10:42 p.m.
Hello Steve,
CC Miloslav,
Option '-i' cannot be used, because the check about option '-R'
in main() is wrong.
When check option '-R', we should consider whether option '-i'
is specified.
Using option '-i' with '-R' should ignore errors when reading
rules from file rather than reporting error message
"Error - nested rule files not supported".
This is a patch to fix the bug of audit-1.7.4.
Signed-off-by: Yu Zhiguo<yuzg(a)cn.fujitsu.com>
---
src/auditctl.c | 45 +++++++++++++++++++++++++--------------------
1 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..ac20fdc 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1089,39 +1089,44 @@ int main(int argc, char *argv[])
set_aumessage_mode(MSG_STDERR, DBG_NO);
- /* Check where the rules are coming from: commandline or file */
- if ((argc == 3) && (strcmp(argv[1], "-R") == 0)) {
+ if (argc == 1) {
+ usage();
+ return 1;
+ }
#ifndef DEBUG
- /* Make sure we are root */
- if (getuid() != 0) {
- fprintf(stderr,
- "You must be root to run this program.\n");
- return 4;
- }
+ /* Make sure we are root */
+ if (getuid()) {
+ fprintf(stderr,
+ "You must be root to run this program.\n");
+ return 4;
+ }
#endif
+
+ /* Check where the rules are coming from: commandline or file */
+ if ((argc == 3) && (!strcmp(argv[1], "-R"))) {
if (fileopt(argv[2]))
return 1;
else
return 0;
- } else {
- if (argc == 1) {
- usage();
+ } else if ((argc == 4) &&
+ ((!strcmp(argv[1], "-R") && !strcmp(argv[3], "-i")) ||
+ (!strcmp(argv[2], "-R") && !strcmp(argv[1], "-i")))) {
+ ignore = 1;
+ if (!strcmp(argv[1], "-R"))
+ retval = fileopt(argv[2]);
+ else retval = fileopt(argv[3]);
+ if (retval)
return 1;
- }
-#ifndef DEBUG
- /* Make sure we are root */
- if (getuid() != 0) {
- fprintf(stderr,
- "You must be root to run this program.\n");
- return 4;
- }
-#endif
+ else
+ return 0;
+ } else {
if (reset_vars())
return 1;
retval = setopt(argc, argv);
if (retval == -3)
return 0;
}
+
return handle_request(retval);
}
7:53 p.m.
Hello Mr. Steve,
What's you opinion about this patch.
I think option '-i' should can be used with option '-R file',
This is its function.
If I'm wrong, please correct me, thanks.
------------------
Yu Zhiguo wrote:
Hello Steve,
CC Miloslav,
Option '-i' cannot be used, because the check about option '-R'
in main() is wrong.
When check option '-R', we should consider whether option '-i'
is specified.
Using option '-i' with '-R' should ignore errors when reading
rules from file rather than reporting error message
"Error - nested rule files not supported".
This is a patch to fix the bug of audit-1.7.4.
Signed-off-by: Yu Zhiguo<yuzg(a)cn.fujitsu.com>
---
src/auditctl.c | 45 +++++++++++++++++++++++++--------------------
1 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..ac20fdc 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1089,39 +1089,44 @@ int main(int argc, char *argv[])
set_aumessage_mode(MSG_STDERR, DBG_NO);
- /* Check where the rules are coming from: commandline or file */
- if ((argc == 3) && (strcmp(argv[1], "-R") == 0)) {
+ if (argc == 1) {
+ usage();
+ return 1;
+ }
#ifndef DEBUG
- /* Make sure we are root */
- if (getuid() != 0) {
- fprintf(stderr,
- "You must be root to run this program.\n");
- return 4;
- }
+ /* Make sure we are root */
+ if (getuid()) {
+ fprintf(stderr,
+ "You must be root to run this program.\n");
+ return 4;
+ }
#endif
+
+ /* Check where the rules are coming from: commandline or file */
+ if ((argc == 3) && (!strcmp(argv[1], "-R"))) {
if (fileopt(argv[2]))
return 1;
else
return 0;
- } else {
- if (argc == 1) {
- usage();
+ } else if ((argc == 4) &&
+ ((!strcmp(argv[1], "-R") && !strcmp(argv[3], "-i"))
||
+ (!strcmp(argv[2], "-R") && !strcmp(argv[1], "-i"))))
{
+ ignore = 1;
+ if (!strcmp(argv[1], "-R"))
+ retval = fileopt(argv[2]);
+ else retval = fileopt(argv[3]);
+ if (retval)
return 1;
- }
-#ifndef DEBUG
- /* Make sure we are root */
- if (getuid() != 0) {
- fprintf(stderr,
- "You must be root to run this program.\n");
- return 4;
- }
-#endif
+ else
+ return 0;
+ } else {
if (reset_vars())
return 1;
retval = setopt(argc, argv);
if (retval == -3)
return 0;
}
+
return handle_request(retval);
}
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
1:22 p.m.
Hello Yu,
On Friday 18 July 2008 23:42:01 Yu Zhiguo wrote:
Option '-i' cannot be used, because the check about option
'-R'
in main() is wrong.
When check option '-R', we should consider whether option '-i'
is specified.
I was just looking at this patch. The intention with the -R option is for it
to be given saying that all options will be read from the file. You should be
able to place "-i" on a line by itself within the file and it should ignore
errors. This would be similar to the way the -D option is given by itself
near the top of a typical rule file.
I agree with some of the cleanup that this patch suggests and will apply that
part. But I think the intent was for "-i" to be in the file and not the
command line.
Thanks,
-Steve
9:48 p.m.
Hello Steve,
Steve Grubb worte:
I was just looking at this patch. The intention with the -R option is
for it
to be given saying that all options will be read from the file. You should be
able to place "-i" on a line by itself within the file and it should ignore
errors. This would be similar to the way the -D option is given by itself
near the top of a typical rule file.
Thanks for your detailed explanation. I think I understand the usage about
option '-i' now.
I agree with some of the cleanup that this patch suggests and will
apply that
part. But I think the intent was for "-i" to be in the file and not the
command line.
ok, thanks..
--
Regards
Yu Zhiguo
5993
days inactive
6000
days old
linux-audit@lists.linux-audit.osci.io
3 comments
2 participants
participants (2)
-
Steve Grubb -
Yu Zhiguo