On Saturday, April 30, 2016 09:29:18 PM Manuel Scunthorpe wrote:
Dear Steve,thanks for your helpful observations. I was able to modify
the
PKGBUILD and successfully build the package, and then build e4rat-lite
which was my ultimate aim. Sadly it didn't seem to work in Arch Linux due
to the kernel config options, e4rat-lite-collect didn't collect anything,
complained about being unable to log anything due to a bad file descriptor
and there was a message at boot saying Cannot open audit socket, which was
similar to what auditctl said in the terminal. Of course it might work and
I've got something else wrong, it doesn't look encouraging though without
CONFIG_AUDIT enabled. But I was just looking at my Void Linux kernel
options:CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
This looks more promising so I will have to try it here instead sometime,
although what I will have to build to fulfill the various builddeps I don't
yet know. Would it be OK if I tried to make an 'audit' package for Void
Linux if they want one?
Sure.
There isn't one in the repo at present, so if I get
a working build then I might as well share it. It could take a while to get
to that point though, and that's assuming I can get everything to work in
Void and don't end up using some other readahead utility altogether or
accidentally corrupting my filesystem. But I can be happy I'm building
audit correctly now.I will try and pass on your comments about zos servers
and openldap-devel to the Arch packagers as I can only take credit for the
confusion over the systemd support option in my earlier PKGBUILD.
Here's my successful modified PKGBUILD with the correct checksum for 2.5.1,
which downloads and builds cleanly:# Edit /etc/makepkg.conf: staticlibs not
!staticlibs or they are deleted by makepkg.
# $Id: PKGBUILD 146469 2015-11-10 05:04:55Z thestinger $
# Maintainer: Daniel Micay <danielmicay(a)gmail.com>
# Contributor: <kang(a)insecure.ws>
# Contributor: Massimiliano Torromeo <massimiliano.torromeo(a)gmail.com>
# Contributor: Connor Behan <connor.behan(a)gmail.com>
# Contributor: henning mueller <henning(a)orgizm.net>
pkgname=audit
pkgver=2.5.1
pkgrel=1
pkgdesc='Userspace components of the audit framework'
url='https://people.redhat.com/sgrubb/audit'
arch=(i686 x86_64)
depends=(krb5 libcap-ng)
makedepends=(libldap swig linux-headers python)
You can drop libldap since you disable zos support below. Its harmless as is
but not necessary for the configure options below.
-Steve
license=(GPL)
options=(emptydirs)
groups=('modified')
backup=(
etc/libaudit.conf
etc/audit/auditd.conf
etc/audisp/audispd.conf
etc/audisp/audisp-remote.conf
etc/audisp/plugins.d/af_unix.conf
etc/audisp/plugins.d/au-remote.conf
etc/audisp/plugins.d/syslog.conf
)
source=("$url/$pkgname-$pkgver.tar.gz")
sha256sums=('3c6ec72d8c16d1e85cc2b9c260cc6440319eb294cb54ca41a7bbe9283cc9f42
1') install=$pkgname.install
build() {
cd $pkgname-$pkgver
export PYTHON=/usr/bin/python3
./configure \
--prefix=/usr \
--sbindir=/usr/bin \
--sysconfdir=/etc \
--libexecdir=/usr/lib/audit \
--with-python=yes \
--enable-gssapi-krb5=yes \
--enable-systemd=no \
--with-libcap-ng=yes \
--disable-zos-remote \
--enable-static=yes
make
}
package() {
cd $pkgname-$pkgver
make DESTDIR="$pkgdir" install
cd "$pkgdir"
install -d var/log/audit
rm -rf etc/rc.d etc/sysconfig usr/lib/audit
sed -ri 's|/sbin|/usr/bin|' \
etc/audit/*.conf \
etc/audisp/plugins.d/*.conf