current/SPECS/audit.spec

%define major 1
%define libname %mklibname audit %{major}
%define develname %mklibname audit -d

%define auparsemajor     0
%define auparselibname   %mklibname auparse %{auparsemajor}
%define auparsedevelname %mklibname auparse -d

Summary:        User-space tools for Linux 2.6 kernel auditing
Name:           audit
Version:        2.8.5
Release:        %mkrel 1
License:        LGPLv2+
Group:          System/Base
URL:            http://people.redhat.com/sgrubb/audit/
Source0:        http://people.redhat.com/sgrubb/audit/audit-%{version}.tar.gz
Source1:        %{name}-tmpfiles.conf
BuildRequires:  gettext-devel
BuildRequires:  glibc-devel >= 2.6
BuildRequires:  intltool
BuildRequires:  pkgconfig(libcap-ng)
BuildRequires:  libtool
BuildRequires:  openldap-devel
BuildRequires:  pkgconfig(libprelude) >= 0.9.16
BuildRequires:  pkgconfig(python)
BuildRequires:  python3-devel
BuildRequires:  swig
BuildRequires:  tcp_wrappers-devel
# for macro definition:
BuildRequires:  pkgconfig(systemd)
Requires(preun): rpm-helper
Requires(post): rpm-helper
Requires(postun):rpm-helper
Requires:       tcp_wrappers

%description
The audit package contains the user space utilities for storing and searching
the audit records generate by the audit subsystem in the Linux 2.6 kernel.

%package -n     %{libname}
Summary:        Main libraries for %{name}
Group:          System/Libraries

%description -n %{libname}
This package contains the main libraries for %{name}.

%package -n     %{develname}
Summary:        Development files for %{name}
Group:          Development/C
Requires:       %{libname} = %{version}-%{release}
Provides:       libaudit-devel = %{version}-%{release}
Provides:       audit-devel = %{version}-%{release}
Provides:       audit-libs-devel = %{version}-%{release}

%description -n %{develname}
This package contains development files for %{name}.

%package -n     %{auparselibname}
Summary:        Main libraries for %{name}
Group:          System/Libraries

%description -n %{auparselibname}
This package contains the main auparse libraries for %{name}.

%package -n     %{auparsedevelname}
Summary:        Development files for %{name}
Group:          Development/C
Requires:       %{auparselibname} = %{version}-%{release}
Provides:       auparse-devel = %{version}-%{release}


%description -n %{auparsedevelname}
This package contains development files for %{name}.

%package -n     python2-audit
Summary:        Python2 bindings for %{name}
Group:          Development/Python

Obsoletes:      python-audit < 2.8.4-5
Provides:       python-audit = %{version}-%{release}

%description -n python2-audit
This package contains python2 bindings for %{name}.

%package -n     python3-audit
Summary:        Python3 bindings for libaudit
License:        LGPLv2+
Group:          Development/Python
Requires:       %{name} = %{version}-%{release}
Requires:       %{libname} = %{version}-%{release}

%description -n python3-audit
The python3-audit package contains the bindings so that libaudit
and libauparse can be used by python3.

%package -n     audispd-plugins
Summary:        Plugins for the audit event dispatcher
Group:          System/Base
Requires:       %{name} = %{version}

%description -n audispd-plugins
The audispd-plugins package provides plugins for the real-time interface to the
audit system, audispd. These plugins can do things like relay events to remote
machines.

%package -n     audispd-plugins-zos
Summary:        z/OS plugin for the audit event dispatcher
Group:          System/Base
Requires:       %{name} = %{version}
Requires:       openldap

%description -n audispd-plugins-zos
The audispd-plugins-zos package provides a plugin that will forward all
incoming audit events, as they happen, to a configured z/OS SMF (Service
Management Facility) database, through an IBM Tivoli Directory Server
(ITDS) set for Remote Audit service.

%prep
%setup -q

find -type d -name ".libs" | xargs rm -rf

#fix build with new automake
sed -i -e 's,AM_CONFIG_HEADER,AC_CONFIG_HEADERS,g' configure.*

#fix runstatedir
sed -i -e 's,/var/run,%{_rundir},g' $(grep -rl /var/run)

%build
%serverbuild
autoreconf -fvi

%configure2_5x \
    --disable-static \
    --with-prelude \
    --with-libwrap \
    --enable-gssapi-krb5=no \
    --with-libcap-ng=yes \
    --enable-systemd \
    --with-python3=yes

%make_build

%install
%{__install} -d %{buildroot}%{_var}/log/audit
%{__install} -d %{buildroot}%{_libdir}/audit
%{__install} -d %{buildroot}%{_var}/spool/audit
%{__install} -D -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf

%make_install

# uneeded files
find %{buildroot} -name "*.la" -delete

%post
# Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then
# FESCO asked for audit to be off by default. #1117953
        if [ -e /usr/share/doc/audit/rules/10-no-audit.rules ] ; then
                cp /usr/share/doc/audit/rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
        else
                touch /etc/audit/rules.d/audit.rules
        fi
        chmod 0600 /etc/audit/rules.d/audit.rules
fi

%_tmpfilescreate %{name}

## This hack is because the auditd.service needs to be started before sysinit.target. So let's just enable and start
## the service manually after installation. This needs to be revisited after our %%_post_service has been adjusted
systemctl enable -q auditd.service
systemctl start -q auditd.service
# %%_post_service auditd.service

%preun
## For some unknow reason "systemctl stop" doesn't work so use "systemctl kill" instead:
## Failed to stop auditd.service: Operation refused, unit auditd.service may be requested
## by dependency only.
systemctl kill -q auditd.service
systemctl disable -q auditd.service


%files
%doc README ChangeLog rules init.d/auditd.cron
%attr(644,root,root) %{_unitdir}/auditd.service
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload
%attr(0750,root,root) %dir %{_sysconfdir}/audit
%attr(0750,root,root) %dir %{_sysconfdir}/audisp
%attr(0750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/auditd.conf
%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit.rules
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit-stop.rules
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audispd.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
%attr(0750,root,root) %{_sbindir}/audispd
%attr(0755,root,root) %{_sbindir}/auditctl
%attr(0755,root,root) %{_sbindir}/auditd
%attr(0750,root,root) %{_sbindir}/autrace
%attr(0755,root,root) %{_sbindir}/aureport
%attr(0755,root,root) %{_sbindir}/ausearch
%attr(0755,root,root) %{_sbindir}/augenrules
%attr(0755,root,root) %{_bindir}/aulastlog
%attr(0755,root,root) %{_bindir}/aulast
%attr(0755,root,root) %{_bindir}/ausyscall
%attr(7555,root,root) %{_bindir}/auvirt
%attr(0644,root,root) %{_mandir}/man5/audispd.conf.5*
%attr(0644,root,root) %{_mandir}/man5/auditd.conf.5*
%attr(0644,root,root) %{_mandir}/man5/ausearch-expression.5*
%attr(0644,root,root) %{_mandir}/man7/audit.rules.7*
%attr(0644,root,root) %{_mandir}/man8/audispd.8*
%attr(0644,root,root) %{_mandir}/man8/auditctl.8*
%attr(0644,root,root) %{_mandir}/man8/auditd.8*
%attr(0644,root,root) %{_mandir}/man8/aulast.8*
%attr(0644,root,root) %{_mandir}/man8/aulastlog.8*
%attr(6444,root,root) %{_mandir}/man8/auvirt.8.*
%attr(6444,root,root) %{_mandir}/man8/augenrules.8*
%attr(0644,root,root) %{_mandir}/man8/aureport.8*
%attr(0644,root,root) %{_mandir}/man8/ausearch.8*
%attr(0644,root,root) %{_mandir}/man8/ausyscall.8*
%attr(0644,root,root) %{_mandir}/man8/autrace.8*
%attr(0700,root,root) %dir %{_var}/log/audit
%{_tmpfilesdir}/%{name}.conf

%files -n %{libname}
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/libaudit.conf
%{_libdir}/libaudit.so.%{major}{,.*}
%attr(0644,root,root) %{_mandir}/man5/libaudit.conf.5*

%files -n %{develname}
%doc ChangeLog contrib/skeleton.c contrib/plugin
%{_libdir}/libaudit.so
%{_includedir}/libaudit.h
%{_datadir}/aclocal/audit.m4
%{_libdir}/pkgconfig/audit.pc
%{_libdir}/pkgconfig/auparse.pc
%{_mandir}/man3/audit_*
%{_mandir}/man3/ausearch_*
%{_mandir}/man3/get_auditfail_action.3*
%{_mandir}/man3/set_aumessage_mode.3*

%files -n %{auparselibname}
%{_libdir}/libauparse.so.%{auparsemajor}{,.*}

%files -n %{auparsedevelname}
%doc ChangeLog contrib/skeleton.c contrib/plugin
%{_libdir}/libauparse.so
%{_includedir}/auparse-defs.h
%{_includedir}/auparse.h
%{_mandir}/man3/auparse_*

%files -n python2-audit
%{python2_sitearch}/*.so
%{python2_sitearch}/audit.p*

%files -n python3-audit
%{python3_sitearch}/*

%files -n audispd-plugins
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-prelude.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
%attr(0750,root,root) %{_sbindir}/audisp-prelude
%attr(0750,root,root) %{_sbindir}/audisp-remote
%attr(0644,root,root) %{_mandir}/man5/audisp-prelude.conf.5*
%attr(0644,root,root) %{_mandir}/man5/audisp-remote.conf.5*
%attr(0644,root,root) %{_mandir}/man8/audisp-prelude.8*
%attr(0644,root,root) %{_mandir}/man8/audisp-remote.8*
%attr(0750,root,root) %dir %{_var}/spool/audit

%files -n audispd-plugins-zos
%attr(0644,root,root) %{_mandir}/man8/audispd-zos-remote.8*
%attr(0644,root,root) %{_mandir}/man5/zos-remote.conf.5*
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
%attr(0750,root,root) %{_sbindir}/audispd-zos-remote
1	%define major 1
2	%define libname %mklibname audit %{major}
3	%define develname %mklibname audit -d
4
5	%define auparsemajor 0
6	%define auparselibname %mklibname auparse %{auparsemajor}
7	%define auparsedevelname %mklibname auparse -d
8
9	Summary: User-space tools for Linux 2.6 kernel auditing
10	Name: audit
11	Version: 2.8.5
12	Release: %mkrel 1
13	License: LGPLv2+
14	Group: System/Base
15	URL: http://people.redhat.com/sgrubb/audit/
16	Source0: http://people.redhat.com/sgrubb/audit/audit-%{version}.tar.gz
17	Source1: %{name}-tmpfiles.conf
18	BuildRequires: gettext-devel
19	BuildRequires: glibc-devel >= 2.6
20	BuildRequires: intltool
21	BuildRequires: pkgconfig(libcap-ng)
22	BuildRequires: libtool
23	BuildRequires: openldap-devel
24	BuildRequires: pkgconfig(libprelude) >= 0.9.16
25	BuildRequires: pkgconfig(python)
26	BuildRequires: python3-devel
27	BuildRequires: swig
28	BuildRequires: tcp_wrappers-devel
29	# for macro definition:
30	BuildRequires: pkgconfig(systemd)
31	Requires(preun): rpm-helper
32	Requires(post): rpm-helper
33	Requires(postun):rpm-helper
34	Requires: tcp_wrappers
35
36	%description
37	The audit package contains the user space utilities for storing and searching
38	the audit records generate by the audit subsystem in the Linux 2.6 kernel.
39
40	%package -n %{libname}
41	Summary: Main libraries for %{name}
42	Group: System/Libraries
43
44	%description -n %{libname}
45	This package contains the main libraries for %{name}.
46
47	%package -n %{develname}
48	Summary: Development files for %{name}
49	Group: Development/C
50	Requires: %{libname} = %{version}-%{release}
51	Provides: libaudit-devel = %{version}-%{release}
52	Provides: audit-devel = %{version}-%{release}
53	Provides: audit-libs-devel = %{version}-%{release}
54
55	%description -n %{develname}
56	This package contains development files for %{name}.
57
58	%package -n %{auparselibname}
59	Summary: Main libraries for %{name}
60	Group: System/Libraries
61
62	%description -n %{auparselibname}
63	This package contains the main auparse libraries for %{name}.
64
65	%package -n %{auparsedevelname}
66	Summary: Development files for %{name}
67	Group: Development/C
68	Requires: %{auparselibname} = %{version}-%{release}
69	Provides: auparse-devel = %{version}-%{release}
70
71
72	%description -n %{auparsedevelname}
73	This package contains development files for %{name}.
74
75	%package -n python2-audit
76	Summary: Python2 bindings for %{name}
77	Group: Development/Python
78
79	Obsoletes: python-audit < 2.8.4-5
80	Provides: python-audit = %{version}-%{release}
81
82	%description -n python2-audit
83	This package contains python2 bindings for %{name}.
84
85	%package -n python3-audit
86	Summary: Python3 bindings for libaudit
87	License: LGPLv2+
88	Group: Development/Python
89	Requires: %{name} = %{version}-%{release}
90	Requires: %{libname} = %{version}-%{release}
91
92	%description -n python3-audit
93	The python3-audit package contains the bindings so that libaudit
94	and libauparse can be used by python3.
95
96	%package -n audispd-plugins
97	Summary: Plugins for the audit event dispatcher
98	Group: System/Base
99	Requires: %{name} = %{version}
100
101	%description -n audispd-plugins
102	The audispd-plugins package provides plugins for the real-time interface to the
103	audit system, audispd. These plugins can do things like relay events to remote
104	machines.
105
106	%package -n audispd-plugins-zos
107	Summary: z/OS plugin for the audit event dispatcher
108	Group: System/Base
109	Requires: %{name} = %{version}
110	Requires: openldap
111
112	%description -n audispd-plugins-zos
113	The audispd-plugins-zos package provides a plugin that will forward all
114	incoming audit events, as they happen, to a configured z/OS SMF (Service
115	Management Facility) database, through an IBM Tivoli Directory Server
116	(ITDS) set for Remote Audit service.
117
118	%prep
119	%setup -q
120
121	find -type d -name ".libs" \| xargs rm -rf
122
123	#fix build with new automake
124	sed -i -e 's,AM_CONFIG_HEADER,AC_CONFIG_HEADERS,g' configure.*
125
126	#fix runstatedir
127	sed -i -e 's,/var/run,%{_rundir},g' $(grep -rl /var/run)
128
129	%build
130	%serverbuild
131	autoreconf -fvi
132
133	%configure2_5x \
134	--disable-static \
135	--with-prelude \
136	--with-libwrap \
137	--enable-gssapi-krb5=no \
138	--with-libcap-ng=yes \
139	--enable-systemd \
140	--with-python3=yes
141
142	%make_build
143
144	%install
145	%{__install} -d %{buildroot}%{_var}/log/audit
146	%{__install} -d %{buildroot}%{_libdir}/audit
147	%{__install} -d %{buildroot}%{_var}/spool/audit
148	%{__install} -D -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
149
150	%make_install
151
152	# uneeded files
153	find %{buildroot} -name "*.la" -delete
154
155	%post
156	# Copy default rules into place on new installation
157	files=`ls /etc/audit/rules.d/ 2>/dev/null \| wc -w`
158	if [ "$files" -eq 0 ] ; then
159	# FESCO asked for audit to be off by default. #1117953
160	if [ -e /usr/share/doc/audit/rules/10-no-audit.rules ] ; then
161	cp /usr/share/doc/audit/rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
162	else
163	touch /etc/audit/rules.d/audit.rules
164	fi
165	chmod 0600 /etc/audit/rules.d/audit.rules
166	fi
167
168	%_tmpfilescreate %{name}
169
170	## This hack is because the auditd.service needs to be started before sysinit.target. So let's just enable and start
171	## the service manually after installation. This needs to be revisited after our %%_post_service has been adjusted
172	systemctl enable -q auditd.service
173	systemctl start -q auditd.service
174	# %%_post_service auditd.service
175
176	%preun
177	## For some unknow reason "systemctl stop" doesn't work so use "systemctl kill" instead:
178	## Failed to stop auditd.service: Operation refused, unit auditd.service may be requested
179	## by dependency only.
180	systemctl kill -q auditd.service
181	systemctl disable -q auditd.service
182
183
184	%files
185	%doc README ChangeLog rules init.d/auditd.cron
186	%attr(644,root,root) %{_unitdir}/auditd.service
187	%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
188	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
189	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
190	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
191	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
192	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart
193	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
194	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload
195	%attr(0750,root,root) %dir %{_sysconfdir}/audit
196	%attr(0750,root,root) %dir %{_sysconfdir}/audisp
197	%attr(0750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
198	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/auditd.conf
199	%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
200	%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit.rules
201	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit-stop.rules
202	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audispd.conf
203	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
204	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
205	%attr(0750,root,root) %{_sbindir}/audispd
206	%attr(0755,root,root) %{_sbindir}/auditctl
207	%attr(0755,root,root) %{_sbindir}/auditd
208	%attr(0750,root,root) %{_sbindir}/autrace
209	%attr(0755,root,root) %{_sbindir}/aureport
210	%attr(0755,root,root) %{_sbindir}/ausearch
211	%attr(0755,root,root) %{_sbindir}/augenrules
212	%attr(0755,root,root) %{_bindir}/aulastlog
213	%attr(0755,root,root) %{_bindir}/aulast
214	%attr(0755,root,root) %{_bindir}/ausyscall
215	%attr(7555,root,root) %{_bindir}/auvirt
216	%attr(0644,root,root) %{_mandir}/man5/audispd.conf.5*
217	%attr(0644,root,root) %{_mandir}/man5/auditd.conf.5*
218	%attr(0644,root,root) %{_mandir}/man5/ausearch-expression.5*
219	%attr(0644,root,root) %{_mandir}/man7/audit.rules.7*
220	%attr(0644,root,root) %{_mandir}/man8/audispd.8*
221	%attr(0644,root,root) %{_mandir}/man8/auditctl.8*
222	%attr(0644,root,root) %{_mandir}/man8/auditd.8*
223	%attr(0644,root,root) %{_mandir}/man8/aulast.8*
224	%attr(0644,root,root) %{_mandir}/man8/aulastlog.8*
225	%attr(6444,root,root) %{_mandir}/man8/auvirt.8.*
226	%attr(6444,root,root) %{_mandir}/man8/augenrules.8*
227	%attr(0644,root,root) %{_mandir}/man8/aureport.8*
228	%attr(0644,root,root) %{_mandir}/man8/ausearch.8*
229	%attr(0644,root,root) %{_mandir}/man8/ausyscall.8*
230	%attr(0644,root,root) %{_mandir}/man8/autrace.8*
231	%attr(0700,root,root) %dir %{_var}/log/audit
232	%{_tmpfilesdir}/%{name}.conf
233
234	%files -n %{libname}
235	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/libaudit.conf
236	%{_libdir}/libaudit.so.%{major}{,.*}
237	%attr(0644,root,root) %{_mandir}/man5/libaudit.conf.5*
238
239	%files -n %{develname}
240	%doc ChangeLog contrib/skeleton.c contrib/plugin
241	%{_libdir}/libaudit.so
242	%{_includedir}/libaudit.h
243	%{_datadir}/aclocal/audit.m4
244	%{_libdir}/pkgconfig/audit.pc
245	%{_libdir}/pkgconfig/auparse.pc
246	%{_mandir}/man3/audit_*
247	%{_mandir}/man3/ausearch_*
248	%{_mandir}/man3/get_auditfail_action.3*
249	%{_mandir}/man3/set_aumessage_mode.3*
250
251	%files -n %{auparselibname}
252	%{_libdir}/libauparse.so.%{auparsemajor}{,.*}
253
254	%files -n %{auparsedevelname}
255	%doc ChangeLog contrib/skeleton.c contrib/plugin
256	%{_libdir}/libauparse.so
257	%{_includedir}/auparse-defs.h
258	%{_includedir}/auparse.h
259	%{_mandir}/man3/auparse_*
260
261	%files -n python2-audit
262	%{python2_sitearch}/*.so
263	%{python2_sitearch}/audit.p*
264
265	%files -n python3-audit
266	%{python3_sitearch}/*
267
268	%files -n audispd-plugins
269	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-prelude.conf
270	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
271	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
272	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
273	%attr(0750,root,root) %{_sbindir}/audisp-prelude
274	%attr(0750,root,root) %{_sbindir}/audisp-remote
275	%attr(0644,root,root) %{_mandir}/man5/audisp-prelude.conf.5*
276	%attr(0644,root,root) %{_mandir}/man5/audisp-remote.conf.5*
277	%attr(0644,root,root) %{_mandir}/man8/audisp-prelude.8*
278	%attr(0644,root,root) %{_mandir}/man8/audisp-remote.8*
279	%attr(0750,root,root) %dir %{_var}/spool/audit
280
281	%files -n audispd-plugins-zos
282	%attr(0644,root,root) %{_mandir}/man8/audispd-zos-remote.8*
283	%attr(0644,root,root) %{_mandir}/man5/zos-remote.conf.5*
284	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
285	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
286	%attr(0750,root,root) %{_sbindir}/audispd-zos-remote