Move all audispd config files under /etc/audit/

ChangeLog

@@ -19,6 +19,7 @@
 - Close on execute init_pipe fd (#1587995)
 - Breakout audisp syslog plugin to be standalone program
 - Create a common internal library to reduce code
+- Move all audispd config files under /etc/audit/
 
 2.8.3
 - Correct msg function name in LRU debug code

audisp/audispd-config.c

@@ -467,7 +467,7 @@ static int sanity_check(daemon_conf_t *config, const char *file)
 {
 	/* Error checking */
 	if (config->plugin_dir == NULL)
-		config->plugin_dir = strdup("/etc/audisp/plugins.d/");
+		config->plugin_dir = strdup("/etc/audit/plugins.d/");
 	return 0;
 }
 

audisp/audispd.c

@@ -51,7 +51,7 @@ static volatile int stop = 0;
 volatile int disp_hup = 0;
 
 /* Local data */
-#define DEFAULT_CONFIG_FILE "/etc/audisp/audispd.conf"
+#define DEFAULT_CONFIG_FILE "/etc/audit/audispd.conf"
 static daemon_conf_t daemon_config;
 static conf_llist plugin_conf;
 static pthread_t outbound_thread;

audisp/plugins/builtins/Makefile.am

@@ -23,7 +23,7 @@
 CONFIG_CLEAN_FILES = *.rej *.orig
 CONF_FILES = af_unix.conf
 EXTRA_DIST = $(CONF_FILES)
-plugin_confdir=$(sysconfdir)/audisp/plugins.d
+plugin_confdir=$(sysconfdir)/audit/plugins.d
 
 install-data-hook:
 	mkdir -p -m 0750 ${DESTDIR}${plugin_confdir}

audisp/plugins/remote/Makefile.am

@@ -23,7 +23,7 @@
 CONFIG_CLEAN_FILES = *.loT *.rej *.orig
 EXTRA_DIST = au-remote.conf audisp-remote.conf notes.txt $(man_MANS)
 AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/common
-prog_confdir = $(sysconfdir)/audisp
+prog_confdir = $(sysconfdir)/audit
 prog_conf = audisp-remote.conf
 plugin_confdir=$(prog_confdir)/plugins.d
 plugin_conf = au-remote.conf

audisp/plugins/remote/audisp-remote.8

@@ -26,7 +26,7 @@ SIGUSR2
 Causes the audisp-remote program to resume logging if it were suspended due to an error.
 
 .SH FILES
-/etc/audisp/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/audisp/audispd.conf, /etc/audisp/audisp-remote.conf
+/etc/audit/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/audit/audispd.conf, /etc/audit/audisp-remote.conf
 .SH "SEE ALSO"
 .BR audispd (8),
 .BR auditd.conf(8),

audisp/plugins/remote/audisp-remote.c

@@ -54,7 +54,7 @@
 #include "queue.h"
 #include "common.h"
 
-#define CONFIG_FILE "/etc/audisp/audisp-remote.conf"
+#define CONFIG_FILE "/etc/audit/audisp-remote.conf"
 #define BUF_SIZE 32
 
 /* MAX_AUDIT_MESSAGE_LENGTH, aligned to 4 KB so that an average q_append() only

audisp/plugins/syslog/Makefile.am

@@ -23,7 +23,7 @@
 CONFIG_CLEAN_FILES = *.loT *.rej *.orig
 EXTRA_DIST = syslog.conf
 AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/common 
-prog_confdir = $(sysconfdir)/audisp
+prog_confdir = $(sysconfdir)/audit
 plugin_confdir=$(prog_confdir)/plugins.d
 plugin_conf = syslog.conf
 sbin_PROGRAMS = audisp-syslog

audisp/plugins/zos-remote/Makefile.am

@@ -27,9 +27,9 @@ AUTOMAKE_OPTIONS = no-dependencies
 EXTRA_DIST = zos-remote.conf audispd-zos-remote.conf
 LIBS = -L${top_builddir}/auparse -lauparse
 LDADD = -lpthread -lldap -llber $(CAPNG_LDADD) 
-dispatcher_confdir = $(sysconfdir)/audisp
-plugin_confdir=$(dispatcher_confdir)/plugins.d
+plugin_confdir=$(sysconfdir)/audit
 plugin_conf = zos-remote.conf
+dispatcher_confdir = $(plugin_confdir)/plugins.d
 dispatcher_conf = audispd-zos-remote.conf
 sbin_PROGRAMS = audispd-zos-remote
 
@@ -43,10 +43,10 @@ audispd_zos_remote_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now
 install-data-hook:
 	mkdir -p -m 0750 ${DESTDIR}${plugin_confdir}
 	$(INSTALL_DATA) -D -m 640 ${srcdir}/$(plugin_conf) \
-	    ${DESTDIR}${dispatcher_confdir}
-	$(INSTALL_DATA) -D -m 640 ${srcdir}/$(dispatcher_conf) \
 	    ${DESTDIR}${plugin_confdir}
+	$(INSTALL_DATA) -D -m 640 ${srcdir}/$(dispatcher_conf) \
+	    ${DESTDIR}${dispatcher_confdir}
 
 uninstall-hook:
-	rm ${DESTDIR}${plugin_confdir}/$(dispatcher_conf)
-	rm ${DESTDIR}${dispatcher_confdir}/$(plugin_conf)
+	rm ${DESTDIR}${plugin_confdir}/$(plugin_conf)
+	rm ${DESTDIR}${dispatcher_confdir}/$(dispatcher_conf)

audisp/plugins/zos-remote/zos-remote-plugin.c

@@ -56,7 +56,7 @@ volatile int stop = 0;
 volatile int hup = 0;
 volatile ZOS_REMOTE zos_remote_inst;
 static plugin_conf_t conf;
-static const char *def_config_file = "/etc/audisp/zos-remote.conf";
+static const char *def_config_file = "/etc/audit/zos-remote.conf";
 static pthread_t submission_thread;
 pid_t mypid = 0;
 

audit.spec

@@ -101,7 +101,7 @@ behavior.
 make CFLAGS="%{optflags}" %{?_smp_mflags}
 
 %install
-mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audispd/plugins.d,etc/audit/rules.d}
+mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audit/plugins.d,etc/audit/rules.d}
 mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
 mkdir -p $RPM_BUILD_ROOT/%{_lib}
 mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
@@ -236,24 +236,23 @@ fi
 %attr(-,root,-) %dir %{_var}/log/audit
 %attr(750,root,root) %dir /etc/audit
 %attr(750,root,root) %dir /etc/audit/rules.d
-%attr(750,root,root) %dir /etc/audisp
-%attr(750,root,root) %dir /etc/audisp/plugins.d
+%attr(750,root,root) %dir /etc/audit/plugins.d
 %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
 %ghost %config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules
 %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
-%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
-%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/audispd.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
 
 %files -n audispd-plugins
 %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
 %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
-%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
-%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf
 %attr(750,root,root) /sbin/audispd-zos-remote
-%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
-%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
-%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
 %attr(750,root,root) /sbin/audisp-remote
 %attr(750,root,root) /sbin/audisp-syslog
 %attr(700,root,root) %dir %{_var}/spool/audit

docs/audispd-zos-remote.8

@@ -36,22 +36,22 @@ section below for more information about the resulting SMF record format.
 
 .BR audispd (8)
 must be configured to start the plugin. This is done by a configuration file usually located at
-.IR /etc/audisp/plugins.d/audispd\-zos\-remote.conf ,
+.IR /etc/audit/plugins.d/audispd\-zos\-remote.conf ,
 but multiple instances can be spawned by having multiple configuration files in
-.I /etc/audisp/plugins.d
+.I /etc/audit/plugins.d
 for the same plugin executable (see
 .BR audispd (8)).
 
 Each instance needs a configuration file, located by default at
-.IR /etc/audisp/zos\-remote.conf .
+.IR /etc/audit/zos\-remote.conf .
 Check
 .BR zos\-remote.conf (5)
 for details about the plugin configuration.
 
 .SH OPTIONS
 .IP config-file
 Use an alternate configuration file instead of
-.IR /etc/audisp/zos\-remote.conf .
+.IR /etc/audit/zos\-remote.conf .
 
 .SH SIGNALS
 .B audispd\-zos\-remote
@@ -232,8 +232,8 @@ don't have access to the IRR.LDAP.REMOTE.AUDIT FACILITY Class profile. See
 The plugin currently does remote auditing in a best-effort basis, and will dischard events in case the z/OS server cannot be contacted (network failures) or in any other case that event submission fails. 
 
 .SH FILES
-/etc/audisp/plugins.d/audispd\-zos\-remote.conf
-/etc/audisp/zos\-remote.conf
+/etc/audit/plugins.d/audispd\-zos\-remote.conf
+/etc/audit/zos\-remote.conf
 .SH "SEE ALSO"
 .BR auditd (8),
 .BR zos\-remote.conf (5).

init.d/Makefile.am

@@ -27,8 +27,6 @@ EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \
 	auditd.rotate auditd.state auditd.stop \
 	audit-stop.rules augenrules
 libconfig = libaudit.conf
-dispconfig = audispd.conf
-dispconfigdir = $(sysconfdir)/audisp
 if ENABLE_SYSTEMD
 initdir = /usr/lib/systemd/system
 legacydir = $(libexecdir)/initscripts/legacy-actions/auditd
@@ -39,11 +37,10 @@ endif
 
 auditdir = $(sysconfdir)/audit
 auditrdir = $(auditdir)/rules.d
-dist_audit_DATA = auditd.conf audit-stop.rules
+dist_audit_DATA = auditd.conf audispd.conf audit-stop.rules
 sbin_SCRIPTS = augenrules
 
 install-data-hook:
-	$(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig} ${DESTDIR}${dispconfigdir}
 	$(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir}
 if ENABLE_SYSTEMD
 else
@@ -69,7 +66,6 @@ endif
 
 
 uninstall-hook:
-	rm ${DESTDIR}${dispconfigdir}/${dispconfig}
 	rm ${DESTDIR}${sysconfdir}/${libconfig}
 if ENABLE_SYSTEMD
 	rm ${DESTDIR}${initdir}/auditd.service

init.d/audispd.conf

@@ -6,4 +6,4 @@
 q_depth = 250
 overflow_action = SYSLOG
 max_restarts = 10
-plugin_dir = /etc/audisp/plugins.d/
+plugin_dir = /etc/audit/plugins.d/