maybe chmod 0755 './X11/xinit/xinitrc.d/80-dbus'
maybe chmod 0755 './X11/xinit/xinitrc.d/90-consolekit'
maybe chmod 0600 './aiccu.conf'
+maybe chmod 0755 './audisp'
+maybe chmod 0640 './audisp/audisp-remote.conf'
+maybe chmod 0640 './audisp/audispd.conf'
+maybe chmod 0750 './audisp/plugins.d'
+maybe chmod 0640 './audisp/plugins.d/af_unix.conf'
+maybe chmod 0640 './audisp/plugins.d/au-remote.conf'
+maybe chmod 0640 './audisp/plugins.d/audispd-zos-remote.conf'
+maybe chmod 0640 './audisp/plugins.d/syslog.conf'
+maybe chmod 0640 './audisp/zos-remote.conf'
+maybe chmod 0755 './audit'
+maybe chmod 0640 './audit/audit.rules'
+maybe chmod 0640 './audit/audit.rules-2.1.3'
+maybe chmod 0640 './audit/audit.rules.stop.post'
+maybe chmod 0640 './audit/audit.rules.stop.pre'
+maybe chmod 0640 './audit/auditd.conf'
maybe chmod 0755 './bash'
maybe chmod 0644 './bash/bash_logout'
maybe chmod 0644 './bash/bashrc'
maybe chmod 0644 './colordiffrc'
maybe chmod 0644 './colordiffrc-lightbg'
maybe chmod 0755 './conf.d'
+maybe chmod 0644 './conf.d/auditd'
maybe chmod 0644 './conf.d/bluetooth'
maybe chmod 0644 './conf.d/bootmisc'
maybe chmod 0644 './conf.d/consolefont'
maybe chmod 0755 './init.d'
maybe chmod 0755 './init.d/NetworkManager'
maybe chmod 0755 './init.d/aiccu'
+maybe chmod 0755 './init.d/auditd'
maybe chmod 0755 './init.d/bluetooth'
maybe chmod 0755 './init.d/bootmisc'
maybe chmod 0755 './init.d/consolefont'
maybe chmod 0755 './ld.so.conf.d'
maybe chmod 0644 './ld.so.conf.d/05binutils.conf'
maybe chmod 0440 './ldap.conf.sudo'
+maybe chmod 0640 './libaudit.conf'
maybe chmod 0644 './lisp-config.lisp'
maybe chmod 0755 './local.d'
maybe chmod 0644 './local.d/README'
--- /dev/null
+#
+# This file controls the configuration of the audit remote
+# logging subsystem, audisp-remote.
+#
+
+remote_server =
+port = 60
+transport = tcp
+mode = immediate
+queue_depth = 20
+fail_action = SYSLOG
+
--- /dev/null
+#
+# This file controls the configuration of the audit event
+# dispatcher daemon, audispd.
+#
+
+q_depth = 80
+overflow_action = SYSLOG
+priority_boost = 4
+name_format = HOSTNAME
+#name = mydomain
+
--- /dev/null
+
+# This file controls the configuration of the
+# af_unix socket plugin. It simply takes events
+# and writes them to a unix domain socket. This
+# plugin can take 2 arguments, the path for the
+# socket and the socket permissions in octal.
+
+active = yes
+direction = out
+path = builtin_af_unix
+type = builtin
+args = 0640 /var/run/audispd_events
+format = string
+
--- /dev/null
+
+# This file controls the audispd data path to the
+# remote event logger. This plugin will send events to
+# a remote machine (Central Logger).
+
+active = no
+direction = out
+path = /sbin/audisp-remote
+type = always
+#args =
+format = string
+
--- /dev/null
+# This is the configuration for the audispd-zos-remote
+# audit dispatcher plugin - See audispd(8)
+#
+# Note that this specific plugin has a configuration file of
+# its own. The complete path for this file must be entered as
+# the argument for the plugin in the 'args' field below
+# See audispd-zos-remote(8)
+
+active = no
+direction = out
+path = /sbin/audispd-zos-remote
+type = always
+args = /etc/audisp/zos-remote.conf
+format = string
--- /dev/null
+# This file controls the configuration of the
+# syslog plugin. It simply takes events and writes
+# them to syslog.
+
+active = no
+direction = out
+path = builtin_syslog
+type = builtin
+args = LOG_INFO
+format = string
--- /dev/null
+## This is the configuration file for the audispd-zos-remote
+## Audit dispatcher plugin.
+## See zos-remote.conf(5) for more information
+
+server = zos_server.localdomain
+port = 389
+user = RACF_ID
+password = racf_password
+timeout = 15
+q_depth = 64
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+# -a entry,never -S read -S write -S open -S fstat -S fstat64 -S mmap -S brk -S munmap -S _llseek -S nanosleep -S fcntl64 -S close -S dup2 -S rt_sigaction -S stat64 -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a entry,always -S all
+
+# Increase the buffers to survive stress events
+-b 256
+
+# vim:ft=conf:
--- /dev/null
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a exit,always -S all
+
+# Increase the buffers to survive stress events
+-b 8192
+
+# vim:ft=conf:
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.post,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately after the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# Not used for the default Gentoo configuration as of v1.2.3
+# Paranoid security types might wish to reconfigure kauditd here.
+
+# vim:ft=conf:
--- /dev/null
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.2 2011/09/11 02:58:55 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately before the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# auditd is stopping, don't capture events anymore
+-D
+
+# Disable kernel generating audit events
+-e 0
+
+# vim:ft=conf:
--- /dev/null
+#
+# This file controls the configuration of the audit daemon
+#
+
+log_file = /var/log/audit/audit.log
+log_format = RAW
+log_group = root
+priority_boost = 4
+flush = INCREMENTAL
+freq = 20
+num_logs = 4
+disp_qos = lossy
+dispatcher = /sbin/audispd
+name_format = NONE
+##name = mydomain
+max_log_file = 5
+max_log_file_action = ROTATE
+space_left = 75
+space_left_action = SYSLOG
+action_mail_acct = root
+admin_space_left = 50
+admin_space_left_action = SUSPEND
+disk_full_action = SUSPEND
+disk_error_action = SUSPEND
+
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-1.2.3,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-1.2.3,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+
+start_auditd() {
+ ebegin "Starting auditd"
+ start-stop-daemon \
+ --start --quiet --pidfile /var/run/auditd.pid \
+ --exec /sbin/auditd -- ${EXTRAOPTIONS}
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+stop_auditd() {
+ ebegin "Stopping auditd"
+ start-stop-daemon \
+ --stop --quiet --pidfile /var/run/auditd.pid
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+
+loadfile() {
+ local rules="$1"
+ if [ -n "${rules}" -a -f "${rules}" ]; then
+ einfo "Loading audit rules from ${rules}"
+ /sbin/auditctl -R "${rules}" 1>/dev/null
+ return $?
+ else
+ return 0
+ fi
+}
+
+start() {
+ start_auditd
+ local ret=$?
+ if [ $ret -eq 0 ]; then
+ loadfile "${RULEFILE_STARTUP}"
+ fi
+ return $ret
+}
+
+stop() {
+ loadfile "${RULEFILE_STOP_PRE}"
+ stop_auditd
+ local ret=$?
+ loadfile "${RULEFILE_STOP_POST}"
+ return $ret
+}
+
+# This is a special case, we do not want to touch the rules at all
+restart() {
+ stop_auditd
+ start_auditd
+}
--- /dev/null
+# This is the configuration file for libaudit tunables.
+# It is currently only used for the failure_action tunable.
+
+# failure_action can be: log, ignore, terminate
+failure_action = ignore
+
+
projects / config / bruni / etc.git / commitdiff