Codebase list audit / 12424f1
New upstream version 2.8.2 Laurent Bigonville 6 years ago
87 changed file(s) with 537 addition(s) and 361 deletion(s). Raw diff Collapse all Expand all
+12
-0
ChangeLog less more
0 2.8.2
1 - Update tables for 4.14 kernel
2 - Fixup ipv6 server side binding
3 - AVC report from aureport was missing result column header (#1511606)
4 - Add SOFTWARE_UPDATE event
5 - In ausearch/report pickup any path and new-disk fields as a file
6 - Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
7 - In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
8 - Fix building on old systems without linux/fanotify.h
9 - Fix shell portability issues reported by shellcheck
10 - Auditd validate_email should not use gethostbyname
11
012 2.8.1
113 - Fix NULL ptr dereference in audispd plugin_dir parser
214 - Signed/unsigned cleanup
+2
-2
Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+10
-13
TODO less more
0 Things that need to be done:
1 ===========================
2 2.8.2
0 Future roadmap (subject to change):
1 ===================================
2 2.8.3
33 * Look into TLS support
4 * Support multiple time streams when searching
54 * Add rule verify to detect mismatch between in-kernel and on-disk rules
6 * In audispd, look into non-blocking handling of write to plugins
75
86 2.9
7 * Performance improvements for auparse (Memory management)
8 * If auparse input is a pipe timeout events by wall clock
9 * In audispd, look into non-blocking handling of write to plugins
910 * Look at pulling audispd into auditd
11 * Fix audit.pc.in to use Requires.private
12 * Support multiple time streams when searching
1013 * Container support
11 * Performance improvements for auparse (Memory management)
12 * Add ability to filter events in auditd
13 * Fix audit.pc.in to use Requires.private
14 * If auparse input is a pipe timeout events by wall clock
15 * Change ausearch to output name="" unless its a real null. (mount) ausearch-report.c, 523. FIXME
1614
1715 3.0
1816 * Basic HIDS based on reactive audit component
1917 * Consolidate linked lists and other functions
2018 * Consolidate parsing code between libaudit and auditd-conf.c
2119 * Fix SIGHUP for auditd network settings
22 * Add gzip format for logs
20 * Add ability to filter events in auditd
2321
2422 3.0.1
2523 * Add keywords for time: month-ago
26 * Look at adding the direction read/write to file report (threat modelling)
27 * Fix aureport accounting for avc in permissive mode
2824 * Fix aureport-scan to properly decide if CONFIG_CHANGE is add or del, need to optionally look for op and use remove/add to decide
25 * Change ausearch to output name="" unless its a real null. (mount) ausearch-report.c, 523. FIXME
+27
-26
aclocal.m4 less more
0 # generated automatically by aclocal 1.15 -*- Autoconf -*-
1
2 # Copyright (C) 1996-2014 Free Software Foundation, Inc.
0 # generated automatically by aclocal 1.15.1 -*- Autoconf -*-
1
2 # Copyright (C) 1996-2017 Free Software Foundation, Inc.
33
44 # This file is free software; the Free Software Foundation
55 # gives unlimited permission to copy and/or distribute it,
1919 If you have problems, you may need to regenerate the build system entirely.
2020 To do so, use the procedure documented by the package, typically 'autoreconf'.])])
2121
22 # Copyright (C) 2002-2014 Free Software Foundation, Inc.
22 # Copyright (C) 2002-2017 Free Software Foundation, Inc.
2323 #
2424 # This file is free software; the Free Software Foundation
2525 # gives unlimited permission to copy and/or distribute it,
3434 [am__api_version='1.15'
3535 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
3636 dnl require some minimum version. Point them to the right macro.
37 m4_if([$1], [1.15], [],
37 m4_if([$1], [1.15.1], [],
3838 [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
3939 ])
4040
5050 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
5151 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
5252 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
53 [AM_AUTOMAKE_VERSION([1.15])dnl
53 [AM_AUTOMAKE_VERSION([1.15.1])dnl
5454 m4_ifndef([AC_AUTOCONF_VERSION],
5555 [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
5656 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
5757
5858 # AM_AUX_DIR_EXPAND -*- Autoconf -*-
5959
60 # Copyright (C) 2001-2014 Free Software Foundation, Inc.
60 # Copyright (C) 2001-2017 Free Software Foundation, Inc.
6161 #
6262 # This file is free software; the Free Software Foundation
6363 # gives unlimited permission to copy and/or distribute it,
109109
110110 # AM_CONDITIONAL -*- Autoconf -*-
111111
112 # Copyright (C) 1997-2014 Free Software Foundation, Inc.
112 # Copyright (C) 1997-2017 Free Software Foundation, Inc.
113113 #
114114 # This file is free software; the Free Software Foundation
115115 # gives unlimited permission to copy and/or distribute it,
140140 Usually this means the macro was only invoked conditionally.]])
141141 fi])])
142142
143 # Copyright (C) 1999-2014 Free Software Foundation, Inc.
143 # Copyright (C) 1999-2017 Free Software Foundation, Inc.
144144 #
145145 # This file is free software; the Free Software Foundation
146146 # gives unlimited permission to copy and/or distribute it,
331331
332332 # Generate code to set up dependency tracking. -*- Autoconf -*-
333333
334 # Copyright (C) 1999-2014 Free Software Foundation, Inc.
334 # Copyright (C) 1999-2017 Free Software Foundation, Inc.
335335 #
336336 # This file is free software; the Free Software Foundation
337337 # gives unlimited permission to copy and/or distribute it,
407407
408408 # Do all the work for Automake. -*- Autoconf -*-
409409
410 # Copyright (C) 1996-2014 Free Software Foundation, Inc.
410 # Copyright (C) 1996-2017 Free Software Foundation, Inc.
411411 #
412412 # This file is free software; the Free Software Foundation
413413 # gives unlimited permission to copy and/or distribute it,
604604 done
605605 echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
606606
607 # Copyright (C) 2001-2014 Free Software Foundation, Inc.
607 # Copyright (C) 2001-2017 Free Software Foundation, Inc.
608608 #
609609 # This file is free software; the Free Software Foundation
610610 # gives unlimited permission to copy and/or distribute it,
625625 fi
626626 AC_SUBST([install_sh])])
627627
628 # Copyright (C) 2003-2014 Free Software Foundation, Inc.
628 # Copyright (C) 2003-2017 Free Software Foundation, Inc.
629629 #
630630 # This file is free software; the Free Software Foundation
631631 # gives unlimited permission to copy and/or distribute it,
646646
647647 # Check to see how 'make' treats includes. -*- Autoconf -*-
648648
649 # Copyright (C) 2001-2014 Free Software Foundation, Inc.
649 # Copyright (C) 2001-2017 Free Software Foundation, Inc.
650650 #
651651 # This file is free software; the Free Software Foundation
652652 # gives unlimited permission to copy and/or distribute it,
696696
697697 # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
698698
699 # Copyright (C) 1997-2014 Free Software Foundation, Inc.
699 # Copyright (C) 1997-2017 Free Software Foundation, Inc.
700700 #
701701 # This file is free software; the Free Software Foundation
702702 # gives unlimited permission to copy and/or distribute it,
737737 # Obsolete and "removed" macros, that must however still report explicit
738738 # error messages when used, to smooth transition.
739739 #
740 # Copyright (C) 1996-2014 Free Software Foundation, Inc.
740 # Copyright (C) 1996-2017 Free Software Foundation, Inc.
741741 #
742742 # This file is free software; the Free Software Foundation
743743 # gives unlimited permission to copy and/or distribute it,
764764
765765 # Helper functions for option handling. -*- Autoconf -*-
766766
767 # Copyright (C) 2001-2014 Free Software Foundation, Inc.
767 # Copyright (C) 2001-2017 Free Software Foundation, Inc.
768768 #
769769 # This file is free software; the Free Software Foundation
770770 # gives unlimited permission to copy and/or distribute it,
793793 AC_DEFUN([_AM_IF_OPTION],
794794 [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
795795
796 # Copyright (C) 1999-2014 Free Software Foundation, Inc.
796 # Copyright (C) 1999-2017 Free Software Foundation, Inc.
797797 #
798798 # This file is free software; the Free Software Foundation
799799 # gives unlimited permission to copy and/or distribute it,
840840 # For backward compatibility.
841841 AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
842842
843 # Copyright (C) 1999-2014 Free Software Foundation, Inc.
843 # Copyright (C) 1999-2017 Free Software Foundation, Inc.
844844 #
845845 # This file is free software; the Free Software Foundation
846846 # gives unlimited permission to copy and/or distribute it,
873873 [
874874 dnl Find a Python interpreter. Python versions prior to 2.0 are not
875875 dnl supported. (2.0 was released on October 16, 2000).
876 dnl FIXME: Remove the need to hard-code Python versions here.
876877 m4_define_default([_AM_PYTHON_INTERPRETER_LIST],
877 [python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 dnl
878 [python python2 python3 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl
878879 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0])
879880
880881 AC_ARG_VAR([PYTHON], [the Python interpreter])
10751076 sys.exit(sys.hexversion < minverhex)"
10761077 AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
10771078
1078 # Copyright (C) 2001-2014 Free Software Foundation, Inc.
1079 # Copyright (C) 2001-2017 Free Software Foundation, Inc.
10791080 #
10801081 # This file is free software; the Free Software Foundation
10811082 # gives unlimited permission to copy and/or distribute it,
10941095
10951096 # Check to make sure that the build environment is sane. -*- Autoconf -*-
10961097
1097 # Copyright (C) 1996-2014 Free Software Foundation, Inc.
1098 # Copyright (C) 1996-2017 Free Software Foundation, Inc.
10981099 #
10991100 # This file is free software; the Free Software Foundation
11001101 # gives unlimited permission to copy and/or distribute it,
11751176 rm -f conftest.file
11761177 ])
11771178
1178 # Copyright (C) 2009-2014 Free Software Foundation, Inc.
1179 # Copyright (C) 2009-2017 Free Software Foundation, Inc.
11791180 #
11801181 # This file is free software; the Free Software Foundation
11811182 # gives unlimited permission to copy and/or distribute it,
12351236 _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
12361237 ])
12371238
1238 # Copyright (C) 2001-2014 Free Software Foundation, Inc.
1239 # Copyright (C) 2001-2017 Free Software Foundation, Inc.
12391240 #
12401241 # This file is free software; the Free Software Foundation
12411242 # gives unlimited permission to copy and/or distribute it,
12631264 INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
12641265 AC_SUBST([INSTALL_STRIP_PROGRAM])])
12651266
1266 # Copyright (C) 2006-2014 Free Software Foundation, Inc.
1267 # Copyright (C) 2006-2017 Free Software Foundation, Inc.
12671268 #
12681269 # This file is free software; the Free Software Foundation
12691270 # gives unlimited permission to copy and/or distribute it,
12821283
12831284 # Check how to create a tarball. -*- Autoconf -*-
12841285
1285 # Copyright (C) 2004-2014 Free Software Foundation, Inc.
1286 # Copyright (C) 2004-2017 Free Software Foundation, Inc.
12861287 #
12871288 # This file is free software; the Free Software Foundation
12881289 # gives unlimited permission to copy and/or distribute it,
+2
-2
audisp/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
audisp/plugins/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
audisp/plugins/builtins/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
audisp/plugins/prelude/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-1
audisp/plugins/prelude/audisp-prelude.8 less more
3030
3131 At this point, if you want have audit: forbidden login location, max concurrent sessions, max login failures, and forbidden login time anomalies being reported, you have to setup pam modules correctly. The pam modules are respectively: pam_access, pam_limits, pam_tally2, and pam_time. Please see the respective pam module man pages for any instructions.
3232
33 For performance reasons, some audit events will not produce syscall records which contain additional information about events unless there is at least one audit rule loaded. If you do not have any additional audit rules, edit \fI/etc/audit/audit.rules\fP and add something simple that won't impact performace like this: \fB\-w /etc/shadow \-p wa\fP. This rule will watch the shadow file for writes or changes to its attributes. The additional audit information provided by having at least one rule will allow the plugin to give a more complete view of the alert it is sending.
33 For performance reasons, some audit events will not produce syscall records which contain additional information about events unless there is at least one audit rule loaded. If you do not have any additional audit rules, edit \fI/etc/audit/audit.rules\fP and add something simple that won't impact performance like this: \fB\-w /etc/shadow \-p wa\fP. This rule will watch the shadow file for writes or changes to its attributes. The additional audit information provided by having at least one rule will allow the plugin to give a more complete view of the alert it is sending.
3434
3535 If you are wanting to get alerts on watched syscalls, watched files, watched execution, or something becoming executable, you need to add some keys to your audit rules. For example, if you have the following audit watch in \fI/etc/audit/audit.rules\fP:
3636
+2
-2
audisp/plugins/remote/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-1
audisp/plugins/remote/audisp-remote.c less more
14441444 int hver, mver;
14451445 uint32_t type, rlen, seq;
14461446 char msg[MAX_AUDIT_MESSAGE_LENGTH+1];
1447 int n_tries_this_message = 0;
1447 unsigned int n_tries_this_message = 0;
14481448 time_t now, then = 0;
14491449
14501450 sequence_id ++;
+2
-2
audisp/plugins/zos-remote/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-1
audit.spec less more
262262
263263
264264 %changelog
265 * Thu Oct 12 2017 Steve Grubb <sgrubb@redhat.com> 2.8.1-1
265 * Thu Dec 14 2017 Steve Grubb <sgrubb@redhat.com> 2.8.2-1
266266 - New upstream release
267267
+2
-2
auparse/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-0
auparse/expression.c less more
853853 || op == EO_VALUE_LE || op == EO_VALUE_GT || op == EO_VALUE_GE);
854854 res->op = op;
855855 res->virtual_field = 1;
856 res->numeric_field = 1;
856857 res->v.p.field.id = EF_TIMESTAMP_EX;
857858 res->precomputed_value = 1;
858859 res->v.p.value.timestamp_ex.sec = sec;
+3
-1
auparse/famtab.h less more
5858 _S(38, "alg" )
5959 _S(39, "nfc" )
6060 _S(40, "vsock" )
61
61 _S(41, "kcm" )
62 _S(42, "qipcrtr" )
63 _S(43, "smc" )
+4
-1
auparse/fcntl-cmdtab.h less more
4848 _S(1032, "F_GETPIPE_SZ" )
4949 _S(1033, "F_ADD_SEALS" )
5050 _S(1034, "F_GET_SEALS" )
51
51 _S(1035, "F_GET_RW_HINT" )
52 _S(1036, "F_SET_RW_HINT" )
53 _S(1037, "F_GET_FILE_RW_HINT" )
54 _S(1038, "F_SET_FILE_RW_HINT" )
+11
-6
auparse/interpret.c less more
4949 #include <sys/personality.h>
5050 #include <sys/prctl.h>
5151 #include <sched.h>
52 #ifdef USE_FANOTIFY
5253 #include <linux/fanotify.h>
54 #else
55 #define FAN_ALLOW 1
56 #define FAN_DENY 2
57 #endif
5358 #include "auparse-defs.h"
5459 #include "gen_tables.h"
5560
13451350 size_t i;
13461351 unsigned int flags;
13471352 int cnt = 0;
1348 char *out, buf[178];
1353 char *out, buf[sizeof(open_flag_strings)+8];
13491354
13501355 errno = 0;
13511356 flags = strtoul(val, NULL, 16);
13831388 {
13841389 unsigned int flags, i, clone_sig;
13851390 int cnt = 0;
1386 char *out, buf[362]; // added 10 for signal name
1391 char *out, buf[sizeof(clone_flag_strings)+16];// + 10 for signal name
13871392
13881393 errno = 0;
13891394 flags = strtoul(val, NULL, 16);
15341539 {
15351540 unsigned int maps, i;
15361541 int cnt = 0;
1537 char buf[176];
1542 char buf[sizeof(mmap_strings)+8];
15381543 char *out;
15391544
15401545 errno = 0;
17001705 {
17011706 unsigned int rec, i;
17021707 int cnt = 0;
1703 char buf[234];
1708 char buf[sizeof(recv_strings)+8];
17041709 char *out;
17051710
17061711 errno = 0;
19791984 {
19801985 unsigned int flags, partial, i;
19811986 int cnt = 0;
1982 char *out, buf[32];
1987 char *out, buf[sizeof(shm_mode_strings)+sizeof(ipccmd_strings)+8];
19831988
19841989 errno = 0;
19851990 flags = strtoul(val, NULL, 16);
20602065 {
20612066 unsigned int flags, i;
20622067 int cnt = 0;
2063 char buf[64];
2068 char buf[sizeof(umount_strings)+8];
20642069 char *out;
20652070
20662071 errno = 0;
+6
-0
auparse/ioctlreqtab.h less more
1717 *
1818 * Authors:
1919 * Steve Grubb <sgrubb@redhat.com>
20 *
21 * This list is not comprehensive. Its just some cherry picked ioctls.
2022 * include/uapi/linux/kd.h
2123 * include/uapi/linux/cdrom.h
2224 * include/uapi/asm-generic/ioctls.h
2527
2628 _S(0x4B3A, "KDSETMODE" )
2729 _S(0x4B3B, "KDGETMODE" )
30
2831 _S(0x5309, "CDROMEJECT" )
2932 _S(0x530F, "CDROMEJECT_SW" )
3033 _S(0x5311, "CDROM_GET_UPC" )
3134 _S(0x5316, "CDROMSEEK" )
35
3236 _S(0x5401, "TCGETS" )
3337 _S(0x5402, "TCSETS" )
3438 _S(0x5403, "TCSETSW" )
4246 _S(0x5414, "TIOCSWINSZ" )
4347 _S(0x541B, "TIOCINQ" )
4448 _S(0x5421, "FIONBIO" )
49 _S(0x5422, "TIOCNOTTY" )
4550 _S(0x8901, "FIOSETOWN" )
4651 _S(0x8903, "FIOGETOWN" )
4752 _S(0x8910, "SIOCGIFNAME" )
5156 _S(0x40045431, "TIOCSPTLCK" ) // Need a better fix for these
5257 _S(0x80045430, "TIOCGPTN" )
5358 _S(0x80045431, "TIOCSPTLCK" )
59
5460 _S(0xC01C64A3, "DRM_IOCTL_MODE_CURSOR" )
5561 _S(0xC01864B0, "DRM_IOCTL_MODE_PAGE_FLIP" )
5662 _S(0xC01864B1, "DRM_IOCTL_MODE_DIRTYFB" )
+2
-0
auparse/ip6optnametab.h less more
7979 _S(67, "IPV6_TCLASS")
8080 _S(68, "IP6T_SO_GET_REVISION_MATCH")
8181 _S(69, "IP6T_SO_GET_REVISION_TARGET")
82 _S(70, "IPV6_AUTOFLOWLABEL")
8283 _S(72, "IPV6_ADDR_PREFERENCES")
8384 _S(73, "IPV6_MINHOPCOUNT")
8485 _S(74, "IPV6_ORIGDSTADDR")
8586 _S(75, "IPV6_TRANSPARENT")
8687 _S(76, "IPV6_UNICAST_IF")
88 _S(77, "IPV6_RECVFRAGSIZE")
8789 _S(80, "IP6T_SO_ORIGINAL_DST")
8890
+0
-1
auparse/mmaptab.h less more
1919 * Steve Grubb <sgrubb@redhat.com>
2020 * Location: include/uapi/asm-generic/mman.h >0x100
2121 * include/uapi/asm-generic/mman-common.h < 0x100
22 * NOTE: If this is updated, also update interpret.c:print_mmap()
2322 */
2423
2524 _S(0x00001, "MAP_SHARED" )
+0
-1
auparse/open-flagtab.h less more
1818 * Authors:
1919 * Steve Grubb <sgrubb@redhat.com>
2020 * Location: include/uapi/asm-generic/fcntl.h
21 * NOTE: When updating this table, update interpret.c:print_open_flags()
2221 */
2322
2423 // Handled in the code: _S(00, "O_RDONLY" )
+2
-1
auparse/pktoptnametab.h less more
3939 _S(18, "PACKET_FANOUT")
4040 _S(19, "PACKET_TX_HAS_OFF")
4141 _S(20, "PACKET_QDISC_BYPASS")
42
42 _S(21, "PACKET_ROLLOVER_STATS")
43 _S(22, "PACKET_FANOUT_DATA")
+7
-0
auparse/ptracetab.h less more
1818 * Authors:
1919 * Steve Grubb <sgrubb@redhat.com>
2020 * Location: include/uapi/linux/ptrace.h
21 * ./arch/x86/include/uapi/asm/ptrace-abi.h
2122 */
2223
2324 _S(0, "PTRACE_TRACEME" )
3940 _S(18, "PTRACE_GETFPXREGS" )
4041 _S(19, "PTRACE_SETFPXREGS" )
4142 _S(24, "PTRACE_SYSCALL" )
43 _S(25, "PTRACE_GET_THREAD_AREA")
44 _S(26, "PTRACE_SET_THREAD_AREA")
45 _S(30, "PTRACE_ARCH_PRCTL" )
46 _S(31, "PTRACE_SYSEMU" )
47 _S(32, "PTRACE_SYSEMU_SINGLESTEP")
48 _S(33, "PTRACE_SINGLEBLOCK" )
4249 _S(0x4200, "PTRACE_SETOPTIONS" )
4350 _S(0x4201, "PTRACE_GETEVENTMSG" )
4451 _S(0x4202, "PTRACE_GETSIGINFO" )
+1
-1
auparse/recvtab.h less more
1818 * Authors:
1919 * Steve Grubb <sgrubb@redhat.com>
2020 * Location: include/linux/socket.h
21 * NOTE: If any update are made, update buffer size in interpret.c:print_recv()
2221 */
2322
2423 _S(0x00000001, "MSG_OOB")
3938 _S(0x00008000, "MSG_MORE")
4039 _S(0x00010000, "MSG_WAITFORONE")
4140 _S(0x00020000, "MSG_SENDPAGE_NOTLAST")
41 _S(0x00040000, "MSG_BATCH")
4242 _S(0x20000000, "MSG_FASTOPEN")
4343 _S(0x40000000, "MSG_CMSG_CLOEXEC")
4444 _S(0x80000000, "MSG_CMSG_COMPAT")
+1
-0
auparse/seccomptab.h less more
2525 _S(0x00030000U, "trap" )
2626 _S(0x00050000U, "errno" )
2727 _S(0x7ff00000U, "trace" )
28 _S(0x7ffc0000U, "log" )
2829 _S(0x7fff0000U, "allow" )
2930
+2
-0
auparse/shm_modetab.h less more
1818 * Authors:
1919 * Steve Grubb <sgrubb@redhat.com>
2020 * Location: include/linux/shm.h
21 * include/uapi/linux/shm.h
2122 */
2223
2324
2425 _S(00001000, "SHM_DEST" )
2526 _S(00002000, "SHM_LOCKED" )
27
2628 _S(00004000, "SHM_HUGETLB" )
2729 _S(00010000, "SHM_NORESERVE" )
2830
+2
-0
auparse/sockleveltab.h less more
5353 _S(278, "SOL_CAIF")
5454 _S(279, "SOL_ALG")
5555 _S(280, "SOL_NFC")
56 _S(281, "SOL_KCM")
57 _S(282, "SOL_TLS")
+8
-0
auparse/sockoptnametab.h less more
7373 _S(50, "SO_ATTACH_BPF")
7474 _S(51, "SO_ATTACH_REUSEPORT_CBPF")
7575 _S(52, "SO_ATTACH_REUSEPORT_EBPF")
76 _S(53, "SO_CNX_ADVICE")
77 _S(54, "SCM_TIMESTAMPING_OPT_STATS")
78 _S(55, "SO_MEMINFO")
79 _S(56, "SO_INCOMING_NAPI_ID")
80 _S(57, "SO_COOKIE")
81 _S(58, "SCM_TIMESTAMPING_PKTINFO")
82 _S(59, "SO_PEERGROUPS")
83 _S(60, "SO_ZEROCOPY")
7684
7785 // PPC has these different
7886 _S(116, "SO_RCVLOWAT")
+7
-1
auparse/tcpoptnametab.h less more
4545 _S(23, "TCP_FASTOPEN")
4646 _S(24, "TCP_TIMESTAMP")
4747 _S(25, "TCP_NOTSENT_LOWAT")
48
48 _S(26, "TCP_CC_INFO")
49 _S(27, "TCP_SAVE_SYN")
50 _S(28, "TCP_SAVED_SYN")
51 _S(29, "TCP_REPAIR_WINDOW")
52 _S(30, "TCP_FASTOPEN_CONNECT")
53 _S(31, "TCP_ULP")
54 _S(32, "TCP_MD5SIG_EXT")
+2
-2
auparse/test/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-1
auparse/umounttab.h less more
2525 _S(0x00000002, "MNT_DETACH" )
2626 _S(0x00000004, "MNT_EXPIRE" )
2727 _S(0x00000008, "UMOUNT_NOFOLLOW" )
28 _S(0x80000001, "UMOUNT_UNUSED" )
28 _S(0x80000000, "UMOUNT_UNUSED" )
2929
+2
-2
bindings/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
bindings/golang/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
bindings/python/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-1
bindings/python/auparse_python.c less more
21792179 {"interpret_sock_family", (PyCFunction)AuParser_interpret_sock_family, METH_NOARGS, interpret_sock_family_doc},
21802180 {"interpret_sock_port", (PyCFunction)AuParser_interpret_sock_port, METH_NOARGS, interpret_sock_port_doc},
21812181 {"interpret_sock_address", (PyCFunction)AuParser_interpret_sock_address, METH_NOARGS, interpret_sock_address_doc},
2182 {NULL, NULL} /* Sentinel */
2182 {NULL, NULL, 0, NULL} /* Sentinel */
21832183 };
21842184
21852185 PyDoc_STRVAR(AuParser_doc,
+2
-2
bindings/python/python2/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
bindings/python/python3/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
bindings/swig/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
bindings/swig/python/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-0
bindings/swig/python/audit.py less more
597597 AUDIT_ACCT_LOCK = _audit.AUDIT_ACCT_LOCK
598598 AUDIT_ACCT_UNLOCK = _audit.AUDIT_ACCT_UNLOCK
599599 AUDIT_USER_DEVICE = _audit.AUDIT_USER_DEVICE
600 AUDIT_SOFTWARE_UPDATE = _audit.AUDIT_SOFTWARE_UPDATE
600601 AUDIT_FIRST_DAEMON = _audit.AUDIT_FIRST_DAEMON
601602 AUDIT_LAST_DAEMON = _audit.AUDIT_LAST_DAEMON
602603 AUDIT_DAEMON_RECONFIG = _audit.AUDIT_DAEMON_RECONFIG
+2
-2
bindings/swig/python3/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-0
bindings/swig/python3/audit.py less more
508508 AUDIT_ACCT_LOCK = _audit.AUDIT_ACCT_LOCK
509509 AUDIT_ACCT_UNLOCK = _audit.AUDIT_ACCT_UNLOCK
510510 AUDIT_USER_DEVICE = _audit.AUDIT_USER_DEVICE
511 AUDIT_SOFTWARE_UPDATE = _audit.AUDIT_SOFTWARE_UPDATE
511512 AUDIT_FIRST_DAEMON = _audit.AUDIT_FIRST_DAEMON
512513 AUDIT_LAST_DAEMON = _audit.AUDIT_LAST_DAEMON
513514 AUDIT_DAEMON_RECONFIG = _audit.AUDIT_DAEMON_RECONFIG
+2
-2
bindings/swig/src/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+6
-5
compile less more
00 #! /bin/sh
11 # Wrapper for compilers which do not understand '-c -o'.
22
3 scriptversion=2012-10-14.11; # UTC
4
5 # Copyright (C) 1999-2014 Free Software Foundation, Inc.
3 scriptversion=2016-01-11.22; # UTC
4
5 # Copyright (C) 1999-2017 Free Software Foundation, Inc.
66 # Written by Tom Tromey <tromey@cygnus.com>.
77 #
88 # This program is free software; you can redistribute it and/or modify
254254 echo "compile $scriptversion"
255255 exit $?
256256 ;;
257 cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
257 cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
258 icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
258259 func_cl_wrapper "$@" # Doesn't return...
259260 ;;
260261 esac
341342 # eval: (add-hook 'write-file-hooks 'time-stamp)
342343 # time-stamp-start: "scriptversion="
343344 # time-stamp-format: "%:y-%02m-%02d.%02H"
344 # time-stamp-time-zone: "UTC"
345 # time-stamp-time-zone: "UTC0"
345346 # time-stamp-end: "; # UTC"
346347 # End:
+27
-13
config.guess less more
00 #! /bin/sh
11 # Attempt to guess a canonical system name.
2 # Copyright 1992-2016 Free Software Foundation, Inc.
3
4 timestamp='2016-10-02'
2 # Copyright 1992-2017 Free Software Foundation, Inc.
3
4 timestamp='2017-08-08'
55
66 # This file is free software; you can redistribute it and/or modify it
77 # under the terms of the GNU General Public License as published by
4949 GNU config.guess ($timestamp)
5050
5151 Originally written by Per Bothner.
52 Copyright 1992-2016 Free Software Foundation, Inc.
52 Copyright 1992-2017 Free Software Foundation, Inc.
5353
5454 This is free software; see the source for copying conditions. There is NO
5555 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
258258 *:Sortix:*:*)
259259 echo ${UNAME_MACHINE}-unknown-sortix
260260 exit ;;
261 *:Redox:*:*)
262 echo ${UNAME_MACHINE}-unknown-redox
263 exit ;;
261264 alpha:OSF1:*:*)
262265 case $UNAME_RELEASE in
263266 *4.0)
836839 UNAME_PROCESSOR=`/usr/bin/uname -p`
837840 case ${UNAME_PROCESSOR} in
838841 amd64)
839 echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
840 *)
841 echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
842 UNAME_PROCESSOR=x86_64 ;;
843 i386)
844 UNAME_PROCESSOR=i586 ;;
842845 esac
846 echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
843847 exit ;;
844848 i*:CYGWIN*:*)
845849 echo ${UNAME_MACHINE}-pc-cygwin
13021306 if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
13031307 if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
13041308 if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
1305 (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
1306 grep IS_64BIT_ARCH >/dev/null
1309 (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
1310 grep IS_64BIT_ARCH >/dev/null
13071311 then
13081312 case $UNAME_PROCESSOR in
13091313 i386) UNAME_PROCESSOR=x86_64 ;;
13101314 powerpc) UNAME_PROCESSOR=powerpc64 ;;
13111315 esac
1316 fi
1317 # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
1318 if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
1319 (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
1320 grep IS_PPC >/dev/null
1321 then
1322 UNAME_PROCESSOR=powerpc
13121323 fi
13131324 fi
13141325 elif test "$UNAME_PROCESSOR" = i386 ; then
13331344 *:QNX:*:4*)
13341345 echo i386-pc-qnx
13351346 exit ;;
1336 NEO-?:NONSTOP_KERNEL:*:*)
1347 NEO-*:NONSTOP_KERNEL:*:*)
13371348 echo neo-tandem-nsk${UNAME_RELEASE}
13381349 exit ;;
13391350 NSE-*:NONSTOP_KERNEL:*:*)
13401351 echo nse-tandem-nsk${UNAME_RELEASE}
13411352 exit ;;
1342 NSR-?:NONSTOP_KERNEL:*:*)
1353 NSR-*:NONSTOP_KERNEL:*:*)
13431354 echo nsr-tandem-nsk${UNAME_RELEASE}
1355 exit ;;
1356 NSX-*:NONSTOP_KERNEL:*:*)
1357 echo nsx-tandem-nsk${UNAME_RELEASE}
13441358 exit ;;
13451359 *:NonStop-UX:*:*)
13461360 echo mips-compaq-nonstopux
14171431 $0: unable to guess system type
14181432
14191433 This script (version $timestamp), has failed to recognize the
1420 operating system you are using. If your script is old, overwrite
1421 config.guess and config.sub with the latest versions from:
1434 operating system you are using. If your script is old, overwrite *all*
1435 copies of config.guess and config.sub with the latest versions from:
14221436
14231437 http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
14241438 and
+3
-0
config.h.in less more
156156 /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
157157 #undef TIME_WITH_SYS_TIME
158158
159 /* Defined when fanotify headers are found */
160 #undef USE_FANOTIFY
161
159162 /* Define if you want to use GSSAPI */
160163 #undef USE_GSSAPI
161164
+21
-8
config.sub less more
00 #! /bin/sh
11 # Configuration validation subroutine script.
2 # Copyright 1992-2016 Free Software Foundation, Inc.
3
4 timestamp='2016-09-05'
2 # Copyright 1992-2017 Free Software Foundation, Inc.
3
4 timestamp='2017-04-02'
55
66 # This file is free software; you can redistribute it and/or modify it
77 # under the terms of the GNU General Public License as published by
6666 version="\
6767 GNU config.sub ($timestamp)
6868
69 Copyright 1992-2016 Free Software Foundation, Inc.
69 Copyright 1992-2017 Free Software Foundation, Inc.
7070
7171 This is free software; see the source for copying conditions. There is NO
7272 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
262262 | fido | fr30 | frv | ft32 \
263263 | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
264264 | hexagon \
265 | i370 | i860 | i960 | ia64 \
265 | i370 | i860 | i960 | ia16 | ia64 \
266266 | ip2k | iq2000 \
267267 | k1om \
268268 | le32 | le64 \
300300 | open8 | or1k | or1knd | or32 \
301301 | pdp10 | pdp11 | pj | pjl \
302302 | powerpc | powerpc64 | powerpc64le | powerpcle \
303 | pru \
303304 | pyramid \
304305 | riscv32 | riscv64 \
305306 | rl78 | rx \
313314 | ubicom32 \
314315 | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
315316 | visium \
317 | wasm32 \
316318 | we32k \
317319 | x86 | xc16x | xstormy16 | xtensa \
318320 | z8k | z80)
386388 | h8300-* | h8500-* \
387389 | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
388390 | hexagon-* \
389 | i*86-* | i860-* | i960-* | ia64-* \
391 | i*86-* | i860-* | i960-* | ia16-* | ia64-* \
390392 | ip2k-* | iq2000-* \
391393 | k1om-* \
392394 | le32-* | le64-* \
427429 | orion-* \
428430 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
429431 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
432 | pru-* \
430433 | pyramid-* \
431434 | riscv32-* | riscv64-* \
432435 | rl78-* | romp-* | rs6000-* | rx-* \
443446 | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
444447 | vax-* \
445448 | visium-* \
449 | wasm32-* \
446450 | we32k-* \
447451 | x86-* | x86_64-* | xc16x-* | xps100-* \
448452 | xstormy16-* | xtensa*-* \
945949 nsr-tandem)
946950 basic_machine=nsr-tandem
947951 ;;
952 nsx-tandem)
953 basic_machine=nsx-tandem
954 ;;
948955 op50n-* | op60c-*)
949956 basic_machine=hppa1.1-oki
950957 os=-proelf
12391246 vxworks29k)
12401247 basic_machine=a29k-wrs
12411248 os=-vxworks
1249 ;;
1250 wasm32)
1251 basic_machine=wasm32-unknown
12421252 ;;
12431253 w65*)
12441254 basic_machine=w65-wdc
13941404 | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
13951405 | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
13961406 | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
1397 | -chorusos* | -chorusrdb* | -cegcc* \
1407 | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
13981408 | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
13991409 | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
14001410 | -linux-newlib* | -linux-musl* | -linux-uclibc* \
14061416 | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
14071417 | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
14081418 | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
1409 | -onefs* | -tirtos* | -phoenix*)
1419 | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*)
14101420 # Remember, each alternative MUST END IN *, to match a version number.
14111421 ;;
14121422 -qnx*)
16351645 sparc-* | *-sun)
16361646 os=-sunos4.1.1
16371647 ;;
1648 pru-*)
1649 os=-elf
1650 ;;
16381651 *-be)
16391652 os=-beos
16401653 ;;
+21
-11
configure less more
00 #! /bin/sh
11 # From configure.ac Revision: 1.3 .
22 # Guess values for system-dependent variables and create Makefiles.
3 # Generated by GNU Autoconf 2.69 for audit 2.8.1.
3 # Generated by GNU Autoconf 2.69 for audit 2.8.2.
44 #
55 #
66 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
587587 # Identity of this package.
588588 PACKAGE_NAME='audit'
589589 PACKAGE_TARNAME='audit'
590 PACKAGE_VERSION='2.8.1'
591 PACKAGE_STRING='audit 2.8.1'
590 PACKAGE_VERSION='2.8.2'
591 PACKAGE_STRING='audit 2.8.2'
592592 PACKAGE_BUGREPORT=''
593593 PACKAGE_URL=''
594594
13911391 # Omit some internal or obsolete options to make the list less imposing.
13921392 # This message is too long to be a string in the A/UX 3.1 sh.
13931393 cat <<_ACEOF
1394 \`configure' configures audit 2.8.1 to adapt to many kinds of systems.
1394 \`configure' configures audit 2.8.2 to adapt to many kinds of systems.
13951395
13961396 Usage: $0 [OPTION]... [VAR=VALUE]...
13971397
14621462
14631463 if test -n "$ac_init_help"; then
14641464 case $ac_init_help in
1465 short | recursive ) echo "Configuration of audit 2.8.1:";;
1465 short | recursive ) echo "Configuration of audit 2.8.2:";;
14661466 esac
14671467 cat <<\_ACEOF
14681468
15891589 test -n "$ac_init_help" && exit $ac_status
15901590 if $ac_init_version; then
15911591 cat <<\_ACEOF
1592 audit configure 2.8.1
1592 audit configure 2.8.2
15931593 generated by GNU Autoconf 2.69
15941594
15951595 Copyright (C) 2012 Free Software Foundation, Inc.
22402240 This file contains any messages produced by compilers while
22412241 running configure, to aid debugging if configure makes a mistake.
22422242
2243 It was created by audit $as_me 2.8.1, which was
2243 It was created by audit $as_me 2.8.2, which was
22442244 generated by GNU Autoconf 2.69. Invocation command line was
22452245
22462246 $ $0 $@
32193219
32203220 # Define the identity of the package.
32213221 PACKAGE='audit'
3222 VERSION='2.8.1'
3222 VERSION='2.8.2'
32233223
32243224
32253225 cat >>confdefs.h <<_ACEOF
1473714737
1473814738 # Find any Python interpreter.
1473914739 if test -z "$PYTHON"; then
14740 for ac_prog in python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0
14740 for ac_prog in python python2 python3 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0
1474114741 do
1474214742 # Extract the first word of "$ac_prog", so it can be a program name with args.
1474314743 set dummy $ac_prog; ac_word=$2
1533715337 ENABLE_SYSTEMD_TRUE='#'
1533815338 ENABLE_SYSTEMD_FALSE=
1533915339 fi
15340
15341
15342 # linux/fanotify.h
15343 ac_fn_c_check_header_mongrel "$LINENO" "linux/fanotify.h" "ac_cv_header_linux_fanotify_h" "$ac_includes_default"
15344 if test "x$ac_cv_header_linux_fanotify_h" = xyes; then :
15345
15346 $as_echo "#define USE_FANOTIFY /**/" >>confdefs.h
15347
15348 fi
15349
1534015350
1534115351
1534215352 withval=""
1650916519 # report actual input values of CONFIG_FILES etc. instead of their
1651016520 # values after options handling.
1651116521 ac_log="
16512 This file was extended by audit $as_me 2.8.1, which was
16522 This file was extended by audit $as_me 2.8.2, which was
1651316523 generated by GNU Autoconf 2.69. Invocation command line was
1651416524
1651516525 CONFIG_FILES = $CONFIG_FILES
1657516585 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
1657616586 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
1657716587 ac_cs_version="\\
16578 audit config.status 2.8.1
16588 audit config.status 2.8.2
1657916589 configured by $0, generated by GNU Autoconf 2.69,
1658016590 with options \\"\$ac_cs_config\\"
1658116591
+5
-1
configure.ac less more
2828 ])
2929
3030 AC_REVISION($Revision: 1.3 $)dnl
31 AC_INIT(audit,2.8.1)
31 AC_INIT(audit,2.8.2)
3232 AC_PREREQ(2.12)dnl
3333 AM_CONFIG_HEADER(config.h)
3434
248248 [want_systemd="no"]
249249 )
250250 AM_CONDITIONAL(ENABLE_SYSTEMD, test x$want_systemd = xyes)
251
252 # linux/fanotify.h
253 AC_CHECK_HEADER(linux/fanotify.h, [ AC_DEFINE(USE_FANOTIFY, [],
254 [Defined when fanotify headers are found]) ])
251255
252256 withval=""
253257 ALLDEBUG="-g"
+4
-4
depcomp less more
00 #! /bin/sh
11 # depcomp - compile a program generating dependencies as side-effects
22
3 scriptversion=2013-05-30.07; # UTC
4
5 # Copyright (C) 1999-2014 Free Software Foundation, Inc.
3 scriptversion=2016-01-11.22; # UTC
4
5 # Copyright (C) 1999-2017 Free Software Foundation, Inc.
66
77 # This program is free software; you can redistribute it and/or modify
88 # it under the terms of the GNU General Public License as published by
785785 # eval: (add-hook 'write-file-hooks 'time-stamp)
786786 # time-stamp-start: "scriptversion="
787787 # time-stamp-format: "%:y-%02m-%02d.%02H"
788 # time-stamp-time-zone: "UTC"
788 # time-stamp-time-zone: "UTC0"
789789 # time-stamp-end: "; # UTC"
790790 # End:
+2
-2
docs/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-1
docs/auparse_get_field_num.3 less more
66 unsigned int auparse_get_field_num(auparse_state_t *au);
77
88 .SH "DESCRIPTION"
9 auparse_get_field_num will retreive the internal library cursors current field location in the current record. Fields within the same record are numbered starting from 0. This is generally not needed but there are some cases where one may want to know the exact field being looked at.
9 auparse_get_field_num will retrieve the internal library cursors current field location in the current record. Fields within the same record are numbered starting from 0. This is generally not needed but there are some cases where one may want to know the exact field being looked at.
1010
1111 .SH "RETURN VALUE"
1212
+1
-1
docs/auparse_get_record_num.3 less more
66 unsigned int auparse_get_record_num(auparse_state_t *au);
77
88 .SH "DESCRIPTION"
9 auparse_get_record_num will retreive the internal library cursors current record location in the current event. Records within the same event are numbered starting from 0. This is generally not needed but there are some cases where one may want to know the exact record being looked at.
9 auparse_get_record_num will retrieve the internal library cursors current record location in the current event. Records within the same event are numbered starting from 0. This is generally not needed but there are some cases where one may want to know the exact record being looked at.
1010
1111 .SH "RETURN VALUE"
1212
+2
-2
init.d/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+6
-6
init.d/auditd.init less more
4949 test -x /sbin/auditd || exit 5
5050 test -f /etc/audit/auditd.conf || exit 6
5151
52 echo -n $"Starting $prog: "
52 printf "Starting $prog: "
5353
5454 # Localization for auditd is controlled in /etc/synconfig/auditd
5555 if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
8484 }
8585
8686 stop(){
87 echo -n $"Stopping $prog: "
87 printf "Stopping $prog: "
8888 killproc $prog
8989 RETVAL=$?
9090 echo
101101
102102 reload(){
103103 test -f /etc/audit/auditd.conf || exit 6
104 echo -n $"Reloading configuration: "
104 printf "Reloading configuration: "
105105 killproc $prog -HUP
106106 RETVAL=$?
107107 echo
109109 }
110110
111111 rotate(){
112 echo -n $"Rotating logs: "
112 printf "Rotating logs: "
113113 killproc $prog -USR1
114114 RETVAL=$?
115115 echo
117117 }
118118
119119 resume(){
120 echo -n $"Resuming logging: "
120 printf "Resuming logging: "
121121 killproc $prog -USR2
122122 RETVAL=$?
123123 echo
160160 condrestart
161161 ;;
162162 *)
163 echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}"
163 echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|rotate|resume}"
164164 RETVAL=3
165165 esac
166166
+2
-2
init.d/auditd.resume less more
66
77 PATH=/sbin:/bin:/usr/bin:/usr/sbin
88 prog="auditd"
9 source /etc/init.d/functions
9 . /etc/init.d/functions
1010
11 echo -n $"Resuming logging: "
11 printf "Resuming logging: "
1212 killproc $prog -USR2
1313 RETVAL=$?
1414 echo
+2
-2
init.d/auditd.rotate less more
66
77 PATH=/sbin:/bin:/usr/bin:/usr/sbin
88 prog="auditd"
9 source /etc/init.d/functions
9 . /etc/init.d/functions
1010
11 echo -n $"Rotating logs: "
11 printf "Rotating logs: "
1212 killproc $prog -USR1
1313 RETVAL=$?
1414 echo
+2
-2
init.d/auditd.stop less more
66
77 PATH=/sbin:/bin:/usr/bin:/usr/sbin
88 prog="auditd"
9 source /etc/init.d/functions
9 . /etc/init.d/functions
1010
11 echo -n $"Stopping logging: "
11 printf "Stopping logging: "
1212 killproc $prog -TERM
1313 RETVAL=$?
1414 echo
+1
-1
init.d/augenrules less more
7575 echo "## This file is automatically generated from $SourceRulesDir" >> ${TmpRules}
7676 for rules in $(/bin/ls -1v ${SourceRulesDir} | grep "\.rules$") ; do
7777 cat ${SourceRulesDir}/${rules}
78 done | awk '\
78 done | awk '
7979 BEGIN {
8080 minus_e = "";
8181 minus_D = "";
+2
-2
install-sh less more
00 #!/bin/sh
11 # install - install a program, script, or datafile
22
3 scriptversion=2013-12-25.23; # UTC
3 scriptversion=2016-01-11.22; # UTC
44
55 # This originates from X11R5 (mit/util/scripts/install.sh), which was
66 # later released in X11R6 (xc/config/util/install.sh) with the
495495 # eval: (add-hook 'write-file-hooks 'time-stamp)
496496 # time-stamp-start: "scriptversion="
497497 # time-stamp-format: "%:y-%02m-%02d.%02H"
498 # time-stamp-time-zone: "UTC"
498 # time-stamp-time-zone: "UTC0"
499499 # time-stamp-end: "; # UTC"
500500 # End:
+2
-2
lib/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+1
-0
lib/arm_table.h less more
379379 _S(394, "pkey_mprotect")
380380 _S(395, "pkey_alloc")
381381 _S(396, "pkey_free")
382 _S(397, "statx")
+4
-3
lib/libaudit.c less more
518518 int audit_reset_lost(int fd)
519519 {
520520 int rc;
521 int seq;
521522 struct audit_status s;
522523
523524 if ((audit_get_features() & AUDIT_FEATURE_BITMAP_LOST_RESET) == 0)
526527 memset(&s, 0, sizeof(s));
527528 s.mask = AUDIT_STATUS_LOST;
528529 s.lost = 0;
529 rc = audit_send(fd, AUDIT_SET, &s, sizeof(s));
530 rc = __audit_send(fd, AUDIT_SET, &s, sizeof(s), &seq);
530531 if (rc < 0)
531532 audit_msg(audit_priority(errno),
532533 "Error sending lost reset request (%s)",
836837 }
837838
838839 /*
839 * This function will retreive the loginuid or -1 if there
840 * This function will retrieve the loginuid or -1 if there
840841 * is an error.
841842 */
842843 uid_t audit_getloginuid(void)
900901 }
901902
902903 /*
903 * This function will retreive the login session or -2 if there
904 * This function will retrieve the login session or -2 if there
904905 * is an error.
905906 */
906907 uint32_t audit_get_session(void)
+1
-0
lib/libaudit.h less more
9696 #define AUDIT_ACCT_LOCK 1135 /* User's account locked by admin */
9797 #define AUDIT_ACCT_UNLOCK 1136 /* User's account unlocked by admin */
9898 #define AUDIT_USER_DEVICE 1137 /* User space hotplug device changes */
99 #define AUDIT_SOFTWARE_UPDATE 1138 /* Software update event */
99100
100101 #define AUDIT_FIRST_DAEMON 1200
101102 #define AUDIT_LAST_DAEMON 1299
+1
-0
lib/msg_typetab.h less more
7474 _S(AUDIT_ACCT_LOCK, "ACCT_LOCK" )
7575 _S(AUDIT_ACCT_UNLOCK, "ACCT_UNLOCK" )
7676 _S(AUDIT_USER_DEVICE, "USER_DEVICE" )
77 _S(AUDIT_SOFTWARE_UPDATE, "SOFTWARE_UPDATE" )
7778 _S(AUDIT_SYSTEM_BOOT, "SYSTEM_BOOT" )
7879 _S(AUDIT_SYSTEM_SHUTDOWN, "SYSTEM_SHUTDOWN" )
7980 _S(AUDIT_SYSTEM_RUNLEVEL, "SYSTEM_RUNLEVEL" )
+21
-9
lib/netlink.c less more
202202 * error: -errno
203203 * short: 0
204204 */
205 int audit_send(int fd, int type, const void *data, unsigned int size)
205 int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq)
206206 {
207207 static int sequence = 0;
208208 struct audit_message req;
223223
224224 if (++sequence < 0)
225225 sequence = 1;
226 *seq = sequence;
226227
227228 memset(&req, 0, sizeof(req));
228229 req.nlh.nlmsg_len = NLMSG_SPACE(size);
240241 retval = sendto(fd, &req, req.nlh.nlmsg_len, 0,
241242 (struct sockaddr*)&addr, sizeof(addr));
242243 } while (retval < 0 && errno == EINTR);
243 if (retval == (int)req.nlh.nlmsg_len) {
244 if ((retval = check_ack(fd)) == 0)
245 return sequence;
246 else
247 return retval;
248 }
249 if (retval < 0)
250 return -errno;
244 if (retval == (int)req.nlh.nlmsg_len)
245 return check_ack(fd);
246 if (retval < 0) {
247 return -errno;
248 } else if (retval > 0) {
249 errno = EINVAL;
250 return -errno;
251 }
251252
252253 return 0;
254 }
255
256 int audit_send(int fd, int type, const void *data, unsigned int size)
257 {
258 int rc;
259 int seq;
260
261 rc = __audit_send(fd, type, data, size, &seq);
262 if (rc == 0)
263 rc = seq;
264 return rc;
253265 }
254266
255267 /*
+1
-0
lib/private.h less more
120120 #endif
121121
122122 extern int audit_send(int fd, int type, const void *data, unsigned int size);
123 extern int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq);
123124
124125 AUDIT_HIDDEN_START
125126
+2
-2
lib/test/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
m4/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+4
-4
missing less more
00 #! /bin/sh
11 # Common wrapper for a few potentially missing GNU programs.
22
3 scriptversion=2013-10-28.13; # UTC
4
5 # Copyright (C) 1996-2014 Free Software Foundation, Inc.
3 scriptversion=2016-01-11.22; # UTC
4
5 # Copyright (C) 1996-2017 Free Software Foundation, Inc.
66 # Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
77
88 # This program is free software; you can redistribute it and/or modify
209209 # eval: (add-hook 'write-file-hooks 'time-stamp)
210210 # time-stamp-start: "scriptversion="
211211 # time-stamp-format: "%:y-%02m-%02d.%02H"
212 # time-stamp-time-zone: "UTC"
212 # time-stamp-time-zone: "UTC0"
213213 # time-stamp-end: "; # UTC"
214214 # End:
+3
-3
py-compile less more
00 #!/bin/sh
11 # py-compile - Compile a Python program
22
3 scriptversion=2011-06-08.12; # UTC
3 scriptversion=2016-01-11.22; # UTC
44
5 # Copyright (C) 2000-2014 Free Software Foundation, Inc.
5 # Copyright (C) 2000-2017 Free Software Foundation, Inc.
66
77 # This program is free software; you can redistribute it and/or modify
88 # it under the terms of the GNU General Public License as published by
164164 # eval: (add-hook 'write-file-hooks 'time-stamp)
165165 # time-stamp-start: "scriptversion="
166166 # time-stamp-format: "%:y-%02m-%02d.%02H"
167 # time-stamp-time-zone: "UTC"
167 # time-stamp-time-zone: "UTC0"
168168 # time-stamp-end: "; # UTC"
169169 # End:
+2
-2
rules/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
src/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+20
-13
src/auditd-config.c less more
10961096
10971097 if ((ptr1 = strchr(acct, '@'))) {
10981098 char *ptr2;
1099 struct hostent *t_addr;
1099 int rc2;
1100 struct addrinfo *ai;
1101 struct addrinfo hints;
11001102
11011103 ptr2 = strrchr(acct, '.'); // get last dot - sb after @
11021104 if ((ptr2 == NULL) || (ptr1 > ptr2)) {
11051107 return 2;
11061108 }
11071109
1108 t_addr = gethostbyname(ptr1+1);
1109 if (t_addr == 0) {
1110 memset(&hints, 0, sizeof(hints));
1111 hints.ai_flags = AI_ADDRCONFIG | AI_CANONNAME;
1112 hints.ai_socktype = SOCK_STREAM;
1113
1114 rc2 = getaddrinfo(ptr1+1, NULL, &hints, &ai);
1115 freeaddrinfo(ai);
1116 if (rc2 != 0) {
11101117 if ((h_errno == HOST_NOT_FOUND) ||
1111 (h_errno == NO_RECOVERY)) {
1112 audit_msg(LOG_ERR,
1113 "validate_email: failed looking up host for %s",
1114 ptr1+1);
1115 // FIXME: gethostbyname is having trouble
1116 // telling when we have a temporary vs permanent
1117 // dns failure. So, for now, treat all as temp
1118 return 1;
1119 } else if (h_errno == TRY_AGAIN)
1118 (h_errno == NO_RECOVERY)) {
1119 audit_msg(LOG_ERR,
1120 "validate_email: failed looking up host for %s (%s)",
1121 ptr1+1, gai_strerror(rc2));
1122 // FIXME: How can we tell that we truly have
1123 // a permanent failure and what is that? For
1124 // now treat all as temp failure.
1125 } else if (h_errno == TRY_AGAIN) {
11201126 audit_msg(LOG_DEBUG,
11211127 "validate_email: temporary failure looking up domain for %s",
11221128 ptr1+1);
1129 }
11231130 return 1;
11241131 }
11251132 }
18171824 if (rc2 != 0) {
18181825 audit_msg(LOG_ERR,
18191826 "Cannot resolve hostname %s (%s)",
1820 tmp_name, gai_strerror(rc));
1827 tmp_name, gai_strerror(rc2));
18211828 rc = -1;
18221829 break;
18231830 }
+1
-1
src/auditd-event.c less more
10611061 }
10621062 }
10631063
1064 static int last_log = 1;
1064 static unsigned int last_log = 1;
10651065 static void shift_logs(void)
10661066 {
10671067 // The way this has to work is to start scanning from .1 up until
+133
-101
src/auditd-listen.c less more
113113
114114 static void set_close_on_exec(int fd)
115115 {
116 int flags = fcntl (fd, F_GETFD);
116 int flags = fcntl(fd, F_GETFD);
117117 if (flags == -1)
118118 flags = 0;
119119 flags |= FD_CLOEXEC;
120 fcntl (fd, F_SETFD, flags);
120 fcntl(fd, F_SETFD, flags);
121121 }
122122
123123 static void release_client(struct ev_tcp *client)
143143
144144 static void close_client(struct ev_tcp *client)
145145 {
146 release_client (client);
147 free (client);
148 }
149
150 static int ar_write (int sock, const void *buf, int len)
146 release_client(client);
147 free(client);
148 }
149
150 static int ar_write(int sock, const void *buf, int len)
151151 {
152152 int rc = 0, w;
153153 while (len > 0) {
166166 }
167167
168168 #ifdef USE_GSSAPI
169 static int ar_read (int sock, void *buf, int len)
169 static int ar_read(int sock, void *buf, int len)
170170 {
171171 int rc = 0, r;
172172 while (len > 0) {
191191 the tokens. The protocol we use for transferring tokens is to send
192192 the length first, four bytes MSB first, then the token data. We
193193 return nonzero on error. */
194 static int recv_token (int s, gss_buffer_t tok)
194 static int recv_token(int s, gss_buffer_t tok)
195195 {
196196 int ret;
197197 unsigned char lenbuf[4];
198198 unsigned int len;
199199
200 ret = ar_read(s, (char *) lenbuf, 4);
200 ret = ar_read(s, (char *)lenbuf, 4);
201201 if (ret < 0) {
202202 audit_msg(LOG_ERR, "GSS-API error reading token length");
203203 return -1;
219219 }
220220 tok->length = len;
221221
222 tok->value = (char *) malloc(tok->length ? tok->length : 1);
222 tok->value = (char *)malloc(tok->length ? tok->length : 1);
223223 if (tok->length && tok->value == NULL) {
224224 audit_msg(LOG_ERR, "Out of memory allocating token data");
225225 return -1;
226226 }
227227
228 ret = ar_read(s, (char *) tok->value, tok->length);
228 ret = ar_read(s, (char *)tok->value, tok->length);
229229 if (ret < 0) {
230230 audit_msg(LOG_ERR, "GSS-API error reading token data");
231231 free(tok->value);
242242 /* Same here. */
243243 int send_token(int s, gss_buffer_t tok)
244244 {
245 int ret;
245 int ret;
246246 unsigned char lenbuf[4];
247247 unsigned int len;
248248
267267 if (ret < 0) {
268268 audit_msg(LOG_ERR, "GSS-API error sending token data");
269269 return -1;
270 } else if (ret != (int) tok->length) {
270 } else if (ret != (int)tok->length) {
271271 audit_msg(LOG_ERR, "GSS-API error sending token data");
272272 return -1;
273273 }
276276 }
277277
278278
279 static void gss_failure_2 (const char *msg, int status, int type)
279 static void gss_failure_2(const char *msg, int status, int type)
280280 {
281281 OM_uint32 message_context = 0;
282282 OM_uint32 min_status = 0;
283283 gss_buffer_desc status_string;
284284
285285 do {
286 gss_display_status (&min_status,
286 gss_display_status(&min_status,
287287 status,
288288 type,
289289 GSS_C_NO_OID,
297297 } while (message_context != 0);
298298 }
299299
300 static void gss_failure (const char *msg, int major_status, int minor_status)
301 {
302 gss_failure_2 (msg, major_status, GSS_C_GSS_CODE);
300 static void gss_failure(const char *msg, int major_status, int minor_status)
301 {
302 gss_failure_2(msg, major_status, GSS_C_GSS_CODE);
303303 if (minor_status)
304 gss_failure_2 (msg, minor_status, GSS_C_MECH_CODE);
304 gss_failure_2(msg, minor_status, GSS_C_MECH_CODE);
305305 }
306306
307307 #define KCHECK(x,f) if (x) { \
322322 krb5_context kcontext = NULL;
323323 int krberr;
324324
325 my_service_name = strdup (service_name);
325 my_service_name = strdup(service_name);
326326 name_buf.value = (char *)service_name;
327327 name_buf.length = strlen(name_buf.value) + 1;
328328 major_status = gss_import_name(&minor_status, &name_buf,
345345
346346 (void) gss_release_name(&minor_status, &server_name);
347347
348 krberr = krb5_init_context (&kcontext);
348 krberr = krb5_init_context(&kcontext);
349349 KCHECK (krberr, "krb5_init_context");
350 krberr = krb5_get_default_realm (kcontext, &my_gss_realm);
350 krberr = krb5_get_default_realm(kcontext, &my_gss_realm);
351351 KCHECK (krberr, "krb5_get_default_realm");
352352
353353 audit_msg(LOG_DEBUG, "GSS creds for %s acquired", service_name);
359359 the case of Kerberos, this is where the key exchange happens.
360360 FIXME: While everything else is strictly nonblocking, this
361361 negotiation blocks. */
362 static int negotiate_credentials (ev_tcp *io)
362 static int negotiate_credentials(ev_tcp *io)
363363 {
364364 gss_buffer_desc send_tok, recv_tok;
365365 gss_name_t client;
439439
440440 audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
441441 (char *)recv_tok.value);
442 io->remote_name = strdup (recv_tok.value);
443 io->remote_name_len = strlen (recv_tok.value);
442 io->remote_name = strdup(recv_tok.value);
443 io->remote_name_len = strlen(recv_tok.value);
444444 gss_release_buffer(&min_stat, &recv_tok);
445445
446 slashptr = strchr (io->remote_name, '/');
447 atptr = strchr (io->remote_name, '@');
446 slashptr = strchr(io->remote_name, '/');
447 atptr = strchr(io->remote_name, '@');
448448
449449 if (!slashptr || !atptr) {
450450 audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",
453453 }
454454
455455 *slashptr = 0;
456 if (strcmp (io->remote_name, my_service_name)) {
456 if (strcmp(io->remote_name, my_service_name)) {
457457 audit_msg(LOG_ERR, "Unauthorized GSS client name: %s (not %s)",
458458 io->remote_name, my_service_name);
459459 return -1;
460460 }
461461 *slashptr = '/';
462462
463 if (strcmp (atptr+1, my_gss_realm)) {
463 if (strcmp(atptr+1, my_gss_realm)) {
464464 audit_msg(LOG_ERR, "Unauthorized GSS client realm: %s (not %s)",
465465 atptr+1, my_gss_realm);
466466 return -1;
472472
473473 /* This is called from auditd-event after the message has been logged.
474474 The header is already filled in. */
475 static void client_ack (void *ack_data, const unsigned char *header,
475 static void client_ack(void *ack_data, const unsigned char *header,
476476 const char *msg)
477477 {
478478 ev_tcp *io = (ev_tcp *)ack_data;
482482 gss_buffer_desc utok, etok;
483483 int rc, mlen;
484484
485 mlen = strlen (msg);
485 mlen = strlen(msg);
486486 utok.length = AUDIT_RMW_HEADER_SIZE + mlen;
487 utok.value = malloc (utok.length + 1);
488
489 memcpy (utok.value, header, AUDIT_RMW_HEADER_SIZE);
490 memcpy (utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
487 utok.value = malloc(utok.length + 1);
488
489 memcpy(utok.value, header, AUDIT_RMW_HEADER_SIZE);
490 memcpy(utok.value+AUDIT_RMW_HEADER_SIZE, msg, mlen);
491491
492492 /* Wrapping the message creates a token for the
493493 client. Then we just have to worry about sending
494494 the token. */
495495
496 major_status = gss_wrap (&minor_status,
496 major_status = gss_wrap(&minor_status,
497497 io->gss_context,
498498 1,
499499 GSS_C_QOP_DEFAULT,
503503 if (major_status != GSS_S_COMPLETE) {
504504 gss_failure("encrypting message", major_status,
505505 minor_status);
506 free (utok.value);
506 free(utok.value);
507507 return;
508508 }
509509 // FIXME: What were we going to do with rc?
510 rc = send_token (io->io.fd, &etok);
511 free (utok.value);
510 rc = send_token(io->io.fd, &etok);
511 free(utok.value);
512512 (void) gss_release_buffer(&minor_status, &etok);
513513
514514 return;
515515 }
516516 #endif
517517 // Send the header and a text error message if it exists
518 ar_write (io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
518 ar_write(io->io.fd, header, AUDIT_RMW_HEADER_SIZE);
519519 if (msg[0])
520 ar_write (io->io.fd, msg, strlen(msg));
520 ar_write(io->io.fd, msg, strlen(msg));
521521 }
522522
523523 extern void distribute_event(struct auditd_event *e);
539539 unsigned char ack[AUDIT_RMW_HEADER_SIZE];
540540 AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ACK,
541541 0, seq);
542 client_ack (io, ack, "");
542 client_ack(io, ack, "");
543543 } else {
544544 struct auditd_event *e = create_event(
545545 header+AUDIT_RMW_HEADER_SIZE,
551551 }
552552 }
553553
554 static void auditd_tcp_client_handler( struct ev_loop *loop,
555 struct ev_io *_io, int revents )
556 {
557 struct ev_tcp *io = (struct ev_tcp *) _io;
554 static void auditd_tcp_client_handler(struct ev_loop *loop,
555 struct ev_io *_io, int revents)
556 {
557 struct ev_tcp *io = (struct ev_tcp *)_io;
558558 int i, r;
559559 int total_this_call = 0;
560560
585585 otherwise fails, the read will return -1. */
586586 if (r <= 0) {
587587 if (r < 0)
588 audit_msg (LOG_WARNING,
588 audit_msg(LOG_WARNING,
589589 "client %s socket closed unexpectedly",
590590 sockaddr_to_addr4(&io->addr));
591591
592592 /* There may have been a final message without a LF. */
593593 if (io->bufptr) {
594 client_message (io, io->bufptr, io->buffer);
595
596 }
597
598 ev_io_stop (loop, _io);
599 close_client (io);
594 client_message(io, io->bufptr, io->buffer);
595
596 }
597
598 ev_io_stop(loop, _io);
599 close_client(io);
600600 return;
601601 }
602602
634634
635635 /* Unwrapping the token gives us the original message,
636636 which we know is already a single record. */
637 major_status = gss_unwrap (&minor_status, io->gss_context,
637 major_status = gss_unwrap(&minor_status, io->gss_context,
638638 &etok, &utok, NULL, NULL);
639639
640640 if (major_status != GSS_S_COMPLETE) {
644644 /* client_message() wants to NUL terminate it,
645645 so copy it to a bigger buffer. Plus, we
646646 want to add our own tag. */
647 memcpy (msgbuf, utok.value, utok.length);
647 memcpy(msgbuf, utok.value, utok.length);
648648 while (utok.length > 0 && msgbuf[utok.length-1] == '\n')
649649 utok.length --;
650 snprintf (msgbuf + utok.length,
650 snprintf(msgbuf + utok.length,
651651 MAX_AUDIT_MESSAGE_LENGTH - utok.length,
652652 " krb5=%s", io->remote_name);
653653 utok.length += 6 + io->remote_name_len;
680680 return;
681681
682682 /* We have an I-byte message in buffer. Send ACK */
683 client_message (io, i, io->buffer);
683 client_message(io, i, io->buffer);
684684
685685 } else {
686686 /* At this point, the buffer has IO->BUFPTR+R bytes in it.
700700 i++;
701701
702702 /* We have an I-byte message in buffer. Send ACK */
703 client_message (io, i, io->buffer);
703 client_message(io, i, io->buffer);
704704 }
705705
706706 /* Now copy any remaining bytes to the beginning of the
729729
730730 request_init(&request, RQ_DAEMON, "auditd", RQ_FILE, sock, 0);
731731 fromhost(&request);
732 if (! hosts_access(&request))
732 if (!hosts_access(&request))
733733 return 1;
734734 return 0;
735735 }
758758 }
759759
760760 static void auditd_tcp_listen_handler( struct ev_loop *loop,
761 struct ev_io *_io, int revents )
761 struct ev_io *_io, int revents)
762762 {
763763 int one=1;
764764 int afd;
769769
770770 /* Accept the connection and see where it's coming from. */
771771 aaddrlen = sizeof(aaddr);
772 afd = accept (_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
772 afd = accept(_io->fd, (struct sockaddr *)&aaddr, &aaddrlen);
773773 if (afd == -1) {
774774 audit_msg(LOG_ERR, "Unable to accept TCP connection");
775775 return;
792792
793793 /* Verify it's coming from an authorized port. We assume the firewall
794794 * will block attempts from unauthorized machines. */
795 if (min_port > ntohs (aaddr.sin_port) ||
796 ntohs (aaddr.sin_port) > max_port) {
795 if (min_port > ntohs(aaddr.sin_port) ||
796 ntohs(aaddr.sin_port) > max_port) {
797797 audit_msg(LOG_ERR, "TCP connection from %s rejected",
798798 sockaddr_to_addr4(&aaddr));
799799 snprintf(emsg, sizeof(emsg),
824824 setsockopt(afd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (int));
825825 setsockopt(afd, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof (int));
826826 setsockopt(afd, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof (int));
827 set_close_on_exec (afd);
827 set_close_on_exec(afd);
828828
829829 /* Make the client data structure */
830 client = (struct ev_tcp *) malloc (sizeof (struct ev_tcp));
830 client = (struct ev_tcp *)malloc (sizeof (struct ev_tcp));
831831 if (client == NULL) {
832832 audit_msg(LOG_CRIT, "Unable to allocate TCP client data");
833833 snprintf(emsg, sizeof(emsg),
834834 "op=alloc addr=%s port=%d res=no",
835835 sockaddr_to_ipv4(&aaddr),
836 ntohs (aaddr.sin_port));
836 ntohs(aaddr.sin_port));
837837 send_audit_event(AUDIT_DAEMON_ACCEPT, emsg);
838838 shutdown(afd, SHUT_RDWR);
839839 close(afd);
840840 return;
841841 }
842842
843 memset (client, 0, sizeof (struct ev_tcp));
843 memset(client, 0, sizeof (struct ev_tcp));
844844 client->client_active = 1;
845845
846846 // Was watching for EV_ERROR, but libev 3.48 took it away
847 ev_io_init (&(client->io), auditd_tcp_client_handler, afd, EV_READ);
848
849 memcpy (&client->addr, &aaddr, sizeof (struct sockaddr_in));
847 ev_io_init(&(client->io), auditd_tcp_client_handler, afd, EV_READ);
848
849 memcpy(&client->addr, &aaddr, sizeof (struct sockaddr_in));
850850
851851 #ifdef USE_GSSAPI
852852 if (use_gss && negotiate_credentials (client)) {
859859 #endif
860860
861861 fcntl(afd, F_SETFL, O_NONBLOCK | O_NDELAY);
862 ev_io_start (loop, &(client->io));
862 ev_io_start(loop, &(client->io));
863863
864864 /* Add the new connection to a linked list of active clients. */
865865 client->next = client_chain;
882882 }
883883
884884 static void periodic_handler(struct ev_loop *loop, struct ev_periodic *per,
885 int revents )
885 int revents)
886886 {
887887 struct daemon_conf *config = (struct daemon_conf *) per->data;
888888 struct ev_tcp *ev, *next = NULL;
901901 audit_msg(LOG_NOTICE,
902902 "client %s idle too long - closing connection\n",
903903 sockaddr_to_addr4(&(ev->addr)));
904 ev_io_stop (loop, &ev->io);
904 ev_io_stop(loop, &ev->io);
905905 release_client(ev);
906906 free(ev);
907907 }
908908 }
909909
910 int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config )
910 int auditd_tcp_listen_init(struct ev_loop *loop, struct daemon_conf *config)
911911 {
912912 struct addrinfo *ai, *runp;
913913 struct addrinfo hints;
914914 char local[16];
915915 int one = 1, rc;
916
917 ev_periodic_init (&periodic_watcher, periodic_handler,
916 int prefer_ipv6 = 0;
917
918 ev_periodic_init(&periodic_watcher, periodic_handler,
918919 0, config->tcp_client_max_idle, NULL);
919920 periodic_watcher.data = config;
920921 if (config->tcp_client_max_idle)
921 ev_periodic_start (loop, &periodic_watcher);
922 ev_periodic_start(loop, &periodic_watcher);
922923
923924 /* If the port is not set, that means we aren't going to
924925 listen for connections. */
928929 memset(&hints, '\0', sizeof(hints));
929930 hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
930931 hints.ai_socktype = SOCK_STREAM;
932 hints.ai_family = AF_UNSPEC;
931933 snprintf(local, sizeof(local), "%ld", config->tcp_listen_port);
932934
933935 rc = getaddrinfo(NULL, local, &hints, &ai);
936938 return 1;
937939 }
938940
941 {
942 int ipv4 = 0, ipv6 = 0;
939943 nlsocks = 0;
940944 runp = ai;
941945 while (runp && nlsocks < N_SOCKS) {
942 listen_socket[nlsocks] = socket (runp->ai_family,
946 // Let's take a pass through and see what we got.
947 if (runp->ai_family == AF_INET)
948 ipv4++;
949 else if (runp->ai_family == AF_INET6)
950 ipv6++;
951 runp = runp->ai_next;
952 nlsocks++;
953 }
954
955 if (nlsocks == 2 && ipv4 && ipv6)
956 prefer_ipv6 = 1;
957 }
958
959 nlsocks = 0;
960 runp = ai;
961 while (runp && nlsocks < N_SOCKS) {
962 // On linux, ipv6 sockets by default include ipv4 so
963 // we only need one.
964 if (runp->ai_family == AF_INET && prefer_ipv6)
965 goto next_try;
966
967 listen_socket[nlsocks] = socket(runp->ai_family,
943968 runp->ai_socktype, runp->ai_protocol);
944969 if (listen_socket[nlsocks] < 0) {
945970 audit_msg(LOG_ERR, "Cannot create tcp listener socket");
949974 /* This avoids problems if auditd needs to be restarted. */
950975 setsockopt(listen_socket[nlsocks], SOL_SOCKET, SO_REUSEADDR,
951976 (char *)&one, sizeof (int));
952 set_close_on_exec (listen_socket[nlsocks]);
977
978 // If we had more than 2 addresses suggested we'll
979 // separate the sockets.
980 if (!prefer_ipv6 && runp->ai_family == AF_INET6)
981 setsockopt(listen_socket[nlsocks], IPPROTO_IPV6,
982 IPV6_V6ONLY, &one, sizeof(int));
983
984 set_close_on_exec(listen_socket[nlsocks]);
953985
954986 if (bind(listen_socket[nlsocks], runp->ai_addr,
955987 runp->ai_addrlen)) {
9761008 p ? p->p_name: "?");
9771009 endprotoent();
9781010
979 ev_io_init (&tcp_listen_watcher, auditd_tcp_listen_handler,
1011 ev_io_init(&tcp_listen_watcher, auditd_tcp_listen_handler,
9801012 listen_socket[nlsocks], EV_READ);
981 ev_io_start (loop, &tcp_listen_watcher);
1013 ev_io_start(loop, &tcp_listen_watcher);
9821014 non_fatal:
9831015 nlsocks++;
9841016 if (nlsocks == N_SOCKS)
10131045 key_file = "/etc/audit/audit.key";
10141046 setenv ("KRB5_KTNAME", key_file, 1);
10151047
1016 if (stat (key_file, &st) == 0) {
1048 if (stat(key_file, &st) == 0) {
10171049 if ((st.st_mode & 07777) != 0400) {
10181050 audit_msg (LOG_ERR,
10191051 "%s is not mode 0400 (it's %#o) - compromised key?",
10211053 return -1;
10221054 }
10231055 if (st.st_uid != 0) {
1024 audit_msg (LOG_ERR,
1056 audit_msg(LOG_ERR,
10251057 "%s is not owned by root (it's %d) - compromised key?",
10261058 key_file, st.st_uid);
10271059 return -1;
10351067 return 0;
10361068 }
10371069
1038 void auditd_tcp_listen_uninit ( struct ev_loop *loop,
1039 struct daemon_conf *config )
1070 void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)
10401071 {
10411072 #ifdef USE_GSSAPI
10421073 OM_uint32 status;
10431074 #endif
10441075
1045 ev_io_stop ( loop, &tcp_listen_watcher );
1076 ev_io_stop(loop, &tcp_listen_watcher);
10461077 while (nlsocks >= 0) {
10471078 nlsocks--;
1048 close ( listen_socket[nlsocks] );
1079 close (listen_socket[nlsocks]);
10491080 }
10501081
10511082 #ifdef USE_GSSAPI
10591090 unsigned char ack[AUDIT_RMW_HEADER_SIZE];
10601091
10611092 AUDIT_RMW_PACK_HEADER (ack, 0, AUDIT_RMW_TYPE_ENDING, 0, 0);
1062 client_ack (client_chain, ack, "");
1063 ev_io_stop (loop, &client_chain->io);
1064 close_client (client_chain);
1093 client_ack(client_chain, ack, "");
1094 ev_io_stop(loop, &client_chain->io);
1095 close_client(client_chain);
10651096 }
10661097
10671098 if (config->tcp_client_max_idle)
1068 ev_periodic_stop (loop, &periodic_watcher);
1099 ev_periodic_stop(loop, &periodic_watcher);
10691100 }
10701101
10711102 static void periodic_reconfigure(struct daemon_conf *config)
10721103 {
1073 struct ev_loop *loop = ev_default_loop (EVFLAG_AUTO);
1104 struct ev_loop *loop = ev_default_loop(EVFLAG_AUTO);
10741105 if (config->tcp_client_max_idle) {
1075 ev_periodic_set (&periodic_watcher, ev_now (loop),
1106 ev_periodic_set(&periodic_watcher, ev_now(loop),
10761107 config->tcp_client_max_idle, NULL);
1077 ev_periodic_start (loop, &periodic_watcher);
1108 ev_periodic_start(loop, &periodic_watcher);
10781109 } else {
1079 ev_periodic_stop (loop, &periodic_watcher);
1080 }
1081 }
1082
1083 void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
1084 struct daemon_conf *oconf )
1110 ev_periodic_stop(loop, &periodic_watcher);
1111 }
1112 }
1113
1114 void auditd_tcp_listen_reconfigure(struct daemon_conf *nconf,
1115 struct daemon_conf *oconf)
10851116 {
10861117 use_libwrap = nconf->use_libwrap;
10871118
11111142 // and recredential if needed.
11121143 oconf->krb5_principal = nconf->krb5_principal;
11131144 }
1145
+8
-8
src/aureport-output.c less more
215215 case RPT_AVC:
216216 printf("AVC Report\n");
217217 printf(
218 "========================================================\n");
219 printf(
220 "# date time comm subj syscall class permission obj event\n");
221 printf(
222 "========================================================\n");
218 "===============================================================\n");
219 printf(
220 "# date time comm subj syscall class permission obj result event\n");
221 printf(
222 "===============================================================\n");
223223 break;
224224 case RPT_CONFIG:
225225 printf("Config Change Report\n");
539539 break;
540540 case RPT_LOGIN:
541541 // who, addr, terminal, exe, success, event
542 // Special note...uid is used here because that is
543 // the way that the message works. This is because
544 // on failed logins, loginuid is not set.
542 // Special note...loginuid can be used here for
543 // successful logins. loginuid is not set on failed
544 // logins so acct is used in that situation.
545545 safe_print_string(((l->s.success == S_FAILED) &&
546546 l->s.acct) ? l->s.acct :
547547 aulookup_uid(l->s.loginuid,
+55
-36
src/ausearch-parse.c less more
947947 *term = saved;
948948 }
949949 }
950 if (event_subject) {
951 str = strstr(term, "vm-ctx=");
952 if (str != NULL) {
953 str += 7;
954 term = strchr(str, ' ');
955 if (term == NULL)
956 return 27;
957 *term = 0;
958 if (audit_avc_init(s) == 0) {
959 anode an;
960
961 anode_init(&an);
962 an.scontext = strdup(str);
963 alist_append(s->avc, &an);
964 *term = ' ';
965 } else
966 return 28;
967 }
968 }
969 if (event_object) {
970 str = strstr(term, "img-ctx=");
971 if (str != NULL) {
972 str += 8;
973 term = strchr(str, ' ');
974 if (term == NULL)
975 return 29;
976 *term = 0;
977 if (audit_avc_init(s) == 0) {
978 anode an;
979
980 anode_init(&an);
981 an.tcontext = strdup(str);
982 alist_append(s->avc, &an);
983 *term = ' ';
984 } else
985 return 30;
950 if (n->type == AUDIT_VIRT_MACHINE_ID) {
951 if (event_subject) {
952 str = strstr(term, "vm-ctx=");
953 if (str != NULL) {
954 str += 7;
955 term = strchr(str, ' ');
956 if (term == NULL)
957 return 27;
958 *term = 0;
959 if (audit_avc_init(s) == 0) {
960 anode an;
961
962 anode_init(&an);
963 an.scontext = strdup(str);
964 alist_append(s->avc, &an);
965 *term = ' ';
966 } else
967 return 28;
968 }
969 }
970 if (event_object) {
971 str = strstr(term, "img-ctx=");
972 if (str != NULL) {
973 str += 8;
974 term = strchr(str, ' ');
975 if (term == NULL)
976 return 29;
977 *term = 0;
978 if (audit_avc_init(s) == 0) {
979 anode an;
980
981 anode_init(&an);
982 an.tcontext = strdup(str);
983 alist_append(s->avc, &an);
984 *term = ' ';
985 } else
986 return 30;
987 }
988 }
989 } else if (n->type == AUDIT_VIRT_RESOURCE) {
990 if (event_filename) {
991 unsigned int incr = 6;
992 str = strstr(term, " path=");
993 if (str == NULL) {
994 incr = 10;
995 str = strstr(term, " new-disk=");
996 }
997 if (str != NULL) {
998 int rc;
999 str += incr;
1000 rc = common_path_parser(s, str);
1001 if (rc)
1002 return rc;
1003 term = str;
1004 }
9861005 }
9871006 }
9881007 // optionally get uid - some records the second uid is what we want.
+2
-2
src/libev/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
src/test/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+3
-3
test-driver less more
00 #! /bin/sh
11 # test-driver - basic testsuite driver script.
22
3 scriptversion=2013-07-13.22; # UTC
3 scriptversion=2016-01-11.22; # UTC
44
5 # Copyright (C) 2011-2014 Free Software Foundation, Inc.
5 # Copyright (C) 2011-2017 Free Software Foundation, Inc.
66 #
77 # This program is free software; you can redistribute it and/or modify
88 # it under the terms of the GNU General Public License as published by
142142 # eval: (add-hook 'write-file-hooks 'time-stamp)
143143 # time-stamp-start: "scriptversion="
144144 # time-stamp-format: "%:y-%02m-%02d.%02H"
145 # time-stamp-time-zone: "UTC"
145 # time-stamp-time-zone: "UTC0"
146146 # time-stamp-end: "; # UTC"
147147 # End:
+2
-2
tools/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
tools/aulast/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
tools/aulastlog/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
tools/ausyscall/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
+2
-2
tools/auvirt/Makefile.in less more
0 # Makefile.in generated by automake 1.15 from Makefile.am.
0 # Makefile.in generated by automake 1.15.1 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2014 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2017 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,