[yocto] [PATCH 1/2] audit: Add systemd support
rongqing.li at windriver.com
rongqing.li at windriver.com
Mon Mar 3 21:52:29 PST 2014
From: Roy Li <rongqing.li at windriver.com>
Audit unit file is from https://fedorahosted.org/audit/browser/trunk/init.d/auditd.service
Signed-off-by: Roy Li <rongqing.li at windriver.com>
---
recipes-security/audit/audit/audit-volatile.conf | 1 +
recipes-security/audit/audit/auditd.service | 21 +++++++++++++++++++++
recipes-security/audit/audit_2.3.2.bb | 18 ++++++++++++++++--
3 files changed, 38 insertions(+), 2 deletions(-)
create mode 100644 recipes-security/audit/audit/audit-volatile.conf
create mode 100644 recipes-security/audit/audit/auditd.service
diff --git a/recipes-security/audit/audit/audit-volatile.conf b/recipes-security/audit/audit/audit-volatile.conf
new file mode 100644
index 0000000..9cbe154
--- /dev/null
+++ b/recipes-security/audit/audit/audit-volatile.conf
@@ -0,0 +1 @@
+d /var/log/audit 0750 root root -
diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
new file mode 100644
index 0000000..6daa056
--- /dev/null
+++ b/recipes-security/audit/audit/auditd.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Security Auditing Service
+DefaultDependencies=no
+After=local-fs.target
+Conflicts=shutdown.target
+Before=sysinit.target shutdown.target
+After=systemd-tmpfiles-setup.service
+RefuseManualStop=yes
+
+[Service]
+ExecStart=/sbin/auditd -n
+## To use augenrules, copy this file to /etc/systemd/system/auditd.service
+## and uncomment the next line and delete/comment out the auditctl line.
+## Then copy existing rules to /etc/audit/rules.d/
+## Not doing this last step can cause loss of existing rules
+#ExecStartPost=-/sbin/augenrules --load
+ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index edcb881..eafcd30 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -14,14 +14,19 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
file://audit-python-configure.patch \
file://audit-for-cross-compiling.patch \
file://auditd \
- file://fix-swig-host-contamination.patch"
+ file://fix-swig-host-contamination.patch \
+ file://auditd.service \
+ file://audit-volatile.conf \
+"
-inherit autotools pythonnative update-rc.d
+inherit autotools pythonnative update-rc.d systemd
UPDATERCPN = "auditd"
INITSCRIPT_NAME = "auditd"
INITSCRIPT_PARAMS = "defaults"
+SYSTEMD_SERVICE_${PN} = "auditd.service"
+
SRC_URI[md5sum] = "4e8d065b5cc16b77b9b61e93a9ed160e"
SRC_URI[sha256sum] = "8872e0b5392888789061db8034164305ef0e1b34543e1e7004d275f039081d29"
@@ -74,4 +79,13 @@ do_install_append() {
# replace init.d
install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
rm -rf ${D}/etc/rc.d
+
+ if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/tmpfiles.d/
+ install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
+ fi
+
+ # install systemd unit files
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
}
--
1.7.10.4
More information about the yocto
mailing list