On Saturday 22 November 2008 09:49:46 am Steve Grubb wrote: > I fixed all the issues pointed out in the comments. I will update the patch > and resend soon.
Sorry about the delay...but I think I have it working as you had suggested. To add audit support, it will automatically include it if it finds libaudit or if you add --with-libaudit=no it will disable support even if the libraries are present. Audit 1.7.9 and later releases expect and can use the events defined in this patch: SYSTEM_STARTUP, RUNLEVEL_CHANGE, SYSTEM_SHUTDOWN. These events are required to aid audit session analysis by programs like aulast. Without it there are no defined boundaries where the system is known to be up or down. Thanks, -Steve Grubb diff -urpN upstart-0.5.0.orig/config.h.in upstart-0.5.0/config.h.in --- upstart-0.5.0.orig/config.h.in 2008-11-05 14:08:00.000000000 -0500 +++ upstart-0.5.0/config.h.in 2008-11-22 09:53:33.000000000 -0500 @@ -254,6 +254,9 @@ /* Define to 1 if your C compiler doesn't accept -c and -o together. */ #undef NO_MINUS_C_MINUS_O +/* Define to 1 if you want audit support */ +#undef HAVE_LIBAUDIT + /* Name of package */ #undef PACKAGE diff -urpN upstart-0.5.0.orig/configure.ac upstart-0.5.0/configure.ac --- upstart-0.5.0.orig/configure.ac 2008-11-05 14:08:00.000000000 -0500 +++ upstart-0.5.0/configure.ac 2009-01-14 11:48:58.000000000 -0500 @@ -20,6 +20,7 @@ AC_PROG_LIBTOOL # Checks for libraries. NIH_INIT([dbus]) +LINUX_AUDIT # Checks for header files. diff -urpN upstart-0.5.0.orig/m4/libaudit.m4 upstart-0.5.0/m4/libaudit.m4 --- upstart-0.5.0.orig/m4/libaudit.m4 1969-12-31 19:00:00.000000000 -0500 +++ upstart-0.5.0/m4/libaudit.m4 2009-01-14 11:51:54.000000000 -0500 @@ -0,0 +1,25 @@ +# libaudit.m4 - Checks for the Linux Audit System support +# Copyright (c) 2009 Steve Grubb [email protected] +# +AC_DEFUN([LINUX_AUDIT], +[ + AC_ARG_WITH(libaudit, + [ --with-libaudit=[auto/yes/no] Add Linux audit support [default=auto]],, + with_libaudit=auto) + + # Check for Linux auditing API + # + # libaudit detection + + if test x$with_libaudit = xno ; then + have_libaudit=no; + else + # See if we have audit daemon library + AC_CHECK_LIB(audit, audit_log_user_message, + AUDIT_LDADD=-laudit,) + fi + AC_SUBST(AUDIT_LDADD) + if test x$AUDIT_LDADD != x ; then + AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support]) + fi +]) diff -urpN upstart-0.5.0.orig/util/Makefile.am upstart-0.5.0/util/Makefile.am --- upstart-0.5.0.orig/util/Makefile.am 2008-11-05 14:08:01.000000000 -0500 +++ upstart-0.5.0/util/Makefile.am 2008-11-22 10:37:31.000000000 -0500 @@ -45,7 +45,8 @@ reboot_SOURCES = \ reboot_LDFLAGS = -static reboot_LDADD = \ ../nih/libnih.la \ - $(LTLIBINTL) + $(LTLIBINTL) \ + $(AUDIT_LDADD) runlevel_SOURCES = \ @@ -54,7 +55,8 @@ runlevel_SOURCES = \ runlevel_LDFLAGS = -static runlevel_LDADD = \ ../nih/libnih.la \ - $(LTLIBINTL) + $(LTLIBINTL) \ + $(AUDIT_LDADD) shutdown_SOURCES = \ @@ -68,7 +70,8 @@ shutdown_LDADD = \ ../nih/libnih.la \ ../nih/libnih-dbus.la \ $(LTLIBINTL) \ - $(DBUS_LIBS) + $(DBUS_LIBS) \ + $(AUDIT_LDADD) diff -urpN upstart-0.5.0.orig/util/reboot.c upstart-0.5.0/util/reboot.c --- upstart-0.5.0.orig/util/reboot.c 2008-11-05 14:08:01.000000000 -0500 +++ upstart-0.5.0/util/reboot.c 2008-11-22 09:53:33.000000000 -0500 @@ -36,6 +36,9 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#ifdef HAVE_LIBAUDIT +# include <libaudit.h> +#endif #include <linux/if.h> #include <linux/hdreg.h> @@ -95,8 +98,9 @@ enum { /* Prototypes for static functions */ -static void down_drives (void); -static void down_interfaces (void); +static void down_drives (void); +static void down_interfaces (void); +static void send_audit_event (void); /** @@ -267,6 +271,7 @@ main (int argc, */ reboot (RB_ENABLE_CAD); kill (1, SIGTSTP); + send_audit_event (); /* Sync the disks */ chdir ("/"); @@ -305,6 +310,23 @@ main (int argc, return 0; } +/** + * send_audit_event + * + * Send system shutdown audit event + **/ +static void +send_audit_event (void) +{ +#ifdef HAVE_LIBAUDIT + int fd = audit_open (); + if (fd < 0) + return; + audit_log_user_message (fd, AUDIT_SYSTEM_SHUTDOWN, "init", + NULL, NULL, NULL, 1); + close (fd); +#endif +} /** * down_drives: diff -urpN upstart-0.5.0.orig/util/runlevel.c upstart-0.5.0/util/runlevel.c --- upstart-0.5.0.orig/util/runlevel.c 2008-11-05 14:08:01.000000000 -0500 +++ upstart-0.5.0/util/runlevel.c 2008-11-22 09:53:33.000000000 -0500 @@ -33,6 +33,9 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#ifdef HAVE_LIBAUDIT +# include <libaudit.h> +#endif #include <nih/macros.h> #include <nih/alloc.h> @@ -43,7 +46,8 @@ /* Prototypes for static functions */ -static void store (short type, pid_t pid, const char *user); +static void store (short type, pid_t pid, const char *user); +static void send_audit_event (int old, int level); /** @@ -109,6 +113,7 @@ main (int argc, /* Store the reboot time? */ if (reboot) { store (BOOT_TIME, 0, "reboot"); + send_audit_event (0, 0); exit (0); } @@ -143,6 +148,7 @@ main (int argc, prev = cur; if (! prev) prev = 'N'; + send_audit_event (prev, set[0]); cur = set[0]; } @@ -203,3 +209,35 @@ store (short type, /* Write wtmp entry */ updwtmp (WTMP_FILE, &utmp); } + +/** + * send_audit_event + * @old: current run level + * @level: new run level + * + * Send system runlevel change audit event. If level is 0, then + * we consider this to be a reboot event. + **/ +static void +send_audit_event (int old, int level) +{ +#ifdef HAVE_LIBAUDIT + int fd = audit_open (); + + if (fd < 0) + return; + + if (level) { + char buf[64]; + + snprintf (buf, sizeof (buf), + "old-level=%c new-level=%c", old, level); + audit_log_user_message (fd, AUDIT_SYSTEM_RUNLEVEL, buf, + NULL, NULL, NULL, 1); + } else + audit_log_user_message (fd, AUDIT_SYSTEM_BOOT, "init", + NULL, NULL, NULL, 1); + close (fd); +#endif +} + diff -urpN upstart-0.5.0.orig/util/shutdown.c upstart-0.5.0/util/shutdown.c --- upstart-0.5.0.orig/util/shutdown.c 2008-11-05 14:08:01.000000000 -0500 +++ upstart-0.5.0/util/shutdown.c 2008-11-22 09:53:33.000000000 -0500 @@ -38,6 +38,9 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#ifdef HAVE_LIBAUDIT +# include <libaudit.h> +#endif #include <nih/macros.h> #include <nih/alloc.h> @@ -83,6 +86,7 @@ static int runlevel_setter (NihOption *option, const char *arg); static void shutdown_now (void) __attribute__ ((noreturn)); +static void send_audit_event (void); static void cancel_callback (void *data, NihSignal *signal) __attribute__ ((noreturn)); static void timer_callback (const char *message); @@ -454,6 +458,23 @@ runlevel_setter (NihOption *option, return 0; } +/** + * send_audit_event + * + * Send system shutdown audit event + **/ +static void +send_audit_event (void) +{ +#ifdef HAVE_LIBAUDIT + int fd = audit_open (); + if (fd < 0) + return; + audit_log_user_message (fd, AUDIT_SYSTEM_SHUTDOWN, "init", + NULL, NULL, NULL, 1); + close (fd); +#endif +} /** * shutdown_now: @@ -501,6 +522,8 @@ shutdown_now (void) NIH_MUST (nih_str_array_addp (&env, NULL, NULL, e)); NIH_MUST (e = nih_sprintf (NULL, "PREVLEVEL=%s", prev_level())); NIH_MUST (nih_str_array_addp (&env, NULL, NULL, e)); + + send_audit_event (); /* Send the message */ if (control_emit_event (proxy, "runlevel", env)) { -- upstart-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/upstart-devel
