In audispd.conf, add new plugin_dir config item to customize plugin l…

…ocation
caidongyun · Oct 9, 2017 · 96675ca · 96675ca
1 parent 0e73f54
commit 96675ca
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 35 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -24,6 +24,7 @@
 - Fix auparse serial parsing of event when system time < 9 characters (kruvin)
 - In auparse, allow non-equality comparisons for uid & gid fields (#1399314)
 - In auparse_normalize, add support for USER_DEVICE events
+- In audispd.conf, add new plugin_dir config item to customize plugin location 
 
 2.7.8
 - Add config option to auditd to not verify email addr domain (#1406887)

diff --git a/audisp/audispd-config.c b/audisp/audispd-config.c
@@ -72,6 +72,8 @@ static int priority_boost_parser(struct nv_pair *nv, int line,
 		daemon_conf_t *config);
 static int max_restarts_parser(struct nv_pair *nv, int line,
 		daemon_conf_t *config);
+static int plugin_dir_parser(struct nv_pair *nv, int line, 
+		daemon_conf_t *config);
 static int sanity_check(daemon_conf_t *config, const char *file);
 
 static const struct kw_pair keywords[] = 
@@ -80,8 +82,9 @@ static const struct kw_pair keywords[] =
   {"name_format",              name_format_parser,		0 },
   {"name",                     name_parser,			0 },
   {"overflow_action",          overflow_action_parser,		0 },
-  {"priority_boost",           priority_boost_parser,           0 },
-  {"max_restarts",             max_restarts_parser,             0 },
+  {"priority_boost",           priority_boost_parser,		0 },
+  {"max_restarts",             max_restarts_parser,		0 },
+  {"plugin_dir",               plugin_dir_parser,		0 },
   { NULL,                      NULL }
 };
 
@@ -483,6 +486,24 @@ static int max_restarts_parser(struct nv_pair *nv, int line,
 	return 0;
 }
 
+static int plugin_dir_parser(struct nv_pair *nv, int line, 
+		daemon_conf_t *config)
+{
+	if (nv->value == NULL)
+		config->plugin_dir = NULL;
+	else {
+		size_t len = strlen(nv->value);
+		config->plugin_dir = malloc(len + 2);
+		if (config->plugin_dir) {
+			strcpy(config->plugin_dir, optarg);
+			if (config->plugin_dir[len - 1] != '/')
+				config->plugin_dir[len] = '/';
+			config->plugin_dir[len + 1] = 0;
+		}
+	}
+	return 0;
+}
+
 /*
  * This function is where we do the integrated check of the audispd config
  * options. At this point, all fields have been read. Returns 0 if no
@@ -497,11 +518,14 @@ static int sanity_check(daemon_conf_t *config, const char *file)
 			file);
 		return 1;
 	}
+	if (config->plugin_dir == NULL)
+		config->plugin_dir = strdup("/etc/audisp/plugins.d/");
 	return 0;
 }
 
 void free_config(daemon_conf_t *config)
 {
 	free((void *)config->name);
+	free((void *)config->plugin_dir);
 }
 
diff --git a/audisp/audispd-config.h b/audisp/audispd-config.h
@@ -38,6 +38,7 @@ typedef struct daemon_conf
 	unsigned int max_restarts;
 	node_t node_name_format;
 	const char *name;
+	char *plugin_dir;
 } daemon_conf_t;
 
 void clear_config(daemon_conf_t *config);

diff --git a/audisp/audispd.c b/audisp/audispd.c
@@ -56,9 +56,6 @@ static int audit_fd;
 static pthread_t inbound_thread;
 static const char *config_file = NULL;
 
-/* '/' on the end is required. */
-static char *plugin_dir = NULL;
-
 /* Local function prototypes */
 static void signal_plugins(int sig);
 static int event_loop(void);
@@ -74,16 +71,13 @@ static void usage(void)
 	fprintf(stderr, "%s",
 		"Usage: audispd [options]\n"
 		"-c,--config_file <config_file_path>: Override default "
-			"configuration file path\n"
-		"-d,--plugin_dir <plugin_dir_path>: Override default plugin "
-			"directory path\n");
+			"configuration file path\n");
 	exit(2);
 }
 
 static release_memory_exit(int code)
 {
 	free(config_file);
-	free(plugin_dir);
 	exit(code);
 }
 
@@ -156,7 +150,7 @@ static void load_plugin_conf(conf_llist *plugin)
 	plist_create(plugin);
 
 	/* read configs */
-	d = opendir(plugin_dir);
+	d = opendir(daemon_config.plugin_dir);
 	if (d) {
 		struct dirent *e;
 
@@ -169,7 +163,7 @@ static void load_plugin_conf(conf_llist *plugin)
 				continue;
 
 			snprintf(fname, sizeof(fname), "%s%s",
-				plugin_dir, e->d_name);
+				daemon_config.plugin_dir, e->d_name);
 
 			clear_pconfig(&config);
 			if (load_pconfig(&config, fname) == 0) {
@@ -359,30 +353,17 @@ int main(int argc, char *argv[])
 	extern int optind;
 	static const struct option opts[] = {
 		{"config_file", required_argument, NULL, 'c'},
-		{"plugin_dir", required_argument, NULL, 'd'},
 		{NULL, 0, NULL, 0}
 	};
 	lnode *conf;
 	struct sigaction sa;
 	int i;
-	size_t len;
 
-	while ((i = getopt_long(argc, argv, "i:c:d:", opts, NULL)) != -1) {
+	while ((i = getopt_long(argc, argv, "i:c:", opts, NULL)) != -1) {
 		switch (i) {
 			case 'c':
 				config_file = strdup(optarg);
-				if (config_file == NULL)
-					goto mem_out;
-				break;
-			case 'd':
-				plugin_dir = malloc(len + 2);
-				if (plugin_dir) {
-					strcpy(plugin_dir, optarg);
-					if (plugin_dir[len - 1] != '/') {
-						plugin_dir[len] = '/';
-						plugin_dir[len + 1] = '\0';
-					}
-				} else {
+				if (config_file == NULL) {
 mem_out:
 					printf(
 					"Failed allocating memory, exiting\n");
@@ -403,11 +384,6 @@ int main(int argc, char *argv[])
 	if (config_file == NULL)
 		goto mem_out;
 
-	if (plugin_dir == NULL)
-		plugin_dir = strdup("/etc/audisp/plugins.d/");
-	if (plugin_dir == NULL)
-		goto mem_out;
-
 	set_aumessage_mode(MSG_SYSLOG, DBG_NO);
 
 	/* Clear any procmask set by libev */
@@ -552,8 +528,7 @@ int main(int argc, char *argv[])
 	/* Cleanup the queue */
 	destroy_queue();
 	free_config(&daemon_config);
-	free(config_file);
-	free(plugin_dir);
+	free((void *)config_file);
 
 	return 0;
 }

diff --git a/docs/audispd.8 b/docs/audispd.8
@@ -3,7 +3,7 @@
 audispd \- an event multiplexor
 .SH SYNOPSIS
 .B audispd
-.RB  [ \-c\ <config_file> ]\ [  \-d\ <plugin_dir> ]
+.RB  [ \-c\ <config_file> ]\
 .SH DESCRIPTION
 \fBaudispd\fP is an audit event multiplexor. It has to be started by the audit daemon in order to get events. It takes audit events and distributes them to child programs that want to analyze events in realtime. When the audit daemon receives a SIGTERM or SIGHUP, it passes that signal to the dispatcher, too. The dispatcher in turn passes those signals to its child processes.
 

diff --git a/docs/audispd.conf.5 b/docs/audispd.conf.5
@@ -46,5 +46,8 @@ is an admin defined string from the name option. The default value is
 .TP
 .I name
 This is the admin defined string that identifies the machine if user is given as the name_format option.
+.TP
+.I plugin_dir
+This is the location that audispd will use to search for its plugin configuration files.
 .SH "SEE ALSO"
 .BR audispd (8)
diff --git a/init.d/audispd.conf b/init.d/audispd.conf
@@ -9,4 +9,4 @@ priority_boost = 4
 max_restarts = 10
 name_format = HOSTNAME
 #name = mydomain
-
+plugin_dir = /etc/audisp/plugins.d/