--- audit-1.5.4.orig/debian/control +++ audit-1.5.4/debian/control @@ -0,0 +1,51 @@ +Source: audit +Priority: extra +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Philipp Matthias Hahn +Build-Depends: debhelper (>= 5.0.37.2), + python-all-dev (>= 2.3.5-11), python-support (>= 0.5.3), swig, + automake1.9, autoconf (>= 2.59), libtool, autotools-dev, quilt +Build-Conflicts: autoconf2.13, automake1.4 +XS-Python-Version: all +Standards-Version: 3.7.2 +Section: libs + +Package: auditd +Section: admin +Architecture: any +Depends: ${shlibs:Depends}, lsb-base (>= 3.0-6) +Description: User space tools for security auditing + The audit package contains the user space utilities for + storing and searching the audit records generate by + the audit subsystem in the Linux 2.6 kernel. + . + Also contains the audit dispatcher "audisp". + . + Homepage: http://people.redhat.com/sgrubb/audit/ + +Package: libaudit0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends} +Description: Dynamic library for security auditing + The audit-libs package contains the dynamic libraries needed for + applications to use the audit framework. + +Package: libaudit-dev +Section: libdevel +Architecture: any +Depends: libaudit0 (= ${binary:Version}) +Description: Header files and static library for security auditing + The audit-libs-devel package contains the static libraries and header + files needed for developing applications that need to use the audit + framework libraries. + +Package: python-audit +Section: python +Architecture: any +Depends: ${shlibs:Depends}, ${python:Depends} +Provides: ${python:Provides} +XB-Python-Version: ${python:Versions} +Description: Python bindings for security auditing + The audit-libs-python package contains the bindings so that libaudit + and libauparse can be used by python. --- audit-1.5.4.orig/debian/libaudit0.install +++ audit-1.5.4/debian/libaudit0.install @@ -0,0 +1,3 @@ +usr/lib/libaudit.so.* lib +usr/lib/libauparse.so.* lib +etc/libaudit.conf --- audit-1.5.4.orig/debian/python-audit.examples +++ audit-1.5.4/debian/python-audit.examples @@ -0,0 +1,2 @@ +contrib/avc_snap +contrib/avc_syslog --- audit-1.5.4.orig/debian/libaudit-dev.install +++ audit-1.5.4/debian/libaudit-dev.install @@ -0,0 +1,6 @@ +usr/lib/libaudit.la +usr/lib/libaudit.a +usr/lib/libauparse.la +usr/lib/libauparse.a +usr/include +usr/share/man/man3 --- audit-1.5.4.orig/debian/pycompat +++ audit-1.5.4/debian/pycompat @@ -0,0 +1 @@ +2 --- audit-1.5.4.orig/debian/rules +++ audit-1.5.4/debian/rules @@ -0,0 +1,112 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE=1 + +export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + confflags += --build $(DEB_HOST_GNU_TYPE) +else + confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) +endif + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + QUILT_PATCHES=debian/patches quilt push -a || test $$? = 2 + -test -r /usr/share/misc/config.sub && \ + cp -f /usr/share/misc/config.sub config.sub + -test -r /usr/share/misc/config.guess && \ + cp -f /usr/share/misc/config.guess config.guess + autoreconf -fv --install + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/sbin \ + --libdir='$${exec_prefix}'/lib \ + --libexecdir=/lib \ + --mandir=/usr/share/man \ + --enable-shared=audit \ + --with-apparmor \ + $(confflags) + touch $@ + +build: build-stamp +build-stamp: configure-stamp + dh_testdir + $(MAKE) + touch $@ + +clean: + dh_testdir + dh_testroot + $(RM) build-stamp configure-stamp + -$(MAKE) maintainer-clean + QUILT_PATCHES=debian/patches quilt pop -a -R || test $$? = 2 + dh_clean + # Clean modified/regeneratable files + $(RM) configure depcomp install-sh ltmain.sh missing INSTALL config.log + $(RM) config.sub config.guess + $(RM) -r .pc + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + + # Remove some RedHat specific files + $(RM) debian/tmp/etc/rc.d/init.d/auditd + $(RM) debian/tmp/etc/sysconfig/auditd + + # Move the library to /lib + $(RM) debian/tmp/usr/lib/libaudit.so + $(RM) debian/tmp/usr/lib/libauparse.so + + # The Debian way + $(RM) debian/tmp/usr/lib/python2.4/site-packages/_au*.*a + $(RM) debian/tmp/usr/lib/python2.4/site-packages/au*.py[co] + +my-check: + find debian/*aud*/ -mindepth 0 -name DEBIAN -prune -o -not -type d -print|sed -e 's,debian/[^/]*/,,' -e 's/\.gz$$//' + +# Build architecture-independent files here. +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples + dh_install --sourcedir=debian/tmp --list-missing + #dh_installlogrotate #auditd has a equivalent built-in feature + dh_installinit -- start 12 2 3 4 5 . stop 88 0 1 6 . + dh_installman -pauditd debian/audispd.8 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_pysupport + dh_python + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- audit-1.5.4.orig/debian/auditd.logrotate +++ audit-1.5.4/debian/auditd.logrotate @@ -0,0 +1,10 @@ +/var/log/audit/audit.log { + rotate 4 + missingok + notifempty + weekly + compress + postrotate + /etc/init.d/auditd rotate >/dev/null + endscript +} --- audit-1.5.4.orig/debian/python-audit.install +++ audit-1.5.4/debian/python-audit.install @@ -0,0 +1,2 @@ +usr/lib/python*/site-packages/*.py +usr/lib/python*/site-packages/*.so --- audit-1.5.4.orig/debian/libaudit-dev.examples +++ audit-1.5.4/debian/libaudit-dev.examples @@ -0,0 +1 @@ +contrib/skeleton.c --- audit-1.5.4.orig/debian/auditd.install +++ audit-1.5.4/debian/auditd.install @@ -0,0 +1,13 @@ +etc/audit +sbin/audispd +sbin/auditctl +sbin/auditd +sbin/aureport +sbin/ausearch +sbin/autrace +usr/share/man/man5/auditd.conf.5 +usr/share/man/man8/auditctl.8 +usr/share/man/man8/auditd.8 +usr/share/man/man8/aureport.8 +usr/share/man/man8/ausearch.8 +usr/share/man/man8/autrace.8 --- audit-1.5.4.orig/debian/patches/CVE-2008-1628.patch +++ audit-1.5.4/debian/patches/CVE-2008-1628.patch @@ -0,0 +1,16 @@ +Index: audit-1.5.4/lib/audit_logging.c +=================================================================== +--- audit-1.5.4.orig/lib/audit_logging.c 2008-04-12 23:51:02.000000000 +0200 ++++ audit-1.5.4/lib/audit_logging.c 2008-04-12 23:51:50.000000000 +0200 +@@ -652,7 +652,10 @@ + } + + p = cmd; +- strcpy(commname, cmd); ++ if (len >= PATH_MAX) { ++ cmd[PATH_MAX] = 0; ++ len = PATH_MAX-1; ++ } + while (*p) { + if (*p == '"' || *p < 0x21 || (unsigned)*p > 0x7f) { + _audit_c2x(commname, cmd, len); --- audit-1.5.4.orig/debian/patches/series +++ audit-1.5.4/debian/patches/series @@ -0,0 +1,2 @@ +audit-1.5.1-dist.patch +CVE-2008-1628.patch --- audit-1.5.4.orig/debian/patches/audit-1.5.1-dist.patch +++ audit-1.5.4/debian/patches/audit-1.5.1-dist.patch @@ -0,0 +1,50 @@ +Add missing files noticed by "make dist" and "make distcheck" +Index: audit-1.5.4/auparse/Makefile.am +=================================================================== +--- audit-1.5.4.orig/auparse/Makefile.am 2007-06-18 22:43:06.000000000 +0200 ++++ audit-1.5.4/auparse/Makefile.am 2007-06-29 11:59:58.000000000 +0200 +@@ -23,14 +23,13 @@ + SUBDIRS = test + CONFIG_CLEAN_FILES = Makefile.in *.loT *.rej *.orig + AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE +-INCLUDES = -I. -I.. -I../src -I../lib -I${top_srcdir}/lib ++AM_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/lib ++noinst_HEADERS = captab.h clone-flagtab.h ellist.h famtab.h fcntl-cmdtab.h flagtab.h internal.h interpret.h ipctab.h nvlist.h nvpair.h open-flagtab.h private.h rlist.h rnode.h socktab.h typetab.h data_buf.h + LIBS = + lib_LTLIBRARIES = libauparse.la + include_HEADERS = auparse.h auparse-defs.h + libauparse_la_SOURCES = rlist.c nvpair.c interpret.c nvlist.c ellist.c \ +- auparse.c auditd-config.c message.c data_buf.c \ +- captab.h famtab.h flagtab.h ipctab.h socktab.h typetab.h \ +- open-flagtab.h clone-flagtab.h fcntl-cmdtab.h data_buf.h ++ auparse.c auditd-config.c message.c data_buf.c + libauparse_la_LIBADD = ${top_srcdir}/lib/libaudit.la + libauparse_la_DEPENDENCIES = $(libauparse_la_SOURCES) ../config.h + libauparse_la_LDFLAGS = -Wl,-z,relro +Index: audit-1.5.4/configure.ac +=================================================================== +--- audit-1.5.4.orig/configure.ac 2007-06-26 17:18:57.000000000 +0200 ++++ audit-1.5.4/configure.ac 2007-06-29 11:58:01.000000000 +0200 +@@ -37,7 +37,7 @@ + + AC_CANONICAL_TARGET + AM_INIT_AUTOMAKE +-AM_PROG_LIBTOOL ++AC_PROG_LIBTOOL + AC_SUBST(LIBTOOL_DEPS) + AM_PATH_PYTHON + +Index: audit-1.5.4/init.d/Makefile.am +=================================================================== +--- audit-1.5.4.orig/init.d/Makefile.am 2007-06-26 17:44:55.000000000 +0200 ++++ audit-1.5.4/init.d/Makefile.am 2007-06-29 12:00:55.000000000 +0200 +@@ -21,8 +21,8 @@ + # + + CONFIG_CLEAN_FILES = Makefile.in *.rej *.orig +-EXTRA_DIST = auditd.init auditd.sysconfig auditd.conf audit.rules auditd.cron + libconfig = libaudit.conf ++EXTRA_DIST = auditd.init auditd.sysconfig auditd.conf audit.rules auditd.cron $(libconfig) + dispconfig = audispd.conf + dispconfigdir = $(sysconfdir)/audisp + initdir=$(sysconfdir)/rc.d/init.d --- audit-1.5.4.orig/debian/docs +++ audit-1.5.4/debian/docs @@ -0,0 +1,2 @@ +README +TODO --- audit-1.5.4.orig/debian/changelog +++ audit-1.5.4/debian/changelog @@ -0,0 +1,51 @@ +audit (1.5.4-0ubuntu1.1) gutsy-security; urgency=low + + * SECURITY UPDATE: (LP: #216117) + + debian/patches/CVE-2008-1628.patch + - Stack-based buffer overflow in the audit_log_user_command function in + lib/audit_logging.c in Linux Audit before 1.7 might allow remote + attackers to execute arbitrary code via a long command argument. + * References + + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1628 + + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475227 + + -- Emanuele Gentili Sat, 12 Apr 2008 23:52:13 +0200 + +audit (1.5.4-0ubuntu1) gutsy; urgency=low + + * New upstream version. + * debian/patches/audit-1.5.1-dist.patch: + * update so that it applies for 1.5.4. + * debian/control: + * update Maintainer and XSBC-Original-Maintainer fields. + * debian/rules: + * enable apparmor support: add --with-apparmor to configure options. + + -- Mathias Gug Fri, 29 Jun 2007 13:05:14 +0200 + +audit (1.5.3-2) unstable; urgency=low + + * debian/auditd.init: Fix inverted AUDITD_CLEAN_STOP (Closes: #428066) + + -- Philipp Matthias Hahn Tue, 12 Jun 2007 22:33:56 +0200 + +audit (1.5.3-1) unstable; urgency=low + + * New upstream version + - Includes all debian/patches. + * Drop Build-Depends: linux-headers-2.6 + + -- Philipp Matthias Hahn Wed, 02 May 2007 09:10:06 +0200 + +audit (1.5.1-2) unstable; urgency=low + + * Apply patch from upstream to fix SEGFAULT on reload. + + -- Philipp Matthias Hahn Fri, 23 Mar 2007 22:16:24 +0100 + +audit (1.5.1-1) unstable; urgency=low + + * Initial release (Closes: #311214) + + -- Philipp Matthias Hahn Wed, 21 Mar 2007 09:47:19 +0100 + --- audit-1.5.4.orig/debian/auditd.examples +++ audit-1.5.4/debian/auditd.examples @@ -0,0 +1,3 @@ +contrib/capp.rules +contrib/lspp.rules +sample.rules --- audit-1.5.4.orig/debian/auditd.init +++ audit-1.5.4/debian/auditd.init @@ -0,0 +1,155 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: auditd +# Required-Start: $local_fs +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Audit Daemon +# Description: Collects audit information from Linux 2.6 Kernels. +### END INIT INFO + +# Author: Philipp Matthias Hahn +# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/bin +DESC="audit daemon" +NAME=auditd +DAEMON=/sbin/auditd +PIDFILE=/var/run/"$NAME".pid +SCRIPTNAME=/etc/init.d/"$NAME" + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME" + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE + case "$AUDITD_LANG" in + ""|none|NONE) ;; + *) export LC_ALL="$AUDITD_LANG" ;; + esac + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \ + $EXTRAOPTIONS \ + || return 2 + if [ -f /etc/audit/audit.rules ] + then + /sbin/auditctl -R /etc/audit/audit.rules >/dev/null + fi +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$PIDFILE" --name "$NAME" + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$DAEMON" + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f "$PIDFILE" + rm -f /var/run/audit_events + # Remove watches so shutdown works cleanly + case "$AUDITD_CLEAN_STOP" in + no|NO) ;; + *) /sbin/auditctl -D >/dev/null ;; + esac + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + rotate) + log_daemon_msg "Rotating $DESC logs" "$NAME" + start-stop-daemon --stop --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME" + log_end_msg $? + ;; + status) + pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null + status=$? + if [ $status -eq 0 ]; then + log_success_msg "$NAME is running." + else + log_failure_msg "$NAME is not running." + fi + exit $status + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2 + exit 3 + ;; +esac + +: --- audit-1.5.4.orig/debian/auditd.dirs +++ audit-1.5.4/debian/auditd.dirs @@ -0,0 +1 @@ +var/log/audit --- audit-1.5.4.orig/debian/auditd.default +++ audit-1.5.4/debian/auditd.default @@ -0,0 +1,12 @@ +# Add extra options here +EXTRAOPTIONS="" +# +# This is the locale information that audit uses. Its defaulted to en_US. +# To remove all locale information from audit's environment, set +# AUDITD_LANG to the empty string or the string "none". +AUDITD_LANG="en_US" +# +# This option is used to determine if rules & watches should be deleted on +# shutdown. This is beneficial in most cases so that a watch doesn't linger +# on a drive that is being unmounted. If set to no, it will NOT be cleaned up. +AUDITD_CLEAN_STOP="yes" --- audit-1.5.4.orig/debian/libaudit-dev.links +++ audit-1.5.4/debian/libaudit-dev.links @@ -0,0 +1,2 @@ +lib/libaudit.so.0 usr/lib/libaudit.so +lib/libauparse.so.0 usr/lib/libauparse.so --- audit-1.5.4.orig/debian/audispd.8 +++ audit-1.5.4/debian/audispd.8 @@ -0,0 +1,26 @@ +.TH "AUDISPD" "8" "Jun 2007" "Red Hat" "System Administration Utilities" +.SH NAME +audispd \- The Linux Audit Dispatcher daemon + +.SH SYNOPSIS +.B audispd + +.SH DESCRIPTION +\fBaudispd\fP is one userspace component of the Linux Auditing System. It's responsible for dispatching audit records to the disk. +.P +The dispatcher is a program that is started by the audit daemon when it starts up. +It will pass a copy of all audit events to that application's stdin. + +.SH SIGNALS +.TP +SIGTERM, SIGCHLD +terminates the daemon. +.TP +SIGHUP +is ignored. + +.SH "SEE ALSO" +.BR auditd (8). + +.SH AUTHOR +Steve Grubb --- audit-1.5.4.orig/debian/compat +++ audit-1.5.4/debian/compat @@ -0,0 +1 @@ +5 --- audit-1.5.4.orig/debian/auditd.postrm +++ audit-1.5.4/debian/auditd.postrm @@ -0,0 +1,37 @@ +#!/bin/sh +# postrm script for auditd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +case "$1" in + purge) + rm -rf /var/log/audit + rm -f /var/run/audit_events + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac --- audit-1.5.4.orig/debian/watch +++ audit-1.5.4/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://people.redhat.com/sgrubb/audit/ audit-(.*)\.tar\.gz --- audit-1.5.4.orig/debian/copyright +++ audit-1.5.4/debian/copyright @@ -0,0 +1,23 @@ +This package was debianized by Philipp Matthias Hahn on +Wed, 21 Mar 2007 09:47:19 +0100. + +It was downloaded from http://people.redhat.com/sgrubb/audit/ + +Upstream Author: Rik Faith + Steve Grubb + +Copyright: 2005-2007 Steve Grubb + +License: + +The audit daemon is released as GPL'd code. The audit daemon's library +libaudit.* is released under LGPL so that it may be linked with 3rd +party software. + +The Debian packaging is (C) 2007, Philipp Matthias Hahn and +is licensed under the GPL. + +On Debian systems, refer to /usr/share/common-licenses/LGPL-2.1 +for the complete text of the GNU Lesser General Public License. +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL file.