diff options
| author | zer0def | 2019-04-02 17:20:52 +0200 |
|---|---|---|
| committer | zer0def | 2019-04-02 17:20:52 +0200 |
| commit | e2bc14fee836d67634a21d31dd8a6fa3616fa774 (patch) | |
| tree | 68ba1742d3829a03acdd8f5f69fc480c378f247b | |
| download | aur-e2bc14fee836d67634a21d31dd8a6fa3616fa774.tar.gz | |
Initial commit.
| -rw-r--r-- | .SRCINFO | 18 | ||||
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | PKGBUILD | 41 | ||||
| -rw-r--r-- | audisp-json.patch | 55 |
4 files changed, 118 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..9809ddebad96 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,18 @@ +pkgbase = audisp-json-git + pkgdesc = Audisp plugin outputting auditd events as JSON. + pkgver = 2.2.4.r4.f8d754c + pkgrel = 1 + url = https://github.com/gdestuynder/audisp-json + arch = any + makedepends = libtool + depends = audit + depends = curl + provides = audisp-json + conflicts = audisp-json + source = audisp-json-git::git+https://github.com/gdestuynder/audisp-json + source = audisp-json.patch + sha512sums = SKIP + sha512sums = bd09bdd5c4b138e3f51fd24e23c4a0d5066550c34bc2b6a91c7547c4d2fb24555a2b5b4adda712c3927dfd19b2acaa239d41f43ec4115ae9fc7ee31ad4fb94e8 + +pkgname = audisp-json-git + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..f5c00b8f5824 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.pkg.tar.xz +audisp-json-git/ +src/ +pkg/ diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..54d422df264b --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,41 @@ +# Maintainer: zer0def <zer0def on freenode> +pkgname=audisp-json-git +pkgver=2.2.4.r4.f8d754c +pkgrel=1 +pkgdesc="Audisp plugin outputting auditd events as JSON." +url="https://github.com/gdestuynder/audisp-json" +arch=('any') +makedepends=('libtool') +depends=('audit' 'curl') +provides=('audisp-json') +conflicts=('audisp-json') +source=("${pkgname}::git+https://github.com/gdestuynder/audisp-json" + 'audisp-json.patch') +sha512sums=('SKIP' + 'bd09bdd5c4b138e3f51fd24e23c4a0d5066550c34bc2b6a91c7547c4d2fb24555a2b5b4adda712c3927dfd19b2acaa239d41f43ec4115ae9fc7ee31ad4fb94e8') + +pkgver() { + cd "${srcdir}/${pkgname}" + GITTAG="$(git describe --abbrev=0 --tags 2>/dev/null)" + printf '%s.r%s.%s' \ + "${GITTAG}" \ + "$(git rev-list --count ${GITTAG}..)" \ + "$(git rev-parse --short HEAD)" +} + +prepare() { + cd "${srcdir}/${pkgname}" + patch -p1 < ${srcdir}/audisp-json.patch +} + +build() { + cd "${srcdir}/${pkgname}" + make +} + +package() { + cd "${srcdir}/${pkgname}" + install -Dm644 "au-json.conf" "${pkgdir}/etc/audisp/plugins.d/au-json.conf" + echo 'file_log = /var/log/audisp.json' > "${pkgdir}/etc/audisp/audisp-json.conf" + install -Dm755 "audisp-json" "${pkgdir}/sbin/audisp-json" +} diff --git a/audisp-json.patch b/audisp-json.patch new file mode 100644 index 000000000000..d20030e9ce0c --- /dev/null +++ b/audisp-json.patch @@ -0,0 +1,55 @@ +diff --git a/audisp-json.c b/audisp-json.c +index 5e3e943..27542cd 100644 +--- a/audisp-json.c ++++ b/audisp-json.c +@@ -630,7 +630,7 @@ attr_t *_json_add_attr(attr_t *list, const char *st, char *val, int freeme) + syslog(LOG_ERR, "json_add_attr() malloc failed attribute will be empty: %s", st); + return list; + } +- snprintf(new->value, MAX_ATTR_SIZE, "\t\t\"%s\": \"%s\"", st, unescape(val)); ++ snprintf(new->value, MAX_ATTR_SIZE, "\"%s\":\"%s\"", st, unescape(val)); + new->next = list; + + if (freeme) { +@@ -734,35 +734,21 @@ void syslog_json_msg(struct json_msg_type json_msg) + } + + len = snprintf(new_q->msg, MAX_JSON_MSG_SIZE, +-"{\n\ +- \"category\": \"%s\",\n\ +- \"summary\": \"%s\",\n\ +- \"severity\": \"%s\",\n\ +- \"hostname\": \"%s\",\n\ +- \"processid\": \"%i\",\n\ +- \"processname\": \"%s\",\n\ +- \"timestamp\": \"%s\",\n\ +- \"tags\": [\n\ +- \"%s\",\n\ +- \"%s\",\n\ +- \"audit\"\n\ +- ],\n\ +- \"details\": {", ++"{\"category\":\"%s\",\"summary\":\"%s\",\"severity\":\"%s\",\"hostname\":\"%s\",\"processid\":\"%i\",\"processname\":\"%s\",\"timestamp\":\"%s\",\"tags\":[\"%s\",\"%s\",\"audit\"],\"details\":{", + json_msg.category, json_msg.summary, json_msg.severity, json_msg.hostname, json_msg.processid, + PROGRAM_NAME, json_msg.timestamp, PROGRAM_NAME, STR(PROGRAM_VERSION)); + + while (head) { +- len += snprintf(new_q->msg+len, MAX_JSON_MSG_SIZE-len, "\n%s,", head->value); ++ len += snprintf(new_q->msg+len, MAX_JSON_MSG_SIZE-len, "%s", head->value); + prev = head; + head = head->next; +- free(prev); +- +- if (head == NULL) { +- new_q->msg[len-1] = '\n'; ++ if (head != NULL) { ++ len += snprintf(new_q->msg+len, MAX_JSON_MSG_SIZE-len, ","); + } ++ free(prev); + } + +- len += snprintf(new_q->msg+len, MAX_JSON_MSG_SIZE-len, " }\n}\n"); ++ len += snprintf(new_q->msg+len, MAX_JSON_MSG_SIZE-len, "}}\n"); + new_q->msg[MAX_JSON_MSG_SIZE-1] = '\0'; + + /* If using curl, fill up the queue, else just print to file */ |