This patch brings the Makefiles and spec files integration. The spec file builds the policy module for strict, targeted and mls modules, installing the compiled .pp files into /usr/share/selinux/{mls,strict,targeted}/racf.pp. The mechanics for doing this is based on http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules, but with a little change on how to get the %{selinux_policyver} variable (reason: wasn't able to load policy built on RHEL5.1 on RHEL5 GA, even though the policy version is the same - so we must also track for package releases). Using rpm to query the selinux-policy package version inside a spec file is ugly - I know. Please tell me if you think of a better approach. Signed-off-by: Klaus Heinrich Kiwi <klausk(a)br.ibm.com&gt; diff -purN audit-1.6.2/audisp/plugins/Makefile.am audit-1.6.2_racf/audisp/plugins/Makefile.am --- audit-1.6.2/audisp/plugins/Makefile.am 2007-09-12 14:25:13.000000000 -0300 +++ audit-1.6.2_racf/audisp/plugins/Makefile.am 2007-10-10 10:26:18.000000000 -0300 @@ -22,5 +22,5 @@ CONFIG_CLEAN_FILES = Makefile.in *.loT *.rej *.orig -SUBDIRS = builtins ids remote +SUBDIRS = builtins ids remote racf diff -purN audit-1.6.2/audisp/plugins/racf/Makefile.am audit-1.6.2_racf/audisp/plugins/racf/Makefile.am --- audit-1.6.2/audisp/plugins/racf/Makefile.am 1969-12-31 21:00:00.000000000 -0300 +++ audit-1.6.2_racf/audisp/plugins/racf/Makefile.am 2007-10-10 10:26:18.000000000 -0300 @@ -0,0 +1,47 @@ +# Makefile.am-- +# Copyright (C) 2007 International Business Machines Corp. +# All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Authors: +# Klaus Heinrich Kiwi <klausk(a)br.ibm.com&gt; +# + +INCLUDES = -I.. -I${top_srcdir}/lib -I${top_srcdir}/auparse +CONFIG_CLEAN_FILES = Makefile.in *.rej *.orig +AUTOMAKE_OPTIONS = no-dependencies +EXTRA_DIST = racf.conf audisp-racf.conf policy/racf.te policy/racf.fc policy/racf.if \ + policy/build.sh policy/install.sh +LIBS = -L${top_srcdir}/auparse -lauparse +LDADD = -lpthread -lldap -llber +disp_confdir = $(sysconfdir)/audisp +plugin_confdir=$(disp_confdir)/plugins.d +racf_plugin_conf = racf.conf +racf_disp_conf = audisp-racf.conf +sbin_PROGRAMS = audisp-racf + +noinst_HEADERS = racf-log.h racf-ldap.h racf-config.h racf-queue.h +audisp_racf_SOURCES = racf-plugin.c racf-log.c racf-ldap.c racf-config.c racf-queue.c +audisp_racf_CFLAGS = -W -Wall -Wundef -D_GNU_SOURCE + +install-data-hook: + mkdir -p -m 0750 ${DESTDIR}${plugin_confdir} + $(INSTALL_DATA) -D -m 640 ${srcdir}/$(racf_plugin_conf) ${DESTDIR}${disp_confdir} + $(INSTALL_DATA) -D -m 640 ${srcdir}/$(racf_disp_conf) ${DESTDIR}${plugin_confdir} + +uninstall-hook: + rm ${DESTDIR}${plugin_confdir}/$(racf_disp_conf) + rm ${DESTDIR}${disp_confdir}/$(racf_plugin_conf) diff -purN audit-1.6.2/audit.spec audit-1.6.2_racf/audit.spec --- audit-1.6.2/audit.spec 2007-09-25 08:46:49.000000000 -0300 +++ audit-1.6.2_racf/audit.spec 2007-10-10 10:48:58.000000000 -0300 @@ -1,4 +1,6 @@ %define sca_version 0.4.3 +%define selinux_variants mls strict targeted +%define selinux_policyver %(rpm -q selinux-policy | sed -e 's,^selinux-policy-\\([^/]*\\)$,\\1,') Summary: User space tools for 2.6 kernel auditing Name: audit @@ -53,18 +55,26 @@ Requires: %{name}-libs = %{version}-%{re The audit-libs-python package contains the bindings so that libaudit and libauparse can be used by python. -##%package -n audispd-plugins -##Summary: Plugins for the audit event dispatcher -##License: GPLv2+ -##Group: System Environment/Daemons -##Requires: %{name} = %{version}-%{release} -##Requires: %{name}-libs = %{version}-%{release} - -##%description -n audispd-plugins -##The audispd-plugins package provides plugins for the real-time -##interface to the audit system, audispd. These plugins can do things -##like relay events to remote machines or analyze events for suspicious -##behavior. +%package -n audispd-plugins +Summary: Plugins for the audit event dispatcher +License: GPLv2+ +Group: System Environment/Daemons +BuildRequires: openldap-devel rpm +BuildRequires: checkpolicy selinux-policy-devel +Requires: %{name} = %{version}-%{release} +Requires: %{name}-libs = %{version}-%{release} +Requires: openldap +%if "%{selinux_policyver}" != "" +Requires: selinux-policy >= %{selinux_policyver} +%endif +Requires(post): /usr/sbin/semodule /sbin/restorecon +Requires(postun): /usr/sbin/semodule + +%description -n audispd-plugins +The audispd-plugins package provides plugins for the real-time +interface to the audit system, audispd. These plugins can do things +like relay events to remote machines or analyze events for suspicious +behavior. %package -n system-config-audit Summary: Utility for editing audit configuration @@ -78,12 +88,22 @@ An utility for editing audit configurati %prep %setup -q +mkdir racf-policy +cp -p audisp/plugins/racf/policy/racf.* racf-policy %build (cd system-config-audit; ./autogen.sh) aclocal && autoconf && autoheader && automake %configure --sbindir=/sbin --libdir=/%{_lib} make +cd racf-policy +for selinuxvariant in %{selinux_variants} +do + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile + mv racf.pp racf.pp.${selinuxvariant} + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean +done +cd - %install rm -rf $RPM_BUILD_ROOT @@ -94,6 +114,12 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audi mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit make DESTDIR=$RPM_BUILD_ROOT install make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora +for selinuxvariant in %{selinux_variants} +do + install -d $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant} + install -p -m 644 racf-policy/racf.pp.${selinuxvariant} \ + $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant}/racf.pp +done mkdir -p $RPM_BUILD_ROOT/%{_libdir} # This winds up in the wrong place when libtool is involved @@ -124,13 +150,24 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/et # Remove the plugin stuff for now rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/au-ids.conf rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/remote.conf +##rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/audisp-racf.conf +##rm -f $RPM_BUILD_ROOT/etc/audisp/racf.conf rm -f $RPM_BUILD_ROOT/sbin/audisp-ids +##rm -f $RPM_BUILD_ROOT/sbin/audisp-racf %clean rm -rf $RPM_BUILD_ROOT %post libs -p /sbin/ldconfig +%post -n audispd-plugins +for selinuxvariant in %{selinux_variants} +do + /usr/sbin/semodule -s $selinuxvariant \ + -i %{_datadir}/selinux/$selinuxvariant/racf.pp &> /dev/null || : +done +/sbin/restorecon -F /sbin/audisp-racf /etc/audisp/racf.conf + %post /sbin/chkconfig --add auditd if [ -f /etc/auditd.conf ]; then @@ -157,6 +194,14 @@ fi %postun libs /sbin/ldconfig 2>/dev/null +%postun -n audispd-plugins +if [ $1 -eq 0 ]; then + for selinuxvariant in %{selinux_variants} + do + /usr/sbin/semodule -s $selinuxvariant -r racf &>/dev/null || : + done +fi + %postun if [ $1 -ge 1 ]; then /sbin/service auditd condrestart > /dev/null 2>&1 || : @@ -189,8 +234,14 @@ fi %files %defattr(-,root,root,-) %doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules init.d/auditd.cron -%attr(0644,root,root) %{_mandir}/man8/* -%attr(0644,root,root) %{_mandir}/man5/* +%attr(0644,root,root) %{_mandir}/man8/audispd.8.gz +%attr(0644,root,root) %{_mandir}/man8/auditctl.8.gz +%attr(0644,root,root) %{_mandir}/man8/auditd.8.gz +%attr(0644,root,root) %{_mandir}/man8/aureport.8.gz +%attr(0644,root,root) %{_mandir}/man8/ausearch.8.gz +%attr(0644,root,root) %{_mandir}/man8/autrace.8.gz +%attr(0644,root,root) %{_mandir}/man5/auditd.conf.5.gz +%attr(0644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(750,root,root) /sbin/auditctl %attr(750,root,root) /sbin/auditd %attr(755,root,root) /sbin/ausearch @@ -210,11 +261,17 @@ fi %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf -##%files -n audispd-plugins -##%defattr(-,root,root,-) +%files -n audispd-plugins +%defattr(-,root,root,-) +%attr(0644,root,root) %{_mandir}/man8/audisp-racf.8.gz +%attr(0644,root,root) %{_mandir}/man5/racf.conf.5.gz ##%attr(640,root,root) /etc/audisp/plugins.d/au-ids.conf ##%attr(640,root,root) /etc/audisp/plugins.d/remote.conf +%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audisp-racf.conf +%config(noreplace) %attr(640,root,root) /etc/audisp/racf.conf ##%attr(750,root,root) /sbin/audisp-ids +%attr(750,root,root) /sbin/audisp-racf +%attr(0755,root,root) %{_datadir}/selinux/*/racf.pp %files -n system-config-audit -f system-config-audit.lang %defattr(-,root,root,-) diff -purN audit-1.6.2/configure.ac audit-1.6.2_racf/configure.ac --- audit-1.6.2/configure.ac 2007-09-12 14:26:41.000000000 -0300 +++ audit-1.6.2_racf/configure.ac 2007-10-10 10:26:18.000000000 -0300 @@ -109,7 +109,7 @@ if test x$use_apparmor != xno ; then AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi AC_CONFIG_SUBDIRS([system-config-audit]) -AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile bindings/Makefile bindings/python/Makefile) +AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/ids/Makefile audisp/plugins/remote/Makefile audisp/plugins/racf/Makefile bindings/Makefile bindings/python/Makefile) echo . echo "