Please merge audit 1:2.3.2-2 (main) from Debian testing (main)

Bug #1251795 reported by Tyler Hicks on 2013-11-16
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
audit (Ubuntu)
Wishlist
Unassigned

Bug Description

By merging from Debian, we will be able to drop a number of patches that have been pushed upstream and adopt the new upstream way of supporting an audit rules directory (/etc/audit/rules.d/).

Tyler Hicks (tyhicks) wrote :

Please double check how I'm handling the conffile changes before sponsoring. Thanks!

Tyler Hicks (tyhicks) wrote :

I've opened Debian bug 729704 to forward the following change:

  * debian/auditd.init: The start command now requires $remote_fs to be
    started because it may call /bin/augenrules, which depends on
    /usr/bin/awk. $PATH must also be updated so that augenrules can find awk.

Tyler Hicks (tyhicks) wrote :

I've subscribed the Goobuntu Team since they were subscribed to bug 730872, which added in the Ubuntu-specific audit rules directory support. My debdiff will remove that in favor of the newly upstream rules directory support.

Changed in audit (Ubuntu):
status: In Progress → Confirmed
assignee: Tyler Hicks (tyhicks) → nobody
James Page (james-page) wrote :

@Tyler

Thanks for the merge; can I confirm what the intended behaviour is? My understanding from the changelog comment was that if I upgraded from the current version in trusty to this new version, then I would end up with audit.rules in /etc/audit/rules.d and USE_AUGENRULES="yes" in /etc/default/auditd.

As this did not happen, I'm either missing the intent of the migration or its not working as intended.

Changed in audit (Ubuntu):
status: Confirmed → Incomplete

On 2013-11-18 10:33:34, James Page wrote:
> @Tyler
>
> Thanks for the merge; can I confirm what the intended behaviour is? My
> understanding from the changelog comment was that if I upgraded from the
> current version in trusty to this new version, then I would end up with
> audit.rules in /etc/audit/rules.d and USE_AUGENRULES="yes" in
> /etc/default/auditd.

Here's the relevant snippet from the changelog:

  When upgrading from a version without augenrules, check for a
  pre-existing rules directory (/etc/audit/rules.d/). If it exists and is
  populated with rules files, move /etc/audit/audit.rules to
  /etc/audit/rules.d/audit.rules and set USE_AUGENRULES to "yes".

So, you should only have audit.rules in rules.d/ and USE_AUGENRULES="yes" if
you already had a rules.d/ directory populated with rules files. The vast
majority of users will not have a rules.d/ directory and I suspect that is the
case with your system, too.

Tyler Hicks (tyhicks) on 2013-11-27
Changed in audit (Ubuntu):
status: Incomplete → Confirmed
Iain Lane (laney) wrote :

James, please could you take another look?

Marc Deslauriers (mdeslaur) wrote :

Debdiff looks good, and upgrades appear to work as intended.

ACK, thanks!

I've uploaded it to trusty.

Changed in audit (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (4.6 KiB)

This bug was fixed in the package audit - 1:2.3.2-2ubuntu1

---------------
audit (1:2.3.2-2ubuntu1) trusty; urgency=low

  * Migrate from the Ubuntu-specific way of providing a rules directory
    (/etc/audit/rules.d/) to the new, upstream rules directory feature based
    on /sbin/augenrules. If USE_AUGENRULES is set to "yes" in
    /etc/default/auditd, then the auditd init script will use
    /etc/audit/rules.d/*.rules files to generate /etc/audit/audit.rules.
    Instead of generating the /etc/audit/audit.rules file, the old
    Ubuntu-specific way of handling a rules directory parsed
    /etc/audit/audit.rules, in addition to the /etc/audit/rules.d/*.rules
    files.
    - debian/auditd.preinst, debian/auditd.postinst, debian/auditd.postrm:
      When upgrading from a version without augenrules, check for a
      pre-existing rules directory (/etc/audit/rules.d/). If it exists and is
      populated with rules files, move /etc/audit/audit.rules to
      /etc/audit/rules.d/audit.rules and set USE_AUGENRULES to "yes". This
      migration logic should be dropped after the 14.04 release.
  * Merge from Debian testing (LP: #1251795). Remaining changes:
    - debian/rules: Disable auditd network listener, with --disable-listener,
      to reduce the risk of a remote attack on auditd, which runs as root
    - debian/control, debian/rules: Remove libwrap0-dev Build-Dependency and
      --with-libwrap configure argument since libwrap is only used by the
      auditd network listener
  * Dropped changes:
    - debian/auditd.init: apply the intent of Peter Moody's patch to add
      support for rules.d directory for splitting out audit.d rules
      + The new augenrules tool, called from the init script, replaces this
    - debian/control: The upstream audit sources embed and build against their
      own version of libev. This is not desirable, but there's no reason to
      list libev-dev as a build dependency at this time.
      + Debian commented out the libev Build-Dependency
    - debian/patches/FTBFS-python-multiarch.diff: No longer needed
    - debian/patches/fix-asprintf-warnings.patch,
      debian/patches/fix-unused-result-warnings.patch
      debian/patches/fix-discards-const-qualifier-warnings.patch: Present in
      upstream release
  * debian/auditd.init: The start command now requires $remote_fs to be
    started because it may call /bin/augenrules, which depends on
    /usr/bin/awk. $PATH must also be updated so that augenrules can find awk.

audit (1:2.3.2-2) unstable; urgency=low

  * QA upload.
  * Upload to unstable.

audit (1:2.3.2-1) experimental; urgency=low

  * QA upload.
  * New upstream release
  * debian/control, debian/rules: Add support for dh-systemd
  * debian/rules: Call dh_installinit with --restart-after-upgrade to minimize
    downtime
  * debian/patches/01-no-refusemanualstop.patch: Remove RefuseManualStop=yes
    option, this is preventing the auditd daemoin to be restarted on upgrade

audit (1:2.3.1-1) experimental; urgency=low

  * QA upload.
  * New upstream release
    - debian/libauparse0.symbols: Adjust .symbols file
  * debian/control: Bump Standards-Version to 3.9.4 (no further changes)
  * debian/con...

Read more...

Changed in audit (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers