maybe chmod 0755 'X11/xorg.conf.d'
maybe chmod 0644 'X11/xorg.conf.d/00-keyboard.conf'
maybe chmod 0644 'anacrontab'
+maybe chmod 0755 'audisp'
+maybe chmod 0640 'audisp/audisp-remote.conf'
+maybe chmod 0640 'audisp/audispd.conf'
+maybe chmod 0750 'audisp/plugins.d'
+maybe chmod 0640 'audisp/plugins.d/af_unix.conf'
+maybe chmod 0640 'audisp/plugins.d/au-remote.conf'
+maybe chmod 0640 'audisp/plugins.d/audispd-zos-remote.conf'
+maybe chmod 0640 'audisp/plugins.d/syslog.conf'
+maybe chmod 0640 'audisp/zos-remote.conf'
+maybe chmod 0755 'audit'
+maybe chmod 0644 'audit/audit-stop.rules'
+maybe chmod 0640 'audit/audit.rules'
+maybe chmod 0640 'audit/audit.rules.stop.post'
+maybe chmod 0640 'audit/audit.rules.stop.pre'
+maybe chmod 0640 'audit/auditd.conf'
maybe chmod 0755 'bash'
maybe chmod 0644 'bash/bash_logout'
maybe chmod 0644 'bash/bashrc'
maybe chmod 0644 'colordiffrc-gitdiff'
maybe chmod 0644 'colordiffrc-lightbg'
maybe chmod 0755 'conf.d'
+maybe chmod 0644 'conf.d/auditd'
maybe chmod 0644 'conf.d/bootmisc'
maybe chmod 0644 'conf.d/busybox-ntpd'
maybe chmod 0644 'conf.d/busybox-watchdog'
maybe chmod 0644 'hosts'
maybe chmod 0644 'hosts.allow'
maybe chmod 0755 'init.d'
+maybe chmod 0755 'init.d/auditd'
maybe chmod 0755 'init.d/binfmt'
maybe chmod 0755 'init.d/bootmisc'
maybe chmod 0755 'init.d/busybox-ntpd'
maybe chmod 0644 'ld.so.conf'
maybe chmod 0755 'ld.so.conf.d'
maybe chmod 0644 'ld.so.conf.d/05gcc-x86_64-pc-linux-gnu.conf'
+maybe chmod 0640 'libaudit.conf'
maybe chmod 0755 'local.d'
maybe chmod 0644 'local.d/README'
maybe chmod 0644 'locale.conf'
--- /dev/null
+#
+# This file controls the configuration of the audit remote
+# logging subsystem, audisp-remote.
+#
+
+remote_server =
+port = 60
+##local_port =
+transport = tcp
+queue_file = /var/spool/audit/remote.log
+mode = immediate
+queue_depth = 2048
+format = managed
+network_retry_time = 1
+max_tries_per_record = 3
+max_time_per_record = 5
+heartbeat_timeout = 0
+
+network_failure_action = stop
+disk_low_action = ignore
+disk_full_action = warn_once
+disk_error_action = warn_once
+remote_ending_action = reconnect
+generic_error_action = syslog
+generic_warning_action = syslog
+queue_error = stop
+overflow_action = syslog
+
+##enable_krb5 = no
+##krb5_principal =
+##krb5_client_name = auditd
+##krb5_key_file = /etc/audisp/audisp-remote.key
--- /dev/null
+#
+# This file controls the configuration of the audit event
+# dispatcher daemon, audispd.
+#
+
+q_depth = 150
+overflow_action = SYSLOG
+priority_boost = 4
+max_restarts = 10
+name_format = HOSTNAME
+#name = mydomain
+
--- /dev/null
+
+# This file controls the configuration of the
+# af_unix socket plugin. It simply takes events
+# and writes them to a unix domain socket. This
+# plugin can take 2 arguments, the path for the
+# socket and the socket permissions in octal.
+
+active = no
+direction = out
+path = builtin_af_unix
+type = builtin
+args = 0640 /var/run/audispd_events
+format = string
+
--- /dev/null
+
+# This file controls the audispd data path to the
+# remote event logger. This plugin will send events to
+# a remote machine (Central Logger).
+
+active = no
+direction = out
+path = /sbin/audisp-remote
+type = always
+#args =
+format = string
+
--- /dev/null
+# This is the configuration for the audispd-zos-remote
+# audit dispatcher plugin - See audispd(8)
+#
+# Note that this specific plugin has a configuration file of
+# its own. The complete path for this file must be entered as
+# the argument for the plugin in the 'args' field below
+# See audispd-zos-remote(8)
+
+active = no
+direction = out
+path = /sbin/audispd-zos-remote
+type = always
+args = /etc/audisp/zos-remote.conf
+format = string
--- /dev/null
+# This file controls the configuration of the syslog plugin.
+# It simply takes events and writes them to syslog. The
+# arguments provided can be the default priority that you
+# want the events written with. And optionally, you can give
+# a second argument indicating the facility that you want events
+# logged to. Valid options are LOG_LOCAL0 through 7, LOG_AUTH,
+# LOG_AUTHPRIV, LOG_DAEMON, LOG_SYSLOG, and LOG_USER.
+
+active = no
+direction = out
+path = builtin_syslog
+type = builtin
+args = LOG_INFO
+format = string
--- /dev/null
+## This is the configuration file for the audispd-zos-remote
+## Audit dispatcher plugin.
+## See zos-remote.conf(5) for more information
+
+server = zos_server.localdomain
+port = 389
+user = RACF_ID
+password = racf_password
+timeout = 15
+q_depth = 64
--- /dev/null
+# These rules are loaded when the audit daemon stops
+# if configured to do so.
+
+# Disable auditing
+-e 0
+
+# Delete all rules
+-D
--- /dev/null
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a exit,always -S all
+
+# Increase the buffers to survive stress events
+-b 8192
+
+# vim:ft=conf:
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# This file contains the auditctl rules that are loaded immediately after the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# Not used for the default Gentoo configuration as of v1.2.3
+# Paranoid security types might wish to reconfigure kauditd here.
+
+# vim:ft=conf:
--- /dev/null
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# This file contains the auditctl rules that are loaded immediately before the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# auditd is stopping, don't capture events anymore
+-D
+
+# Disable kernel generating audit events
+-e 0
+
+# vim:ft=conf:
--- /dev/null
+#
+# This file controls the configuration of the audit daemon
+#
+
+local_events = yes
+write_logs = yes
+log_file = /var/log/audit/audit.log
+log_group = root
+log_format = RAW
+flush = INCREMENTAL_ASYNC
+freq = 50
+max_log_file = 8
+num_logs = 5
+priority_boost = 4
+disp_qos = lossy
+dispatcher = /sbin/audispd
+name_format = NONE
+##name = mydomain
+max_log_file_action = ROTATE
+space_left = 75
+space_left_action = SYSLOG
+action_mail_acct = root
+admin_space_left = 50
+admin_space_left_action = SUSPEND
+disk_full_action = SUSPEND
+disk_error_action = SUSPEND
+use_libwrap = yes
+##tcp_listen_port =
+tcp_listen_queue = 5
+tcp_max_per_addr = 1
+##tcp_client_ports = 1024-65535
+tcp_client_max_idle = 0
+enable_krb5 = no
+krb5_principal = auditd
+##krb5_key_file = /etc/audit/audit.key
+distribute_network = no
--- /dev/null
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
+
+# If you want to enforce a certain locale for auditd,
+# uncomment one of the next lines:
+#AUDITD_LANG=none
+AUDITD_LANG=C
+#AUDITD_LANG=en_US
+#AUDITD_LANG=en_US.UTF-8
--- /dev/null
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_started_commands='reload reload_auditd reload_rules'
+description='Linux Auditing System'
+description_reload='Reload daemon configuration and rules'
+description_reload_rules='Reload daemon rules'
+description_reload_auditd='Reload daemon configuration'
+
+name='auditd'
+pidfile='/var/run/auditd.pid'
+command='/sbin/auditd'
+
+start_auditd() {
+ # Env handling taken from the upstream init script
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ else
+ LANG="$AUDITD_LANG"
+ LC_TIME="$AUDITD_LANG"
+ LC_ALL="$AUDITD_LANG"
+ LC_MESSAGES="$AUDITD_LANG"
+ LC_NUMERIC="$AUDITD_LANG"
+ LC_MONETARY="$AUDITD_LANG"
+ LC_COLLATE="$AUDITD_LANG"
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ fi
+ unset HOME MAIL USER USERNAME
+
+ ebegin "Starting ${name}"
+ start-stop-daemon \
+ --start --quiet --pidfile ${pidfile} \
+ --exec ${command} -- ${EXTRAOPTIONS}
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+stop_auditd() {
+ ebegin "Stopping ${name}"
+ start-stop-daemon --stop --quiet --pidfile ${pidfile}
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+loadfile() {
+ local rules="$1"
+ if [ -n "${rules}" -a -f "${rules}" ]; then
+ einfo "Loading audit rules from ${rules}"
+ /sbin/auditctl -R "${rules}" >/dev/null
+ return $?
+ else
+ return 0
+ fi
+}
+
+start() {
+ start_auditd
+ local ret=$?
+ if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
+ loadfile "${RULEFILE_STARTUP}"
+ fi
+ return $ret
+}
+
+reload_rules() {
+ loadfile "${RULEFILE_STARTUP}"
+}
+
+reload_auditd() {
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP \
+ --exec "${command}" --pidfile "${pidfile}"
+ eend $?
+}
+
+reload() {
+ reload_auditd
+ reload_rules
+}
+
+stop() {
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
+ stop_auditd
+ local ret=$?
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
+ return $ret
+}
--- /dev/null
+# This is the configuration file for libaudit tunables.
+# It is currently only used for the failure_action tunable.
+
+# failure_action can be: log, ignore, terminate
+failure_action = ignore
+
+
projects / config / berta / etc.git / commitdiff