Switch config file command line option to config dir command line option

caidongyun · Oct 9, 2017 · 36ef656 · 36ef656
1 parent 82c4860
commit 36ef656
Show file tree

Hide file tree

Showing 10 changed files with 49 additions and 20 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -20,7 +20,7 @@
 - In auparse_normalize, finish support for MAC_STATUS and MAC_CONFIG events
 - Add support for filesystem filter type (Richard Guy Briggs)
 - Add file system type table for fstype lookup
-- Add command line option to auditd & audispd for config file path (Dan Born)
+- Add command line option to auditd & audispd for config dir path (Dan Born)
 - Fix auparse serial parsing of event when system time < 9 characters (kruvin)
 - In auparse, allow non-equality comparisons for uid & gid fields (#1399314)
 - In auparse_normalize, add support for USER_DEVICE events

diff --git a/TODO b/TODO
@@ -2,7 +2,6 @@ Things that need to be done:
 ===========================
 2.8
 * Support FANOTIFY record
-* Fix config dir for auditd
 
 2.8.1
 * Look into TLS support

diff --git a/audisp/audispd.c b/audisp/audispd.c
@@ -362,7 +362,8 @@ int main(int argc, char *argv[])
 	while ((i = getopt_long(argc, argv, "i:c:", opts, NULL)) != -1) {
 		switch (i) {
 			case 'c':
-				config_file = strdup(optarg);
+				asprintf(&config_file, "%s/audispd.conf",
+						optarg);
 				if (config_file == NULL) {
 mem_out:
 					printf(

diff --git a/docs/audispd.8 b/docs/audispd.8
@@ -3,7 +3,7 @@
 audispd \- an event multiplexor
 .SH SYNOPSIS
 .B audispd
-.RB  [ \-c\ <config_file> ]\
+.RB  [ \-c\ <config_dir> ]\
 .SH DESCRIPTION
 \fBaudispd\fP is an audit event multiplexor. It has to be started by the audit daemon in order to get events. It takes audit events and distributes them to child programs that want to analyze events in realtime. When the audit daemon receives a SIGTERM or SIGHUP, it passes that signal to the dispatcher, too. The dispatcher in turn passes those signals to its child processes.
 

diff --git a/docs/auditd.8 b/docs/auditd.8
@@ -3,7 +3,7 @@
 auditd \- The Linux Audit daemon
 .SH SYNOPSIS
 .B auditd
-.RB [ \-f ]\ [ \-l ]\ [ \-n ]\ [ \-s\ disable|enable|nochange ]\ [ \-c\ <config_file> ]
+.RB [ \-f ]\ [ \-l ]\ [ \-n ]\ [ \-s\ disable|enable|nochange ]\ [ \-c\ <config_dir> ]
 .SH DESCRIPTION
 \fBauditd\fP is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the
 .B ausearch
@@ -31,7 +31,8 @@ no fork. This is useful for running off of inittab or systemd.
 specify when starting if auditd should change the current value for the kernel enabled flag. Valid values for ENABLE_STATE are "disable", "enable" or "nochange". The default is to enable (and disable when auditd terminates). The value of the enabled flag may be changed during the lifetime of auditd using 'auditctl \-e'.
 .TP
 .B \-c
-Specify alternate config file path (default: /etc/audit/auditd.conf).
+Specify alternate config file directory. Note that this same directory will
+be passed to the dispatcher. (default: /etc/audit/)
 .SH SIGNALS
 .TP
 SIGHUP

diff --git a/src/auditd-config.c b/src/auditd-config.c
@@ -240,21 +240,35 @@ static const struct nv_list yes_no_values[] =
 
 const char *email_command = "/usr/lib/sendmail";
 static int allow_links = 0;
-static const char *config_file = NULL;
+static const char *config_dir = NULL;
+static char *config_file = NULL;
 
 
 void set_allow_links(int allow)
 {
 	allow_links = allow;
 }
 
-int set_config_file(const char *val) {
-	config_file = strdup(val);
-	if (config_file == NULL)
+int set_config_dir(const char *val)
+{
+	config_dir = strdup(val);
+	if (config_dir == NULL)
+		return 1;
+	if (asprintf(&config_file, "%s/auditd.conf", config_dir) < 0)
 		return 1;
 	return 0;
 }
 
+const char *get_config_dir(void)
+{
+	/* This function is used to determine if audispd is started with
+	 * a -c parameter followed by the config_dir location. If we are
+	 * using the standard location, do not pass back a location. */
+	if (config_file && strcmp(config_file, CONFIG_FILE) == 0)
+		return NULL;
+	return config_dir;
+}
+
 /*
  * Set everything to its default value
 */
@@ -1758,7 +1772,8 @@ void free_config(struct daemon_conf *config)
         free((void *)config->disk_error_exe);
         free((void *)config->krb5_principal);
         free((void *)config->krb5_key_file);
-        free((void *)config_file);
+        free((void *)config_dir);
+        free(config_file);
 }
 
 int resolve_node(struct daemon_conf *config)

diff --git a/src/auditd-config.h b/src/auditd-config.h
@@ -89,7 +89,8 @@ struct daemon_conf
 void set_allow_links(int allow);
 
 /* Return 0 on success. */
-int set_config_file(const char *val);
+int set_config_dir(const char *val);
+const char *get_config_dir(void);
 
 int load_config(struct daemon_conf *config, log_test_t lt);
 void clear_config(struct daemon_conf *config);

diff --git a/src/auditd-dispatch.c b/src/auditd-dispatch.c
@@ -90,7 +90,7 @@ int make_dispatcher_fd_private(void)
 }
 
 /* This function returns 1 on error & 0 on success */
-int init_dispatcher(const struct daemon_conf *config)
+int init_dispatcher(const struct daemon_conf *config, int config_dir_set)
 {
 	if (config->dispatcher == NULL) 
 		return 0;
@@ -118,12 +118,23 @@ int init_dispatcher(const struct daemon_conf *config)
 	// do the fork
 	pid = fork();
 	switch(pid) {
-		case 0:	// child
+		case 0:	{ // child
 			if (disp_pipe[0] != 0)
 				dup2(disp_pipe[0], 0);
-			execl(config->dispatcher, config->dispatcher, NULL);
+
+			const char *config_dir = NULL;
+			if (config_dir_set)
+				config_dir = get_config_dir();
+
+			if (config_dir == NULL)
+				execl(config->dispatcher, config->dispatcher,
+						NULL);
+			else
+				execl(config->dispatcher, config->dispatcher,
+						"-c", config_dir, NULL);
 			audit_msg(LOG_ERR, "exec() failed");
 			exit(1);
+			}
 			break;
 		case -1:	// error
 			return 1;
@@ -162,7 +173,7 @@ void reconfigure_dispatcher(const struct daemon_conf *config)
 	if (pid)
 		kill(pid, SIGHUP);
 	else
-		init_dispatcher(config);
+		init_dispatcher(config, 1); // Send 1 and let it figure it out
 }
 
 /* Returns -1 on err, 0 on success, and 1 if eagain occurred and not an err */

diff --git a/src/auditd-dispatch.h b/src/auditd-dispatch.h
@@ -29,7 +29,7 @@
 int dispatcher_pid(void);
 void dispatcher_reaped(void);
 int make_dispatcher_fd_private(void);
-int init_dispatcher(const struct daemon_conf *config);
+int init_dispatcher(const struct daemon_conf *config, int config_dir_set);
 void shutdown_dispatcher(void);
 void reconfigure_dispatcher(const struct daemon_conf *config);
 int dispatch_event(const struct audit_reply *rep, int is_err, int protocol_ver);

diff --git a/src/auditd.c b/src/auditd.c
@@ -68,7 +68,7 @@ static int fd = -1, pipefds[2] = {-1, -1};
 static struct daemon_conf config;
 static const char *pidfile = "/var/run/auditd.pid";
 static int init_pipe[2];
-static int do_fork = 1, opt_aggregate_only = 0;
+static int do_fork = 1, opt_aggregate_only = 0, config_dir_set = 0;
 static struct auditd_event *cur_event = NULL, *reconfig_ev = NULL;
 static int hup_info_requested = 0;
 static int usr1_info_requested = 0, usr2_info_requested = 0;
@@ -607,9 +607,10 @@ int main(int argc, char *argv[])
 			}
 			break;
  		case 'c':
-			if (set_config_file(optarg) != 0) {
+			if (set_config_dir(optarg) != 0) {
 				usage();
 			}
+			config_dir_set = 1;
 			break;
 		default:
 			usage();
@@ -720,7 +721,7 @@ int main(int argc, char *argv[])
 		return 1;
 	}
 
-	if (init_dispatcher(&config)) {
+	if (init_dispatcher(&config, config_dir_set)) {
 		if (pidfile)
 			unlink(pidfile);
 		tell_parent(FAILURE);