.17_p3"
+# Do not use os-headers as this is linux specific
+# linux-headers 2.6.17_p3 is NOT in the tree yet.
+# It is basically linux-headers-2.6.17 + patch-2.6.17-git3 - 2.6.16-appCompat.patch
+
+src_unpack() {
+	unpack ${A} || die "unpack failed"
+	epatch ${FILESDIR}/${P}-syscall-partial.patch
+	cd ${S} || die "cd '${S}' failed"
+	eautoreconf || die "eautoreconf failed"
+}
+
+src_compile() {
+	econf --sbindir=/sbin --libdir=/lib || die "econf failed"
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	dodir /usr/lib
+	mv ${D}/lib/*.a ${D}/usr/lib
+	rm -rf ${D}/lib/*.la ${D}/usr/lib/*.la
+	gen_usr_ldscript libaudit.so libauparse.so
+	# remove RedHat garbage
+	rm -rf ${D}/etc/rc.d ${D}/etc/sysconfig
+	# docs
+	dodoc AUTHORS ChangeLog README* THANKS TODO sample.rules contrib/*
+	# scripts
+	newinitd ${FILESDIR}/auditd-init.d-1.2.3 auditd
+	newconfd ${FILESDIR}/auditd-conf.d-1.2.3 auditd
+	# Gentoo rules
+	insinto /etc/audit/
+	doins ${FILESDIR}/audit.rules*
+	# audit logs go here
+	keepdir /var/log/audit/
+	# Security
+	lockdown_perms ${D}
+}
+
+pkg_postinst() {
+	lockdown_perms /
+}
+
+lockdown_perms() {
+	# upstream wants these to have restrictive perms
+	basedir="$1"
+	chmod 0750 ${basedir}/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null
+	chmod 0750 ${basedir}/var/log/audit/ 2>/dev/null
+	chmod 0640 ${basedir}/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null
+}
diff --git a/sys-process/audit/files/audit-1.2.3-syscall-partial.patch b/sys-process/audit/files/audit-1.2.3-syscall-partial.patch
new file mode 100644
index 000000000000..1b70589901e5
--- /dev/null
+++ b/sys-process/audit/files/audit-1.2.3-syscall-partial.patch
@@ -0,0 +1,11 @@
+--- audit-1.2.3/lib/libaudit.h~	2006-05-24 08:19:30.000000000 -0700
++++ audit-1.2.3/lib/libaudit.h	2006-06-21 23:01:18.219583784 -0700
+@@ -91,6 +91,8 @@
+ #define AUDIT_FS_INODE		1308	/* File system inode */
+ #ifndef AUDIT_EXECVE
+ #define AUDIT_EXECVE		1309
++#endif
++#ifndef AUDIT_SYSCALL_PARTIAL
+ #define AUDIT_SYSCALL_PARTIAL   1310    /* Partial syscall event */
+ #endif
+ #ifndef AUDIT_IPC_SET_PERM
diff --git a/sys-process/audit/files/audit.rules b/sys-process/audit/files/audit.rules
new file mode 100644
index 000000000000..9d9578ec1867
--- /dev/null
+++ b/sys-process/audit/files/audit.rules
@@ -0,0 +1,25 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+# -a entry,never -S read -S write -S open -S fstat -S fstat64 -S mmap -S brk -S munmap -S _llseek -S nanosleep -S fcntl64 -S close -S dup2 -S rt_sigaction -S stat64 -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a entry,always -S all
+
+# Increase the buffers to survive stress events
+-b 256
+
+# vim:ft=conf:
diff --git a/sys-process/audit/files/audit.rules.stop.post b/sys-process/audit/files/audit.rules.stop.post
new file mode 100644
index 000000000000..34db08cdfcfd
--- /dev/null
+++ b/sys-process/audit/files/audit.rules.stop.post
@@ -0,0 +1,13 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.post,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately after the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# Not used for the default Gentoo configuration as of v1.2.3
+# Paranoid security types might wish to reconfigure kauditd here.
+
+# vim:ft=conf:
diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre
new file mode 100644
index 000000000000..c404b515d8e1
--- /dev/null
+++ b/sys-process/audit/files/audit.rules.stop.pre
@@ -0,0 +1,13 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately before the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# auditd is stopping, don't capture events anymore
+-D
+
+# vim:ft=conf:
diff --git a/sys-process/audit/files/auditd-conf.d-1.2.3 b/sys-process/audit/files/auditd-conf.d-1.2.3
new file mode 100644
index 000000000000..e7222866187d
--- /dev/null
+++ b/sys-process/audit/files/auditd-conf.d-1.2.3
@@ -0,0 +1,16 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-1.2.3,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
diff --git a/sys-process/audit/files/auditd-init.d-1.2.3 b/sys-process/audit/files/auditd-init.d-1.2.3
new file mode 100644
index 000000000000..862a6bea9177
--- /dev/null
+++ b/sys-process/audit/files/auditd-init.d-1.2.3
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-1.2.3,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+
+start_auditd() {
+	ebegin "Starting auditd"
+	start-stop-daemon \
+		--start --quiet --pidfile /var/run/auditd.pid \
+		--exec /sbin/auditd -- ${EXTRAOPTIONS}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+stop_auditd() {	
+	ebegin "Stopping auditd"
+	start-stop-daemon \
+		--stop --quiet --pidfile /var/run/auditd.pid
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+
+loadfile() {
+	local rules="$1"
+	if [ -n "${rules}" -a -f "${rules}" ]; then
+		einfo "Loading audit rules from ${rules}"
+		/sbin/auditctl -R "${rules}" 1>/dev/null
+		return $?
+	else
+		return 0
+	fi
+}
+
+start() {
+	start_auditd
+	local ret=$?
+	if [ $ret -eq 0 ]; then
+		loadfile "${RULEFILE_STARTUP}"
+	fi
+	return $ret
+}
+
+stop() {
+	loadfile "${RULEFILE_STOP_PRE}"
+	stop_auditd
+	local ret=$?
+	loadfile "${RULEFILE_STOP_POST}"
+	return $ret
+}
+
+# This is a special case, we do not want to touch the rules at all
+restart() {
+	stop_auditd
+	start_auditd
+}
diff --git a/sys-process/audit/files/digest-audit-1.2.3 b/sys-process/audit/files/digest-audit-1.2.3
new file mode 100644
index 000000000000..3363ed812850
--- /dev/null
+++ b/sys-process/audit/files/digest-audit-1.2.3
@@ -0,0 +1,3 @@
+MD5 a121e66bf44a65af3c4a04220a176d2e audit-1.2.3.tar.gz 276977
+RMD160 2fbc483dbff0ad5cd4022b4ccb5d3c082cccc0ef audit-1.2.3.tar.gz 276977
+SHA256 3bb70258c9e5ae2a0ebc43dc96542cd5494e169dc0d03d91bd9a7cd2a9f37b25 audit-1.2.3.tar.gz 276977