current/SPECS/audit.spec

%define major 1
%define libname %mklibname audit %{major}
%define develname %mklibname audit -d

%define auparsemajor 0
%define auparselibname %mklibname auparse %{auparsemajor}
%define auparsedevelname %mklibname auparse -d

Summary:        User-space tools for Linux 2.6 kernel auditing
Name:           audit
Version:        2.7.7
Release:        %mkrel 1
License:        LGPLv2+
Group:          System/Base
URL:            http://people.redhat.com/sgrubb/audit/
Source0:        http://people.redhat.com/sgrubb/audit/audit-%{version}.tar.gz
Source1:        %{name}-tmpfiles.conf
BuildRequires:  gettext-devel
BuildRequires:  glibc-devel >= 2.6
BuildRequires:  intltool
BuildRequires:  libcap-ng-devel
BuildRequires:  libtool
BuildRequires:  openldap-devel
BuildRequires:  prelude-devel >= 0.9.16
BuildRequires:  python-devel
BuildRequires:  python3-devel
BuildRequires:  swig
BuildRequires:  tcp_wrappers-devel
# for macro definition:
BuildRequires:  systemd-devel
Requires(preun): rpm-helper
Requires(post): rpm-helper
Requires(postun):rpm-helper
Requires:       tcp_wrappers

%description
The audit package contains the user space utilities for storing and searching
the audit records generate by the audit subsystem in the Linux 2.6 kernel.

%package -n     %{libname}
Summary:        Main libraries for %{name}
Group:          System/Libraries

%description -n %{libname}
This package contains the main libraries for %{name}.

%package -n     %{develname}
Summary:        Development files for %{name}
Group:          Development/C
Requires:       %{libname} = %{version}-%{release}
Provides:       libaudit-devel = %{version}-%{release}
Provides:       audit-devel = %{version}-%{release}
Provides:       audit-libs-devel = %{version}-%{release}

%description -n %{develname}
This package contains development files for %{name}.

%package -n     %{auparselibname}
Summary:        Main libraries for %{name}
Group:          System/Libraries

%description -n %{auparselibname}
This package contains the main auparse libraries for %{name}.

%package -n     %{auparsedevelname}
Summary:        Development files for %{name}
Group:          Development/C
Requires:       %{auparselibname} = %{version}-%{release}
Provides:       auparse-devel = %{version}-%{release}


%description -n %{auparsedevelname}
This package contains development files for %{name}.

%package -n     python-audit
Summary:        Python bindings for %{name}
Group:          Development/Python

%description -n python-audit
This package contains python bindings for %{name}.

%package -n     python3-audit
Summary:        Python3 bindings for libaudit
License:        LGPLv2+
Group:          Development/Python
Requires:       %{name} = %{version}-%{release}
Requires:       %{libname} = %{version}-%{release}

%description -n python3-audit
The python3-audit package contains the bindings so that libaudit
and libauparse can be used by python3.

%package -n     audispd-plugins
Summary:        Plugins for the audit event dispatcher
Group:          System/Base
Requires:       %{name} = %{version}

%description -n audispd-plugins
The audispd-plugins package provides plugins for the real-time interface to the
audit system, audispd. These plugins can do things like relay events to remote
machines.

%package -n     audispd-plugins-zos
Summary:        z/OS plugin for the audit event dispatcher
Group:          System/Base
Requires:       %{name} = %{version}
Requires:       openldap

%description -n audispd-plugins-zos
The audispd-plugins-zos package provides a plugin that will forward all
incoming audit events, as they happen, to a configured z/OS SMF (Service
Management Facility) database, through an IBM Tivoli Directory Server
(ITDS) set for Remote Audit service.

%prep
%setup -q

find -type d -name ".libs" | xargs rm -rf

#fix build with new automake
sed -i -e 's,AM_CONFIG_HEADER,AC_CONFIG_HEADERS,g' configure.*


%build
%serverbuild
autoreconf -f -v --install

%configure2_5x \
    --disable-static \
    --with-prelude \
    --with-libwrap \
    --enable-gssapi-krb5=no \
    --with-libcap-ng=yes \
    --enable-systemd \
    --with-python3=yes

%make_build

%install
%{__install} -d %{buildroot}%{_var}/log/audit
%{__install} -d %{buildroot}%{_libdir}/audit
%{__install} -d %{buildroot}%{_var}/spool/audit
%{__install} -D -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf

%make_install

# uneeded files
find %{buildroot} -name "*.la" -delete

%post
# Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then
# FESCO asked for audit to be off by default. #1117953
        if [ -e /usr/share/doc/audit/rules/10-no-audit.rules ] ; then
                cp /usr/share/doc/audit/rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
        else
                touch /etc/audit/rules.d/audit.rules
        fi
        chmod 0600 /etc/audit/rules.d/audit.rules
fi

%_tmpfilescreate %{name}

## This hack is because the auditd.service needs to be started before sysinit.target. So let's just enable and start
## the service manually after installation. This needs to be revisited after our %%_post_service has been adjusted
systemctl enable -q auditd.service
systemctl start -q auditd.service
# %%_post_service auditd.service

%preun
## For some unknow reason "systemctl stop" doesn't work so use "systemctl kill" instead:
## Failed to stop auditd.service: Operation refused, unit auditd.service may be requested
## by dependency only.
systemctl kill -q auditd.service
systemctl disable -q auditd.service


%files
%doc README ChangeLog rules init.d/auditd.cron
%attr(644,root,root) %{_unitdir}/auditd.service
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
%attr(0750,root,root) %dir %{_sysconfdir}/audit
%attr(0750,root,root) %dir %{_sysconfdir}/audisp
%attr(0750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/auditd.conf
%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit.rules
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit-stop.rules
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audispd.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
%attr(0750,root,root) %{_sbindir}/audispd
%attr(0755,root,root) %{_sbindir}/auditctl
%attr(0755,root,root) %{_sbindir}/auditd
%attr(0750,root,root) %{_sbindir}/autrace
%attr(0755,root,root) %{_sbindir}/aureport
%attr(0755,root,root) %{_sbindir}/ausearch
%attr(0755,root,root) %{_sbindir}/augenrules
%attr(0755,root,root) %{_bindir}/aulastlog
%attr(0755,root,root) %{_bindir}/aulast
%attr(0755,root,root) %{_bindir}/ausyscall
%attr(7555,root,root) %{_bindir}/auvirt
%attr(0644,root,root) %{_mandir}/man5/audispd.conf.5*
%attr(0644,root,root) %{_mandir}/man5/auditd.conf.5*
%attr(0644,root,root) %{_mandir}/man5/ausearch-expression.5*
%attr(0644,root,root) %{_mandir}/man7/audit.rules.7*
%attr(0644,root,root) %{_mandir}/man8/audispd.8*
%attr(0644,root,root) %{_mandir}/man8/auditctl.8*
%attr(0644,root,root) %{_mandir}/man8/auditd.8*
%attr(0644,root,root) %{_mandir}/man8/aulast.8*
%attr(0644,root,root) %{_mandir}/man8/aulastlog.8*
%attr(6444,root,root) %{_mandir}/man8/auvirt.8.*
%attr(6444,root,root) %{_mandir}/man8/augenrules.8*
%attr(0644,root,root) %{_mandir}/man8/aureport.8*
%attr(0644,root,root) %{_mandir}/man8/ausearch.8*
%attr(0644,root,root) %{_mandir}/man8/ausyscall.8*
%attr(0644,root,root) %{_mandir}/man8/autrace.8*
%attr(0700,root,root) %dir %{_var}/log/audit
%{_tmpfilesdir}/%{name}.conf

%files -n %{libname}
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/libaudit.conf
%{_libdir}/libaudit.so.%{major}{,.*}
%attr(0644,root,root) %{_mandir}/man5/libaudit.conf.5*

%files -n %{develname}
%doc ChangeLog contrib/skeleton.c contrib/plugin
%{_libdir}/libaudit.so
%{_includedir}/libaudit.h
%{_datadir}/aclocal/audit.m4
%{_libdir}/pkgconfig/audit.pc
%{_libdir}/pkgconfig/auparse.pc
%{_mandir}/man3/audit_*
%{_mandir}/man3/ausearch_*
%{_mandir}/man3/get_auditfail_action.3*
%{_mandir}/man3/set_aumessage_mode.3*

%files -n %{auparselibname}
%{_libdir}/libauparse.so.%{auparsemajor}{,.*}

%files -n %{auparsedevelname}
%doc ChangeLog contrib/skeleton.c contrib/plugin
%{_libdir}/libauparse.so
%{_includedir}/auparse-defs.h
%{_includedir}/auparse.h
%{_mandir}/man3/auparse_*

%files -n python-audit
%{python2_sitearch}/*.so
%{python2_sitearch}/audit.p*

%files -n python3-audit
%{python3_sitearch}/*

%files -n audispd-plugins
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-prelude.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
%attr(0750,root,root) %{_sbindir}/audisp-prelude
%attr(0750,root,root) %{_sbindir}/audisp-remote
%attr(0644,root,root) %{_mandir}/man5/audisp-prelude.conf.5*
%attr(0644,root,root) %{_mandir}/man5/audisp-remote.conf.5*
%attr(0644,root,root) %{_mandir}/man8/audisp-prelude.8*
%attr(0644,root,root) %{_mandir}/man8/audisp-remote.8*
%attr(0750,root,root) %dir %{_var}/spool/audit

%files -n audispd-plugins-zos
%attr(0644,root,root) %{_mandir}/man8/audispd-zos-remote.8*
%attr(0644,root,root) %{_mandir}/man5/zos-remote.conf.5*
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
%attr(0750,root,root) %{_sbindir}/audispd-zos-remote
1	%define major 1
2	%define libname %mklibname audit %{major}
3	%define develname %mklibname audit -d
4
5	%define auparsemajor 0
6	%define auparselibname %mklibname auparse %{auparsemajor}
7	%define auparsedevelname %mklibname auparse -d
8
9	Summary: User-space tools for Linux 2.6 kernel auditing
10	Name: audit
11	Version: 2.7.7
12	Release: %mkrel 1
13	License: LGPLv2+
14	Group: System/Base
15	URL: http://people.redhat.com/sgrubb/audit/
16	Source0: http://people.redhat.com/sgrubb/audit/audit-%{version}.tar.gz
17	Source1: %{name}-tmpfiles.conf
18	BuildRequires: gettext-devel
19	BuildRequires: glibc-devel >= 2.6
20	BuildRequires: intltool
21	BuildRequires: libcap-ng-devel
22	BuildRequires: libtool
23	BuildRequires: openldap-devel
24	BuildRequires: prelude-devel >= 0.9.16
25	BuildRequires: python-devel
26	BuildRequires: python3-devel
27	BuildRequires: swig
28	BuildRequires: tcp_wrappers-devel
29	# for macro definition:
30	BuildRequires: systemd-devel
31	Requires(preun): rpm-helper
32	Requires(post): rpm-helper
33	Requires(postun):rpm-helper
34	Requires: tcp_wrappers
35
36	%description
37	The audit package contains the user space utilities for storing and searching
38	the audit records generate by the audit subsystem in the Linux 2.6 kernel.
39
40	%package -n %{libname}
41	Summary: Main libraries for %{name}
42	Group: System/Libraries
43
44	%description -n %{libname}
45	This package contains the main libraries for %{name}.
46
47	%package -n %{develname}
48	Summary: Development files for %{name}
49	Group: Development/C
50	Requires: %{libname} = %{version}-%{release}
51	Provides: libaudit-devel = %{version}-%{release}
52	Provides: audit-devel = %{version}-%{release}
53	Provides: audit-libs-devel = %{version}-%{release}
54
55	%description -n %{develname}
56	This package contains development files for %{name}.
57
58	%package -n %{auparselibname}
59	Summary: Main libraries for %{name}
60	Group: System/Libraries
61
62	%description -n %{auparselibname}
63	This package contains the main auparse libraries for %{name}.
64
65	%package -n %{auparsedevelname}
66	Summary: Development files for %{name}
67	Group: Development/C
68	Requires: %{auparselibname} = %{version}-%{release}
69	Provides: auparse-devel = %{version}-%{release}
70
71
72	%description -n %{auparsedevelname}
73	This package contains development files for %{name}.
74
75	%package -n python-audit
76	Summary: Python bindings for %{name}
77	Group: Development/Python
78
79	%description -n python-audit
80	This package contains python bindings for %{name}.
81
82	%package -n python3-audit
83	Summary: Python3 bindings for libaudit
84	License: LGPLv2+
85	Group: Development/Python
86	Requires: %{name} = %{version}-%{release}
87	Requires: %{libname} = %{version}-%{release}
88
89	%description -n python3-audit
90	The python3-audit package contains the bindings so that libaudit
91	and libauparse can be used by python3.
92
93	%package -n audispd-plugins
94	Summary: Plugins for the audit event dispatcher
95	Group: System/Base
96	Requires: %{name} = %{version}
97
98	%description -n audispd-plugins
99	The audispd-plugins package provides plugins for the real-time interface to the
100	audit system, audispd. These plugins can do things like relay events to remote
101	machines.
102
103	%package -n audispd-plugins-zos
104	Summary: z/OS plugin for the audit event dispatcher
105	Group: System/Base
106	Requires: %{name} = %{version}
107	Requires: openldap
108
109	%description -n audispd-plugins-zos
110	The audispd-plugins-zos package provides a plugin that will forward all
111	incoming audit events, as they happen, to a configured z/OS SMF (Service
112	Management Facility) database, through an IBM Tivoli Directory Server
113	(ITDS) set for Remote Audit service.
114
115	%prep
116	%setup -q
117
118	find -type d -name ".libs" \| xargs rm -rf
119
120	#fix build with new automake
121	sed -i -e 's,AM_CONFIG_HEADER,AC_CONFIG_HEADERS,g' configure.*
122
123
124	%build
125	%serverbuild
126	autoreconf -f -v --install
127
128	%configure2_5x \
129	--disable-static \
130	--with-prelude \
131	--with-libwrap \
132	--enable-gssapi-krb5=no \
133	--with-libcap-ng=yes \
134	--enable-systemd \
135	--with-python3=yes
136
137	%make_build
138
139	%install
140	%{__install} -d %{buildroot}%{_var}/log/audit
141	%{__install} -d %{buildroot}%{_libdir}/audit
142	%{__install} -d %{buildroot}%{_var}/spool/audit
143	%{__install} -D -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
144
145	%make_install
146
147	# uneeded files
148	find %{buildroot} -name "*.la" -delete
149
150	%post
151	# Copy default rules into place on new installation
152	files=`ls /etc/audit/rules.d/ 2>/dev/null \| wc -w`
153	if [ "$files" -eq 0 ] ; then
154	# FESCO asked for audit to be off by default. #1117953
155	if [ -e /usr/share/doc/audit/rules/10-no-audit.rules ] ; then
156	cp /usr/share/doc/audit/rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
157	else
158	touch /etc/audit/rules.d/audit.rules
159	fi
160	chmod 0600 /etc/audit/rules.d/audit.rules
161	fi
162
163	%_tmpfilescreate %{name}
164
165	## This hack is because the auditd.service needs to be started before sysinit.target. So let's just enable and start
166	## the service manually after installation. This needs to be revisited after our %%_post_service has been adjusted
167	systemctl enable -q auditd.service
168	systemctl start -q auditd.service
169	# %%_post_service auditd.service
170
171	%preun
172	## For some unknow reason "systemctl stop" doesn't work so use "systemctl kill" instead:
173	## Failed to stop auditd.service: Operation refused, unit auditd.service may be requested
174	## by dependency only.
175	systemctl kill -q auditd.service
176	systemctl disable -q auditd.service
177
178
179	%files
180	%doc README ChangeLog rules init.d/auditd.cron
181	%attr(644,root,root) %{_unitdir}/auditd.service
182	%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
183	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume
184	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
185	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
186	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart
187	%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
188	%attr(0750,root,root) %dir %{_sysconfdir}/audit
189	%attr(0750,root,root) %dir %{_sysconfdir}/audisp
190	%attr(0750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
191	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/auditd.conf
192	%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
193	%ghost %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit.rules
194	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audit/audit-stop.rules
195	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audispd.conf
196	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
197	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
198	%attr(0750,root,root) %{_sbindir}/audispd
199	%attr(0755,root,root) %{_sbindir}/auditctl
200	%attr(0755,root,root) %{_sbindir}/auditd
201	%attr(0750,root,root) %{_sbindir}/autrace
202	%attr(0755,root,root) %{_sbindir}/aureport
203	%attr(0755,root,root) %{_sbindir}/ausearch
204	%attr(0755,root,root) %{_sbindir}/augenrules
205	%attr(0755,root,root) %{_bindir}/aulastlog
206	%attr(0755,root,root) %{_bindir}/aulast
207	%attr(0755,root,root) %{_bindir}/ausyscall
208	%attr(7555,root,root) %{_bindir}/auvirt
209	%attr(0644,root,root) %{_mandir}/man5/audispd.conf.5*
210	%attr(0644,root,root) %{_mandir}/man5/auditd.conf.5*
211	%attr(0644,root,root) %{_mandir}/man5/ausearch-expression.5*
212	%attr(0644,root,root) %{_mandir}/man7/audit.rules.7*
213	%attr(0644,root,root) %{_mandir}/man8/audispd.8*
214	%attr(0644,root,root) %{_mandir}/man8/auditctl.8*
215	%attr(0644,root,root) %{_mandir}/man8/auditd.8*
216	%attr(0644,root,root) %{_mandir}/man8/aulast.8*
217	%attr(0644,root,root) %{_mandir}/man8/aulastlog.8*
218	%attr(6444,root,root) %{_mandir}/man8/auvirt.8.*
219	%attr(6444,root,root) %{_mandir}/man8/augenrules.8*
220	%attr(0644,root,root) %{_mandir}/man8/aureport.8*
221	%attr(0644,root,root) %{_mandir}/man8/ausearch.8*
222	%attr(0644,root,root) %{_mandir}/man8/ausyscall.8*
223	%attr(0644,root,root) %{_mandir}/man8/autrace.8*
224	%attr(0700,root,root) %dir %{_var}/log/audit
225	%{_tmpfilesdir}/%{name}.conf
226
227	%files -n %{libname}
228	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/libaudit.conf
229	%{_libdir}/libaudit.so.%{major}{,.*}
230	%attr(0644,root,root) %{_mandir}/man5/libaudit.conf.5*
231
232	%files -n %{develname}
233	%doc ChangeLog contrib/skeleton.c contrib/plugin
234	%{_libdir}/libaudit.so
235	%{_includedir}/libaudit.h
236	%{_datadir}/aclocal/audit.m4
237	%{_libdir}/pkgconfig/audit.pc
238	%{_libdir}/pkgconfig/auparse.pc
239	%{_mandir}/man3/audit_*
240	%{_mandir}/man3/ausearch_*
241	%{_mandir}/man3/get_auditfail_action.3*
242	%{_mandir}/man3/set_aumessage_mode.3*
243
244	%files -n %{auparselibname}
245	%{_libdir}/libauparse.so.%{auparsemajor}{,.*}
246
247	%files -n %{auparsedevelname}
248	%doc ChangeLog contrib/skeleton.c contrib/plugin
249	%{_libdir}/libauparse.so
250	%{_includedir}/auparse-defs.h
251	%{_includedir}/auparse.h
252	%{_mandir}/man3/auparse_*
253
254	%files -n python-audit
255	%{python2_sitearch}/*.so
256	%{python2_sitearch}/audit.p*
257
258	%files -n python3-audit
259	%{python3_sitearch}/*
260
261	%files -n audispd-plugins
262	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-prelude.conf
263	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
264	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
265	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
266	%attr(0750,root,root) %{_sbindir}/audisp-prelude
267	%attr(0750,root,root) %{_sbindir}/audisp-remote
268	%attr(0644,root,root) %{_mandir}/man5/audisp-prelude.conf.5*
269	%attr(0644,root,root) %{_mandir}/man5/audisp-remote.conf.5*
270	%attr(0644,root,root) %{_mandir}/man8/audisp-prelude.8*
271	%attr(0644,root,root) %{_mandir}/man8/audisp-remote.8*
272	%attr(0750,root,root) %dir %{_var}/spool/audit
273
274	%files -n audispd-plugins-zos
275	%attr(0644,root,root) %{_mandir}/man8/audispd-zos-remote.8*
276	%attr(0644,root,root) %{_mandir}/man5/zos-remote.conf.5*
277	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
278	%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
279	%attr(0750,root,root) %{_sbindir}/audispd-zos-remote