1 files changed, 102 insertions, 0 deletions

diff --git a/meta-security/recipes-security/audit/audit_2.3.2.bb b/meta-security/recipes-security/audit/audit_2.3.2.bb
new file mode 100644
index 000000000..1d7ea0f0a
--- /dev/null
+++ b/meta-security/recipes-security/audit/audit_2.3.2.bb
@@ -0,0 +1,102 @@
+SUMMARY = "User space tools for kernel auditing"
+DESCRIPTION = "The audit package contains the user space utilities for \
+storing and searching the audit records generated by the audit subsystem \
+in the Linux kernel."
+HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
+SECTION = "base"
+PR = "r8"
+LICENSE = "GPLv2+ & LGPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
+	   file://disable-ldap.patch \
+	   file://audit-python.patch \
+	   file://audit-python-configure.patch \
+	   file://audit-for-cross-compiling.patch \
+	   file://auditd \
+	   file://fix-swig-host-contamination.patch \
+	   file://auditd.service \
+	   file://audit-volatile.conf \
+"
+SRC_URI_append_arm = "file://add-system-call-table-for-ARM.patch"
+
+inherit autotools pythonnative update-rc.d systemd
+
+UPDATERCPN = "auditd"
+INITSCRIPT_NAME = "auditd"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_SERVICE_${PN} = "auditd.service"
+
+SRC_URI[md5sum] = "4e8d065b5cc16b77b9b61e93a9ed160e"
+SRC_URI[sha256sum] = "8872e0b5392888789061db8034164305ef0e1b34543e1e7004d275f039081d29"
+
+DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
+
+EXTRA_OECONF += "--without-prelude \
+	--with-libwrap \
+	--enable-gssapi-krb5=no \
+	--without-ldap \
+	--with-libcap-ng=yes \
+	--with-python=yes \
+	--libdir=${base_libdir} \
+	--sbindir=${base_sbindir} \
+	"
+EXTRA_OECONF_append_arm = " --with-armeb=yes"
+
+EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
+	PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
+	pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+	STDINC='${STAGING_INCDIR}' \
+	"
+
+SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
+DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
+interface to the audit system, audispd. These plugins can do things \
+like relay events to remote machines or analyze events for suspicious \
+behavior."
+
+PACKAGES =+ "audispd-plugins"
+PACKAGES += "auditd ${PN}-python"
+
+FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
+FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
+FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
+	${sysconfdir}/audisp/plugins.d/au-remote.conf \
+	${sbindir}/audisp-remote ${localstatedir}/spool/audit \
+	"
+FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
+FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
+FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
+
+CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
+RDEPENDS_auditd += "bash"
+
+do_install_append() {
+	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
+	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
+
+	# reuse auditd config
+	[ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
+	mv ${D}/etc/sysconfig/auditd ${D}/etc/default
+	rmdir ${D}/etc/sysconfig/
+
+	# replace init.d
+	install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
+	rm -rf ${D}/etc/rc.d
+
+	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+		install -d ${D}${sysconfdir}/tmpfiles.d/
+		install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
+	fi
+	
+	# install systemd unit files
+	install -d ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
+
+	chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
+	chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
+
+	# Based on the audit.spec "Copy default rules into place on new installation"
+	cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
+}