Get this into shape for full usage with OpenRC, and also the pending cleanup for the package.mask. Please see the new configuration options in the conf.d file. The upstream AUDITD_CLEAN_STOP and AUDITD_STOP_DISABLE sysconfig options are represented by the audit.rules.stop.pre sequence now.

Package-Manager: portage-2.2.0_alpha51/cvs/Linux x86_64

7 files changed, 171 insertions, 11 deletions

diff --git a/sys-process/audit/ChangeLog b/sys-process/audit/ChangeLog
index a4e053327fc2..f5fe17d81935 100644
--- a/sys-process/audit/ChangeLog
+++ b/sys-process/audit/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-process/audit
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.70 2011/09/10 19:06:09 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/ChangeLog,v 1.71 2011/09/11 02:58:55 robbat2 Exp $
+
+  11 Sep 2011; Robin H. Johnson <robbat2@gentoo.org>
+  +files/auditd-conf.d-2.1.3, +files/auditd-init.d-2.1.3, audit-2.1.3.ebuild,
+  files/audit.rules, files/audit.rules.stop.pre, +files/audit.rules-2.1.3:
+  Get this into shape for full usage with OpenRC, and also the pending cleanup
+  for the package.mask. Please see the new configuration options in the conf.d
+  file. The upstream AUDITD_CLEAN_STOP and AUDITD_STOP_DISABLE sysconfig
+  options are represented by the audit.rules.stop.pre sequence now.
 
 *audit-2.1.3 (10 Sep 2011)
 
diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest
index e74ee54de39f..cc6258d22204 100644
--- a/sys-process/audit/Manifest
+++ b/sys-process/audit/Manifest
@@ -7,11 +7,14 @@ AUX audit-1.7.4-python.patch 456 RMD160 b370a77902853dd2280cffe452a33969adb3a360
 AUX audit-2.0.5-python.patch 891 RMD160 8daf1f6a8abcb27dcbf4385674410d242df19220 SHA1 648b746db899c0d37f19ded2f022f69a9e96d494 SHA256 b5d82e670f9ac8c6640ba1155a77e0f6b6f93acd90efb89747aca636d7b68022
 AUX audit-2.1.3-python.patch 1353 RMD160 3dc8679764a86731958a5f02635247cd6912d5c8 SHA1 0a84b7da7278efa6ccc0d63afb5e7d91e6eb560f SHA256 de214516fc107d8bfb19fcaf39d87776d9655a153e8e8b993a725f34dbe91ce5
 AUX audit.rules 997 RMD160 bfa56758dd5f2caa8835f8d01a465124f4591c69 SHA1 f487461c83c6a732ebbe2c9811911550c92468ec SHA256 adc4779fd55919ca32b2de0d955779b7950a159c449a46ea7c0c6654a9049ee9
+AUX audit.rules-2.1.3 1126 RMD160 86276a53794fc4a04d404864fd2ca549683e28e8 SHA1 fcde9504e0fbcb9336763d9290cb37da49f8de91 SHA256 8bf7f9cac7d2a47d3ff51d2a2b227588820831b5ef7c2e3d058b097d4d65eeb0
 AUX audit.rules.stop.post 573 RMD160 2e6503fc7ee07c4c1e58fb9ddf4b13eec6d95044 SHA1 4ef80c15f2792f17c1764eb2e21654ede46e482d SHA256 4c2e0be1a63b6800396e31153a899d4e3f2db1cee41b4dd271064dc97521edfe
-AUX audit.rules.stop.pre 500 RMD160 6b56a9522e140b48b7f7e67570596ba298a51dc7 SHA1 032921fc3ee730139b39f019b0268a2f1b1962ad SHA256 044cf06cea49f9d38ea114eb16b0a1428465fa2158aea713ef92e67e07e13c48
+AUX audit.rules.stop.pre 547 RMD160 ce008974cc3eb2e5374a4f59c800ba912ae6c4fb SHA1 07a3dfaabc8d9c77eb2e3be980185e5ad5f71180 SHA256 ec2c402d3d2b886c680259145696ad46c451dd1aed533906fdac69e30123c35f
 AUX auditd-conf.d-1.2.3 686 RMD160 7963d2ac1ec7878db5fc29b6512742ceb0bc2ef5 SHA1 95f171317014f6e2435186953ad21d68a7f3f471 SHA256 5e0ffdc1c446bb906d25c977b0e9adb813610a15dc4d60b52d25026816adb602
+AUX auditd-conf.d-2.1.3 853 RMD160 78cdecdb71a0f0869aead9d815adb34a6db2db8d SHA1 859a169f2074cd41bfc9fd15cbe2a1292644a223 SHA256 f64186229238dd589b1fa5f72503000628b8f4f6655bdc3105b2fdbb17f6458f
 AUX auditd-init.d-1.2.3 1136 RMD160 ceddd2ce12be248183722b59240d662f507a16eb SHA1 f6fa0da5640bfa234219ebd3304d9f343c97371c SHA256 fd5e01b4aa83d848a2e97832b0ff0610610b7857ec7f0201f0f7cbeff8eec725
 AUX auditd-init.d-1.7.17 1229 RMD160 49b33955cf69f406108eb8f4cd0a153a16a6d22c SHA1 25c65e51c48c18a06f88a19c2ade5d1961c24a0d SHA256 1976ffb5182d54bb441ba7e6d1b0db263bc244a7f0b8ba6802dfe29be1984b56
+AUX auditd-init.d-2.1.3 2341 RMD160 3a49345f2012b67ddece27fb1b3f1e988457c1d7 SHA1 245356e09ca29357294980c8ceecf5f162d9d0c4 SHA256 5a280585adb9b2d4fa2742b5e94c4eb1517fe4c5d8d79c7ec349fe11d19af6a5
 DIST audit-1.7.17.tar.gz 1565919 RMD160 d9d23d7b8c28c178fd79bece9c8026bcc9494500 SHA1 1e6513d2e8956c87bd5bf5df9cb41e685330000b SHA256 da0f2135ca6fe221adfd7a6e2372038a52e5ee1d001f8e2752d2cf016a9f24af
 DIST audit-1.7.4.tar.gz 840298 RMD160 08d57fc039021f05763920603c435747fe51c954 SHA1 5348fc1f310fd8eb068480c6b6d61e3c24c58207 SHA256 db5412852aa36ee25eb174e4f4a4676cc2d0b93cbe41a740eebf903b49b4d593
 DIST audit-2.0.5.tar.gz 810519 RMD160 2c64ba9586bd9651931c96afe9d2aa9468696658 SHA1 09e88eebb465cf66c1e1b084a6e907cf945164e4 SHA256 1ef85e606a0fda21596577f5c205c0df7eb56d7cffbb84aeeeb72ce44e61a83b
@@ -19,6 +22,6 @@ DIST audit-2.1.3.tar.gz 833647 RMD160 b5118fae12ddf9599c379119acc9daec100796b7 S
 EBUILD audit-1.7.17.ebuild 3346 RMD160 b5c544dc6fabcd53b41732ff048e5e72de240c0c SHA1 2d78c68e01c87e85a18aa637a602f84f170d24f9 SHA256 5eaf81304400e87f962628df06287ca6e985658c0a2c1994cf837451f4f2399a
 EBUILD audit-1.7.4.ebuild 3384 RMD160 c680813cb5e99b721b38024ebd8c8744c1bbd0cb SHA1 b95a1b28acba22c5f27f770bb931a0d7902c38f7 SHA256 e82051d0cf59e54257458472854b04b31eb9ba7f478932c0499f16e4d751ad94
 EBUILD audit-2.0.5.ebuild 4235 RMD160 93dd6229c74b20a1a9c3c7a636bb5713a09cb372 SHA1 30471958c72b79c7cb2c3616871d4d0fc735b056 SHA256 a2fe1f5883de2f8fede4d07ce30c45faf5d44e84b2a9e7cd2d1dcc3967836be2
-EBUILD audit-2.1.3.ebuild 4240 RMD160 a293aea648e34981726fdeecac975d0f36808e98 SHA1 c4e61d371e917cc362092e4732c938bfbb0e5882 SHA256 c441c8cc34494128ed1580f3d857b80b7284ac8a0e041699da456fa68477ea31
-MISC ChangeLog 10983 RMD160 696dcb70447df453458ebf66c26641940fc4c6e9 SHA1 7d9f5fa525a24803358290b2e8b1c8ed88a99dd9 SHA256 74e82cb0b0c4623a6ecb4b5a656d56fc4817ca5b8660aa5722a1b1a36f26bc36
+EBUILD audit-2.1.3.ebuild 4268 RMD160 4481961d9445a65e238495f87347ad13e5180997 SHA1 a3bc45879b09e9d878637f38bd463428df01bf4a SHA256 e01a63f012037946d8a46b830d40748fc54ee9a4aa2194b61acc7953c17b0fcb
+MISC ChangeLog 11489 RMD160 bebbdf2fede1965e7e8bb6dbcbe5085591990c4a SHA1 ba96595ea18685561e80744ee9e4ae2b8f581683 SHA256 fae73d9dccb8393a80ab1ca5a907f35c56d8f41c51ee8b3ff24a406c6c3d9e32
 MISC metadata.xml 231 RMD160 e78f0580e975fa82702433055e1498b0d9228104 SHA1 de14a9907da991c933aed57aeba714d7b7ce28c6 SHA256 f62f6487425736b6d2f27bb84ee09ccee245c1abf74462b6fbcb90f2c368ad2e
diff --git a/sys-process/audit/audit-2.1.3.ebuild b/sys-process/audit/audit-2.1.3.ebuild
index 12902d29f61f..062b9a788c4c 100644
--- a/sys-process/audit/audit-2.1.3.ebuild
+++ b/sys-process/audit/audit-2.1.3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3.ebuild,v 1.1 2011/09/10 19:06:09 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3.ebuild,v 1.2 2011/09/11 02:58:55 robbat2 Exp $
 
 EAPI="3"
 PYTHON_DEPEND="2"
@@ -50,7 +50,6 @@ src_prepare() {
 		"${S}"/configure.ac || die
 	sed -i \
 		-e 's,system-config-audit,,g' \
-		-e '/^SUBDIRS/s,\\$,,g' \
 		"${S}"/Makefile.am || die
 	rm -rf "${S}"/system-config-audit
 
@@ -126,8 +125,8 @@ src_install() {
 	docinto contrib/plugin
 	dodoc contrib/plugin/*
 
-	newinitd "${FILESDIR}"/auditd-init.d-1.7.17 auditd
-	newconfd "${FILESDIR}"/auditd-conf.d-1.2.3 auditd
+	newinitd "${FILESDIR}"/auditd-init.d-2.1.3 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
 
 	# things like shadow use this so we need to be in /
 	dodir /$(get_libdir)
@@ -139,7 +138,8 @@ src_install() {
 
 	# Gentoo rules
 	insinto /etc/audit/
-	doins "${FILESDIR}"/audit.rules*
+	newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+	doins "${FILESDIR}"/audit.rules.stop*
 
 	# audit logs go here
 	keepdir /var/log/audit/
diff --git a/sys-process/audit/files/audit.rules-2.1.3 b/sys-process/audit/files/audit.rules-2.1.3
new file mode 100644
index 000000000000..b2b4f02f12f1
--- /dev/null
+++ b/sys-process/audit/files/audit.rules-2.1.3
@@ -0,0 +1,26 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a exit,always -S all
+
+# Increase the buffers to survive stress events
+-b 8192
+
+# vim:ft=conf:
diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre
index c404b515d8e1..c5fb4f9444ae 100644
--- a/sys-process/audit/files/audit.rules.stop.pre
+++ b/sys-process/audit/files/audit.rules.stop.pre
@@ -1,6 +1,6 @@
-# Copyright 1999-2005 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.2 2011/09/11 02:58:55 robbat2 Exp $
 #
 # This file contains the auditctl rules that are loaded immediately before the
 # audit deamon is stopped via the initscripts.
@@ -10,4 +10,7 @@
 # auditd is stopping, don't capture events anymore
 -D
 
+# Disable kernel generating audit events
+-e 0
+
 # vim:ft=conf:
diff --git a/sys-process/audit/files/auditd-conf.d-2.1.3 b/sys-process/audit/files/auditd-conf.d-2.1.3
new file mode 100644
index 000000000000..b5f389eaf596
--- /dev/null
+++ b/sys-process/audit/files/auditd-conf.d-2.1.3
@@ -0,0 +1,23 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
+
+# If you want to enforce a certain locale for auditd, 
+# uncomment one of the next lines:
+#AUDITD_LANG=none
+AUDITD_LANG=C
+#AUDITD_LANG=en_US
+#AUDITD_LANG=en_US.UTF-8
diff --git a/sys-process/audit/files/auditd-init.d-2.1.3 b/sys-process/audit/files/auditd-init.d-2.1.3
new file mode 100644
index 000000000000..6ac218d67225
--- /dev/null
+++ b/sys-process/audit/files/auditd-init.d-2.1.3
@@ -0,0 +1,97 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+
+extra_started_commands='reload reload_auditd reload_rules'
+description='Linux Auditing System'
+description_reload='Reload daemon configuration and rules'
+description_reload_rules='Reload daemon rules'
+description_reload_auditd='Reload daemon configuration'
+
+name='auditd'
+pidfile='/var/run/auditd.pid'
+command='/sbin/auditd'
+
+start_auditd() {
+	# Env handling taken from the upstream init script
+    if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+        unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+    else
+        LANG="$AUDITD_LANG"
+        LC_TIME="$AUDITD_LANG"
+        LC_ALL="$AUDITD_LANG"
+        LC_MESSAGES="$AUDITD_LANG"
+        LC_NUMERIC="$AUDITD_LANG"
+        LC_MONETARY="$AUDITD_LANG"
+        LC_COLLATE="$AUDITD_LANG"
+        export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+    fi  
+	unset HOME MAIL USER USERNAME
+
+	ebegin "Starting ${name}"
+	start-stop-daemon \
+		--start --quiet --pidfile ${pidfile} \
+		--exec ${command} -- ${EXTRAOPTIONS}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+stop_auditd() {	
+	ebegin "Stopping ${name}"
+	start-stop-daemon --stop --quiet --pidfile ${pidfile}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+
+loadfile() {
+	local rules="$1"
+	if [ -n "${rules}" -a -f "${rules}" ]; then
+		einfo "Loading audit rules from ${rules}"
+		/sbin/auditctl -R "${rules}" 1>/dev/null
+		return $?
+	else
+		return 0
+	fi
+}
+
+start() {
+	start_auditd
+	local ret=$?
+	if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
+		touch /var/lock/subsys/${name}
+		loadfile "${RULEFILE_STARTUP}"
+	fi
+	return $ret
+}
+
+reload_rules() {
+	loadfile "${RULEFILE_STARTUP}"
+}
+
+reload_auditd() {
+	[ -f ${pidfile} ] && kill -HUP `cat ${pidfile}`
+}
+
+reload() {
+	reload_auditd
+	reload_rules
+}
+
+stop() {
+	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
+	stop_auditd
+	rm -f /var/lock/subsys/${name}
+	local ret=$?
+	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
+	return $ret
+}
+
+# This is a special case, we do not want to touch the rules at all
+restart() {
+	stop_auditd
+	start_auditd
+}