parent
0e25e14dc1
commit
8f3ed29ae6
GPG Key ID:
F6CFA5A99E7B5957
@ -1,17 +1,17 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iQJNBAABCgA3FiEEm8dazQnvu0U1Gdmc9s+lqZ57WVcFAmCFK1UZHGd6YW11ZGlv
|
iQJNBAABCgA3FiEEm8dazQnvu0U1Gdmc9s+lqZ57WVcFAmCFLzcZHGd6YW11ZGlv
|
||||||
QGxpYnJlbWV4Lm9yZy5teAAKCRD2z6WpnntZV6zKD/9UNiRVR0x/0eMiV/lqn4Xl
|
QGxpYnJlbWV4Lm9yZy5teAAKCRD2z6WpnntZVxPeEACxs0DcOYJ/Zvsvu2GqsK2V
|
||||||
UIXJEPKKV5rSyvH6kPxohBqzIjHRypuHhftBJXybQuB/taweizPwfFf3E6sABiyU
|
08auI0eVNldsx08yPFGW04/tG3g/TLVgQS+duJGlcbvHXVe/ey2zm1URQ3OZf2ri
|
||||||
WV0KUkEplhbnHPrhnwY8DSoRJb4FQvBNunJrpbqxmT0rjwdBNK2nNcKw+wxKUZe1
|
vF0jBRVCQLzsfFrPwoGOa2EzbhjCfRR819vO2cJ1YtjnkCeD0ESxc2ywD5p8ej7W
|
||||||
bNOUApot5JyrSptezTIc2Tlna3fmzUa1UnbFqGUwcOC5KYKxU+/eTZUiN/vMCWgt
|
nn3YULmDwSPAcN8LyaMSl57fwQpP2Lk8Ae+rBMiQBBrAO40SIlP8emtj81oD+kzc
|
||||||
xRnqv12ckaD0HyEhYwOtVuQbYP51ay5l87q6cB7blRadMMjkCwNeAp97MWdy9VnF
|
42DHrpo4Yow7w5TMk/xGgezctHZjWZCduK/VhJeX6wU6mFzHjZxAy/OMFR5AKgGi
|
||||||
bg1HTlHdgiDykwCqq5ZQIzHAvNV2lq1lSA6c57KtgNa/1JN8zdMbz1rcA+17pFsW
|
DTpUNa9Rsps4AUK6kWfeN9WMv+oEGIqCScQyDWjQsP8BvsqJ3BnkYJ/9UV4zsIYv
|
||||||
hdkDa43Z6pNWvY4my+QRr+NsOAtcj1/Tn6GUnkfGJeeErEsWSyHLAtN7H/Ptoknh
|
ViKyXCinbBFiwUiFXrWUccBsiZY2J44ZJTp9hjAWo7+hhqnyuN4HVZvVo2A8LWU1
|
||||||
9JQYzqlM7+t/yAjznFsphxlUiAS+8oF0vlPJR3ZY2IBjycGoXseLAGsaXGh6mSyg
|
NI3Ae36b+ZrA7GorZ3uhmUAHXnQcxDYwS2tcxCbjywVMDguxbwaSaOiLRHT5shXQ
|
||||||
FP3UKGHIpszQ34X1ne7DutVXkgM7p/yHlLO7Fstx8jbT2gbmFqzIPsdvgR0Kw7qK
|
QfsMQXFrT5kkSTf9552h9sMWX1KZ9DPRdR5yIZ8/dOzLxZnVC8nVaSZVjXJBsA9W
|
||||||
HoUKUZ8nYLj6Obhe3uFeZtJ7nwxTS/pBFrq8Dd2KcVfKRyJOGwvoYmtF0lDB6GUn
|
BZeo2axZojAyJ02szyJo7o8BseqJPkGadlm9q53d9N0/UBOItj1UDJts4z+ch/qx
|
||||||
VDOcYSTE5HQt0QOe5Y5sbbCieRwjaACoOT1/o7AMwzRYAwPBagP6AjTRRVboc1/T
|
U4elXmvzb7qCDunH72fo6Nue5aRJMBcpxZyVDIZ2sS9EcYDY8sQ701jvUokvgVla
|
||||||
6fQpDj3M2RB+FVxz5i9+Rw==
|
SceaaeMJMBdHORlBLCJRag==
|
||||||
=DnZi
|
=4ko7
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|||||||
Binary file not shown.
@ -1,17 +1,17 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iQJNBAABCgA3FiEEm8dazQnvu0U1Gdmc9s+lqZ57WVcFAmCFK1YZHGd6YW11ZGlv
|
iQJNBAABCgA3FiEEm8dazQnvu0U1Gdmc9s+lqZ57WVcFAmCFLzgZHGd6YW11ZGlv
|
||||||
QGxpYnJlbWV4Lm9yZy5teAAKCRD2z6WpnntZV10ZEACJHr8TqXl+cdxIxkGcrIHv
|
QGxpYnJlbWV4Lm9yZy5teAAKCRD2z6WpnntZV2fuD/9eJSkquSZVLMV3uYJ5lcO8
|
||||||
ge20pNDZHZCBLG4hhuZNEDG5lmrtrvuuf6EopKk1WOOkpZd0M6zZfwu1Mana3/Jm
|
F4uE+wni7RK4DKs9mxp7t48cNQmxQBl4YPEQz2bQNa3+1o4/YUUUgJR6HdiWF4MW
|
||||||
dbc/ArzTVA7fvfclRSysqMuKmY+umQIrWUaolO4D9FfoQ7Xu/AUl/qRyDChaFTqt
|
fG0xHhOPRn4EbUhyrFnIb2PsB52LGKx3fhEL2pa00YcSND8SfXOQJr/+i5h3zYGt
|
||||||
OG4igx0pgmN1ei6VT2p3wG8zRuWDTOKuCehuS3e3xxOKBTRunnuxKw/nebkyXm0j
|
8FPSPii83fyvYr6quIuk/Ek6wmwQfymvzozL/F/i4c1pjGrJ7ynzFmlFDPBz1bXk
|
||||||
E518k+MjDiGzQpbIvqnbBWAzYN7RuQCSW+o9kPBzE+BaIBmxFqKJ3gDBlOcgW4wm
|
4PmunvrbiylROHE5+1WNJOAoZNEC5X6GU1WpnWkNg5SNx4mMVvnJvKrfx5kW40AE
|
||||||
lLeCDEQQPqnh5IFbNC2dHgzSJirU8n7iaJ8f2vzO0rLg7+Fu+mj3f1ACulchwoFQ
|
Vld3X1Osy2iVXhBLcZH/OzBjIEdpXoI7BuBs9Hc/YfiicoKMIjMUjjiWtQ8xYjdC
|
||||||
3lBybGbI5VuumNYF8o+npDOaL1/McpINfBQsYXDZD5HAEdZZPBeWfGR0qFGVxhwH
|
2t7z0Tk8S+8NMarNcXMRcbWkyNKDFJORrVW6TfUzXwfoxzr+jyIFvvrnXXRwDhEJ
|
||||||
b9u5pjN9vxTq3e2g50IdaLIHfmEAd1uqqsijbN9BcSql6OudajeLiel+jBtXzeak
|
NuZ0URnSt7pfBgxB+6WZnxRwlQbxhQh/PYc6F/16m3fcNCWf7nl7PUrf3BrgQkWm
|
||||||
+BFseFVHQDunyNtOI4PaBW39PXp3ThC+pXSViF9RX5CTBKDZL1eGNraRf/gBxaS4
|
kxc5yfO0SBFn8lphM00v1hGMQZx8UzcxDh9vVpd/+B1IT69R1GAbIxNn7fZIGWU1
|
||||||
XYcRGgDS2S3ytY2BRIWqPVmJEiaAuNHNLuxs+kzQ87sYl/gOicF54t53rBui/8Na
|
qhbUfsiaZeajjzd3wDvghg4dvQN76y39twfPgkgb5vEDubTiGDI7s1VPEy5/v77l
|
||||||
F1KRcVLlMfKRT05hmu5GlM4rxyTStGx3gci8J23auF//vwMMxOpdw18Bfittt0X1
|
QNFJbTlzSNbC3Nq8VZUtzJX+Qd/M0qYY4DSDkmCcPOuR6yjVxRA7926ZaaK2rOgu
|
||||||
38ylEW9oRNYFN4PujhUKfA==
|
1LTDhGv/tsUYSwG1bYbqOg==
|
||||||
=1mh8
|
=pbHM
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
@ -0,0 +1,16 @@
|
|||||||
|
Audit for Slackware
|
||||||
|
|
||||||
|
The Linux Auditing System is a kernel subsystem the allows the kernel to
|
||||||
|
record events of interest to intrusion detection systems, such as file
|
||||||
|
access attempts, specific system calls, or custom events generated by
|
||||||
|
trusted system binaries like login or sshd. The audit package provides the
|
||||||
|
tools to configure the audit system, and to collect and process its output.
|
||||||
|
|
||||||
|
To collect audit events, your kernel must have the audit system enabled,
|
||||||
|
which is present in the stock Slackware kernels.
|
||||||
|
|
||||||
|
The audit package has no other dependencies. However, certain audit events
|
||||||
|
of interest, such as failed login attempts from /bin/login, password changes,
|
||||||
|
etcetera are generated by their respective binaries using libaudit. If your
|
||||||
|
site policy requires auditing those events, some reconfiguration and/or
|
||||||
|
patching may be required.
|
||||||
@ -0,0 +1,16 @@
|
|||||||
|
# NOTES:
|
||||||
|
# This slackbuild won't do much unless you rebuild your kernel with audit enabled.
|
||||||
|
# Optionally you can enable syscall-level audit.
|
||||||
|
#
|
||||||
|
# RULES:
|
||||||
|
# Some example rulesets are available at /usr/doc/audit-2.0.4/contrib
|
||||||
|
# stig.rules is an example ruleset for systems that are subject to the US Department of Defense
|
||||||
|
# UNIX STIG audit requirement, although I read recently on the gov-sec@ Redhat list that
|
||||||
|
# they hadn't been updating it religiously.
|
||||||
|
#
|
||||||
|
# ROTATION:
|
||||||
|
# The audit log (/var/log/audit/audit.log) is rotated on a size basis automatically by auditd.
|
||||||
|
# Periodic rotation (i.e. logrotate) is a bad idea for audit, since an attacker could trigger a
|
||||||
|
# common event rapidly to exhaust log space, then do something nefarious that would go unaudited.
|
||||||
|
# This package uses the default rotation size of 8MB.
|
||||||
|
|
||||||
@ -0,0 +1,21 @@
|
|||||||
|
diff -Nur audit-2.0.4.orig//init.d/auditd.init audit-2.0.4/init.d/auditd.init
|
||||||
|
--- audit-2.0.4.orig//init.d/auditd.init 2009-12-07 15:16:41.000000000 -0600
|
||||||
|
+++ audit-2.0.4/init.d/auditd.init 2010-06-13 02:07:13.368552889 -0500
|
||||||
|
@@ -9,7 +9,7 @@
|
||||||
|
# will be sent to syslog.
|
||||||
|
#
|
||||||
|
# processname: /sbin/auditd
|
||||||
|
-# config: /etc/sysconfig/auditd
|
||||||
|
+# config: /etc/rc.d/rc.auditd.conf
|
||||||
|
# config: /etc/audit/auditd.conf
|
||||||
|
# pidfile: /var/run/auditd.pid
|
||||||
|
#
|
||||||
|
@@ -42,7 +42,7 @@
|
||||||
|
test $EUID = 0 || exit 4
|
||||||
|
|
||||||
|
# Check config
|
||||||
|
-test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd
|
||||||
|
+test -f /etc/rc.d/rc.auditd.conf && . /etc/rc.d/rc.auditd.conf
|
||||||
|
|
||||||
|
RETVAL=0
|
||||||
|
|
||||||
@ -0,0 +1,125 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Copyright 2010, R. Andrew Bailey, Chantilly, VA USA
|
||||||
|
# 2013 - 2014, Bogdan Radulescu, Bucharest, Romania <bogdan@nimblex.net>
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# Permission to use, copy, modify, and distribute this software for
|
||||||
|
# any purpose with or without fee is hereby granted, provided that
|
||||||
|
# the above copyright notice and this permission notice appear in all
|
||||||
|
# copies.
|
||||||
|
#
|
||||||
|
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
|
||||||
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||||
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
|
||||||
|
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
|
||||||
|
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||||
|
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||||
|
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||||
|
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
# SUCH DAMAGE.
|
||||||
|
|
||||||
|
PRGNAM=audit
|
||||||
|
VERSION=${VERSION:-3.0.1}
|
||||||
|
BUILD=${BUILD:-1}
|
||||||
|
TAG=${TAG:-_SBo}
|
||||||
|
|
||||||
|
if [ -z "$ARCH" ]; then
|
||||||
|
case "$( uname -m )" in
|
||||||
|
i?86) ARCH=i586 ;;
|
||||||
|
arm*) ARCH=arm ;;
|
||||||
|
*) ARCH=$( uname -m ) ;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
CWD=$(pwd)
|
||||||
|
TMP=${TMP:-/tmp/SBo}
|
||||||
|
PKG=$TMP/package-$PRGNAM
|
||||||
|
OUTPUT=${OUTPUT:-/tmp}
|
||||||
|
|
||||||
|
if [ "$ARCH" = "i586" ]; then
|
||||||
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
||||||
|
LIBDIRSUFFIX=""
|
||||||
|
elif [ "$ARCH" = "i686" ]; then
|
||||||
|
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
||||||
|
LIBDIRSUFFIX=""
|
||||||
|
elif [ "$ARCH" = "x86_64" ]; then
|
||||||
|
SLKCFLAGS="-O2 -fPIC"
|
||||||
|
LIBDIRSUFFIX="64"
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
rm -rf $PKG
|
||||||
|
mkdir -p $TMP $PKG $OUTPUT
|
||||||
|
cd $TMP
|
||||||
|
rm -rf $PRGNAM-$VERSION
|
||||||
|
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
|
||||||
|
cd $PRGNAM-$VERSION
|
||||||
|
chown -R root:root .
|
||||||
|
find -L . \
|
||||||
|
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
|
||||||
|
-o -perm 511 \) -exec chmod 755 {} \; -o \
|
||||||
|
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
|
||||||
|
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
|
||||||
|
|
||||||
|
# Init should check /etc/rc.d/rc.auditd.conf instead of /etc/sysconfig/auditd
|
||||||
|
patch -p1 < $CWD/audit-2.3.6-sysconfig.diff
|
||||||
|
|
||||||
|
CXXFLAGS="$SLKCFLAGS" \
|
||||||
|
CFLAGS="$SLKCFLAGS" \
|
||||||
|
./configure \
|
||||||
|
--prefix=/usr \
|
||||||
|
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
||||||
|
--localstatedir=/var \
|
||||||
|
--sysconfdir=/etc \
|
||||||
|
--mandir=/usr/man \
|
||||||
|
--program-prefix= \
|
||||||
|
--program-suffix= \
|
||||||
|
--sbindir=/sbin \
|
||||||
|
--enable-static=no \
|
||||||
|
--enable-systemd=no \
|
||||||
|
--with-libcap-ng=yes \
|
||||||
|
--enable-gssapi-krb5=yes \
|
||||||
|
--build=$ARCH-slackware-linux
|
||||||
|
|
||||||
|
make
|
||||||
|
make DESTDIR=$PKG install
|
||||||
|
|
||||||
|
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
|
||||||
|
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
|
||||||
|
|
||||||
|
mkdir -p $PKG/etc/rc.d
|
||||||
|
mv $PKG/etc/sysconfig/auditd $PKG/etc/rc.d/rc.auditd.conf.new
|
||||||
|
mv $PKG/etc/rc.d/init.d/auditd $PKG/etc/rc.d/rc.auditd.new
|
||||||
|
rm -rf $PKG/etc/rc.d/init.d $PKG/etc/sysconfig
|
||||||
|
|
||||||
|
mkdir -p $PKG/var/log/audit $PKG/var/lock/subsys
|
||||||
|
|
||||||
|
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||||
|
cp -a AUTHORS COPYING ChangeLog INSTALL NEWS README contrib \
|
||||||
|
$PKG/usr/doc/$PRGNAM-$VERSION
|
||||||
|
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||||
|
cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
|
||||||
|
find $PKG/usr/doc -type f -exec chmod 0644 {} \;
|
||||||
|
find $PKG/usr/doc -size 0 -exec rm {} \;
|
||||||
|
|
||||||
|
find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \;
|
||||||
|
for i in $(find $PKG/usr/man -type l -name "*.?") ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
||||||
|
|
||||||
|
mkdir -p $PKG/install
|
||||||
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||||
|
|
||||||
|
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||||
|
# Change config files to .new:
|
||||||
|
( cd $PKG
|
||||||
|
for i in $(find etc -type f -name "*.rules" -o -name "*.conf") ; do
|
||||||
|
mv $i $i.new
|
||||||
|
echo "config $i.new" >> $PKG/install/doinst.sh
|
||||||
|
done )
|
||||||
|
|
||||||
|
cd $PKG
|
||||||
|
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
PRGNAM="audit"
|
||||||
|
VERSION="3.0.1"
|
||||||
|
HOMEPAGE="http://people.redhat.com/sgrubb/audit/"
|
||||||
|
DOWNLOAD="http://people.redhat.com/sgrubb/audit/audit-3.0.1.tar.gz"
|
||||||
|
MD5SUM="6a3cfa0dcccb98a85685029236528177"
|
||||||
|
DOWNLOAD_x86_64=""
|
||||||
|
MD5SUM_x86_64=""
|
||||||
|
REQUIRES=""
|
||||||
|
MAINTAINER="Bogdan Radulescu"
|
||||||
|
EMAIL="bogdan@nimblex.net"
|
||||||
@ -0,0 +1,26 @@
|
|||||||
|
config() {
|
||||||
|
NEW="$1"
|
||||||
|
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||||
|
# If there's no config file by that name, mv it over:
|
||||||
|
if [ ! -r $OLD ]; then
|
||||||
|
mv $NEW $OLD
|
||||||
|
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
|
||||||
|
# toss the redundant copy
|
||||||
|
rm $NEW
|
||||||
|
fi
|
||||||
|
# Otherwise, we leave the .new copy for the admin to consider...
|
||||||
|
}
|
||||||
|
|
||||||
|
preserve_perms() {
|
||||||
|
NEW="$1"
|
||||||
|
OLD="$(dirname ${NEW})/$(basename ${NEW} .new)"
|
||||||
|
if [ -e ${OLD} ]; then
|
||||||
|
cp -a ${OLD} ${NEW}.incoming
|
||||||
|
cat ${NEW} > ${NEW}.incoming
|
||||||
|
mv ${NEW}.incoming ${NEW}
|
||||||
|
fi
|
||||||
|
config ${NEW}
|
||||||
|
}
|
||||||
|
|
||||||
|
preserve_perms etc/rc.d/rc.auditd.new
|
||||||
|
config etc/rc.d/rc.auditd.conf.new
|
||||||
@ -0,0 +1,19 @@
|
|||||||
|
# HOW TO EDIT THIS FILE:
|
||||||
|
# The "handy ruler" below makes it easier to edit a package description.
|
||||||
|
# Line up the first '|' above the ':' following the base package name, and
|
||||||
|
# the '|' on the right side marks the last column you can put a character in.
|
||||||
|
# You must make exactly 11 lines for the formatting to be correct. It's also
|
||||||
|
# customary to leave one space after the ':' except on otherwise blank lines.
|
||||||
|
|
||||||
|
|-----handy-ruler------------------------------------------------------|
|
||||||
|
audit: audit (Linux Kernel Audit Framework)
|
||||||
|
audit:
|
||||||
|
audit: The audit package contains the user space utilities for storing and
|
||||||
|
audit: searching the audit records generate by the audit subsystem in the
|
||||||
|
audit: Linux 2.6 kernel.
|
||||||
|
audit:
|
||||||
|
audit: The audit subsystem, which is not enabled in stock Slackware kernels
|
||||||
|
audit: must be enabled and the kernel rebuilt in order to use auditd
|
||||||
|
audit:
|
||||||
|
audit:
|
||||||
|
audit:
|
||||||
Loading…
Reference in new issue