Re: audit 2.5.1 released
Dear Steve,thanks for your helpful observations. I was able to modify the PKGBUILD and
successfully build the package, and then build e4rat-lite which was my ultimate aim. Sadly
it didn't seem to work in Arch Linux due to the kernel config options,
e4rat-lite-collect didn't collect anything, complained about being unable to log
anything due to a bad file descriptor and there was a message at boot saying Cannot open
audit socket, which was similar to what auditctl said in the terminal. Of course it might
work and I've got something else wrong, it doesn't look encouraging though without
CONFIG_AUDIT enabled. But I was just looking at my Void Linux kernel
options:CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
This looks more promising so I will have to try it here instead sometime, although what I
will have to build to fulfill the various builddeps I don't yet know. Would it be OK
if I tried to make an 'audit' package for Void Linux if they want one? There
isn't one in the repo at present, so if I get a working build then I might as well
share it. It could take a while to get to that point though, and that's assuming I can
get everything to work in Void and don't end up using some other readahead utility
altogether or accidentally corrupting my filesystem. But I can be happy I'm building
audit correctly now.I will try and pass on your comments about zos servers and
openldap-devel to the Arch packagers as I can only take credit for the confusion over the
systemd support option in my earlier PKGBUILD.
Here's my successful modified PKGBUILD with the correct checksum for 2.5.1, which
downloads and builds cleanly:# Edit /etc/makepkg.conf: staticlibs not !staticlibs or they
are deleted by makepkg.
# $Id: PKGBUILD 146469 2015-11-10 05:04:55Z thestinger $
# Maintainer: Daniel Micay <danielmicay(a)gmail.com>
# Contributor: <kang(a)insecure.ws>
# Contributor: Massimiliano Torromeo <massimiliano.torromeo(a)gmail.com>
# Contributor: Connor Behan <connor.behan(a)gmail.com>
# Contributor: henning mueller <henning(a)orgizm.net>
pkgname=audit
pkgver=2.5.1
pkgrel=1
pkgdesc='Userspace components of the audit framework'
url='https://people.redhat.com/sgrubb/audit'
arch=(i686 x86_64)
depends=(krb5 libcap-ng)
makedepends=(libldap swig linux-headers python)
license=(GPL)
options=(emptydirs)
groups=('modified')
backup=(
etc/libaudit.conf
etc/audit/auditd.conf
etc/audisp/audispd.conf
etc/audisp/audisp-remote.conf
etc/audisp/plugins.d/af_unix.conf
etc/audisp/plugins.d/au-remote.conf
etc/audisp/plugins.d/syslog.conf
)
source=("$url/$pkgname-$pkgver.tar.gz")
sha256sums=('3c6ec72d8c16d1e85cc2b9c260cc6440319eb294cb54ca41a7bbe9283cc9f421')
install=$pkgname.install
build() {
cd $pkgname-$pkgver
export PYTHON=/usr/bin/python3
./configure \
--prefix=/usr \
--sbindir=/usr/bin \
--sysconfdir=/etc \
--libexecdir=/usr/lib/audit \
--with-python=yes \
--enable-gssapi-krb5=yes \
--enable-systemd=no \
--with-libcap-ng=yes \
--disable-zos-remote \
--enable-static=yes
make
}
package() {
cd $pkgname-$pkgver
make DESTDIR="$pkgdir" install
cd "$pkgdir"
install -d var/log/audit
rm -rf etc/rc.d etc/sysconfig usr/lib/audit
sed -ri 's|/sbin|/usr/bin|' \
etc/audit/*.conf \
etc/audisp/plugins.d/*.conf
Attachments:
- attachment.html (text/html — 7.1 KB)