|
|
|
@ -1,10 +1,10 @@
|
|
|
|
|
Summary: Helps troubleshoot SELinux problems
|
|
|
|
|
Name: setroubleshoot
|
|
|
|
|
Version: 1.10.7
|
|
|
|
|
Release: 1%{?dist}
|
|
|
|
|
Version: 2.0.5
|
|
|
|
|
Release: 2%{?dist}
|
|
|
|
|
License: GPLv2+
|
|
|
|
|
Group: Applications/System
|
|
|
|
|
URL: https://hosted.fedoraproject.org/projects/setroubleshoot
|
|
|
|
|
URL: https://fedorahosted.org/setroubleshoot
|
|
|
|
|
Source0: %{name}-%{version}.tar.gz
|
|
|
|
|
Source1: setroubleshoot.init
|
|
|
|
|
Source2: setroubleshoot.logrotate
|
|
|
|
@ -12,7 +12,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
|
|
BuildArch: noarch
|
|
|
|
|
BuildRequires: perl-XML-Parser
|
|
|
|
|
Requires: %{name}-server = %{version}-%{release}
|
|
|
|
|
Requires: %{name}-plugins
|
|
|
|
|
Requires: %{name}-plugins >= 2.0.4
|
|
|
|
|
Requires: pygtk2 >= 2.9.2
|
|
|
|
|
Requires: gnome-python2, gnome-python2-canvas
|
|
|
|
|
BuildRequires: desktop-file-utils
|
|
|
|
@ -78,7 +78,7 @@ dbus-send --system /com/redhat/setroubleshootd com.redhat.SEtroubleshootdIface.r
|
|
|
|
|
|
|
|
|
|
%postun
|
|
|
|
|
/usr/bin/update-desktop-database %{_datadir}/applications
|
|
|
|
|
touch --no-create %{_datadir}/icons/hicolor || :
|
|
|
|
|
touch --no-create %{_datadir}/icons/hicolor
|
|
|
|
|
%{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
@ -102,7 +102,7 @@ touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
|
|
|
|
|
Summary: SELinux troubleshoot server
|
|
|
|
|
Group: Applications/System
|
|
|
|
|
|
|
|
|
|
Requires: %{name}-plugins
|
|
|
|
|
Requires: %{name}-plugins >= 2.0.4
|
|
|
|
|
Requires: audit >= 1.2.6-3
|
|
|
|
|
Requires: audit-libs-python >= 1.2.6-3
|
|
|
|
|
Requires: libselinux >= 1.30.15-1
|
|
|
|
@ -111,7 +111,6 @@ Requires: dbus-python
|
|
|
|
|
Requires: libxml2-python
|
|
|
|
|
Requires: libselinux-python
|
|
|
|
|
Requires: audit-libs-python
|
|
|
|
|
Requires: libuser
|
|
|
|
|
|
|
|
|
|
BuildRequires: intltool gettext python
|
|
|
|
|
|
|
|
|
@ -129,8 +128,8 @@ to user preference. The same tools can be run on existing log files.
|
|
|
|
|
|
|
|
|
|
%post server
|
|
|
|
|
if [ -f %{pkgdatabase} ]; then
|
|
|
|
|
chown root:root %{pkgdatabase} >/dev/null 2>&1 || :
|
|
|
|
|
chmod 600 %{pkgdatabase} >/dev/null 2>&1 || :
|
|
|
|
|
chown root:root %{pkgdatabase} >/dev/null 2>&1
|
|
|
|
|
chmod 600 %{pkgdatabase} >/dev/null 2>&1
|
|
|
|
|
fi
|
|
|
|
|
/sbin/chkconfig --add %{name}
|
|
|
|
|
/sbin/service %{name} condrestart >/dev/null 2>&1 || :
|
|
|
|
@ -138,12 +137,9 @@ fi
|
|
|
|
|
%preun server
|
|
|
|
|
if [ $1 = 0 ]; then
|
|
|
|
|
/sbin/service %{name} stop >/dev/null 2>&1
|
|
|
|
|
/sbin/chkconfig --del %{name}
|
|
|
|
|
/sbin/chkconfig --del %{name} || :
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
%triggerpostun -- setroubleshoot <= 0.35-1
|
|
|
|
|
/sbin/service %{name} cleardb
|
|
|
|
|
|
|
|
|
|
%clean
|
|
|
|
|
rm -rf %{buildroot}
|
|
|
|
|
|
|
|
|
@ -163,6 +159,7 @@ rm -rf %{buildroot}
|
|
|
|
|
%{pkgpythondir}/config.py*
|
|
|
|
|
%{pkgpythondir}/email_alert.py*
|
|
|
|
|
%{pkgpythondir}/errcode.py*
|
|
|
|
|
%{pkgpythondir}/html_util.py*
|
|
|
|
|
%{pkgpythondir}/log.py*
|
|
|
|
|
%{pkgpythondir}/rpc.py*
|
|
|
|
|
%{pkgpythondir}/rpc_interfaces.py*
|
|
|
|
@ -170,6 +167,7 @@ rm -rf %{buildroot}
|
|
|
|
|
%{pkgpythondir}/signature.py*
|
|
|
|
|
%{pkgpythondir}/util.py*
|
|
|
|
|
%{pkgpythondir}/uuid.py*
|
|
|
|
|
%{pkgpythondir}/xml_serialize.py*
|
|
|
|
|
%{pkgdatadir}
|
|
|
|
|
%config %{pkgconfigdir}/%{name}.cfg
|
|
|
|
|
%dir %{pkglogdir}
|
|
|
|
@ -183,6 +181,122 @@ rm -rf %{buildroot}
|
|
|
|
|
%attr(0755,root,root) /etc/rc.d/init.d/%{name}
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Fri Feb 22 2008 <jdennis@redhat.com> - 2.0.5-2
|
|
|
|
|
- bump rev for build
|
|
|
|
|
|
|
|
|
|
* Wed Feb 6 2008 John Dennis <jdennis@redhat.com> - 2.0.5-1
|
|
|
|
|
- allow sealert -l lookup to accept * wildcard
|
|
|
|
|
- add a few more audit fields needing special decode handling
|
|
|
|
|
|
|
|
|
|
* Thu Jan 31 2008 <jdennis@redhat.com> - 2.0.4-1
|
|
|
|
|
- Resolve bug #430421: audit_listener_database.xml:3029: parser error in xmlParseDoc()
|
|
|
|
|
rewrite the audit_msg_decode logic to beaware of specific audit fields
|
|
|
|
|
- add new template substitution $SOURCE, a friendly name, $SOURCE_PATH still exists
|
|
|
|
|
and is the full path name of $SOURCE, also add 'source' attribute in AVC class,
|
|
|
|
|
fix how source and source_path are computed from audit's comm and exe fields
|
|
|
|
|
- fix the computation of tpath to also look at the audit name field, formerly
|
|
|
|
|
it had only been looking at path, fixes <Unknown> showing up for many targets
|
|
|
|
|
- add exception handling around xml file writes (Alan Cox reports problem when /var is full)
|
|
|
|
|
- add testing documentation
|
|
|
|
|
- Resolve bug #430845: obsolete URL in setroubleshoot package description
|
|
|
|
|
- Resolve bug #428960: Permissive message makes no sense.
|
|
|
|
|
- init script now allows extra test options
|
|
|
|
|
- show_browser() now opens and raises the window (e.g. presents) rather than just
|
|
|
|
|
assuring it's realized (e.g. iconified, or hidden)
|
|
|
|
|
- sealert -l message in syslog converts from html before writing to syslog
|
|
|
|
|
- Resolve bug #320881: export setroubleshoot_selinux_symposium in PDF format
|
|
|
|
|
- add code to verify all async rpc's have been cleared from the async rpc cache
|
|
|
|
|
- add code to set a default rpc method return if the interface does not define a callback
|
|
|
|
|
(methods which did not have a callback were not returning anything and hence were not
|
|
|
|
|
getting cleared from the cache)
|
|
|
|
|
|
|
|
|
|
* Fri Jan 11 2008 <jdennis@redhat.com> - 2.0.2-1
|
|
|
|
|
- Resolve bug #428252: Problem with update/remove old version
|
|
|
|
|
- Add code to validate xml database version, if file is incompatible it is not read,
|
|
|
|
|
the next time the database is written it will be in the new version format.
|
|
|
|
|
This means the database contents are not preserved across database version upgrades.
|
|
|
|
|
- Remove postun trigger from spec file used to clear database between incompatible versions
|
|
|
|
|
the new database version check during database read will handle this instead
|
|
|
|
|
- bullet proof exit status in init script and rpm scriptlets
|
|
|
|
|
- Resolve bug #247302: setroubleshoot's autostart .desktop file fails to start under a KDE session
|
|
|
|
|
- Resolve bug #376041: Cannot check setroubleshoot service status as non-root
|
|
|
|
|
- Resolve bug #332281: remove obsolete translation
|
|
|
|
|
- Resolve bug #344331: No description in gnome-session-properties
|
|
|
|
|
- Resolve bug #358581: missing libuser-python dependency
|
|
|
|
|
- Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin
|
|
|
|
|
- Resolve bug #427260: German Translation
|
|
|
|
|
- enhance the sealert man page
|
|
|
|
|
|
|
|
|
|
* Fri Jan 4 2008 <jdennis@redhat.com> - 2.0.1-1
|
|
|
|
|
- make connection error message persist instead of timeout in browser
|
|
|
|
|
- updated Brazilian Portuguese translation: Igor Pires Soares <igor@fedoraproject.org>
|
|
|
|
|
- implement uid,username checks
|
|
|
|
|
- rpc methods now check for authenticated state
|
|
|
|
|
- fix html handling of summary string
|
|
|
|
|
- add 'named' messages to status bar, make sure all messages either timeout or are named
|
|
|
|
|
- fix ordering of menus, resolves bug #427418
|
|
|
|
|
- add 'hide quiet' to browser view filtering, resolves bug #427421
|
|
|
|
|
- tweak siginfo text formatting
|
|
|
|
|
- add logon to SECommandLine so that sealert -l <local_id> works
|
|
|
|
|
|
|
|
|
|
* Fri Dec 28 2007 <jdennis@redhat.com> - 2.0.0-1
|
|
|
|
|
- prepare for v2 test release
|
|
|
|
|
- Completed most work for version 2 of setroubleshoot, prepare for test release
|
|
|
|
|
- import Dan's changes from the mainline
|
|
|
|
|
primarily allow_postfix_local_write_mail_spool plugin
|
|
|
|
|
- escape html, fix siginfo.format_html(), siginfo.format_text()
|
|
|
|
|
- add async-error signal
|
|
|
|
|
- change identity to just username
|
|
|
|
|
- make sure set_filter user validation works and reports error in browser
|
|
|
|
|
- fix generation of line numbers and host when connected to audispd
|
|
|
|
|
- add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode
|
|
|
|
|
- resolves bug #244345: avc path information incomplete
|
|
|
|
|
- get the uid,gid when a client connects to the server
|
|
|
|
|
- set_filter now verifies the filter is owned by the user,
|
|
|
|
|
- resolves bug #288261: setroubleshoot lack of user authentication
|
|
|
|
|
- remove filter options which weren't being used
|
|
|
|
|
- change '@' in audit data hostname to '.'
|
|
|
|
|
- remove restart dialog
|
|
|
|
|
resolves bug #321171: sealert's dialog after update is higly confusing
|
|
|
|
|
- fix rpc xml arg
|
|
|
|
|
- fix handling of host value
|
|
|
|
|
- tweak what fields are in signature
|
|
|
|
|
- move data items which had been in 'avc' object into siginfo
|
|
|
|
|
- clean up siginfo format
|
|
|
|
|
- large parts of new audit data pipeline working, checkpoint
|
|
|
|
|
- fix duplicate xml nodes when generating xml tree
|
|
|
|
|
- audit event can now be xml serialized
|
|
|
|
|
- switch from using int's for audit record types to strings
|
|
|
|
|
- avoid conversion headaches and possibilty of not being
|
|
|
|
|
able to convert a new unknown type
|
|
|
|
|
- add logic to allow XmlSerialize to be subclassed and init_from_xml_node to be overridden
|
|
|
|
|
- add support to xml serialize classes AuditEventID, AuditEvent, AuditRecord
|
|
|
|
|
- use metaclass for xml class init
|
|
|
|
|
- start adding xml support to audit data classes
|
|
|
|
|
- Use metaclass to wrap class init
|
|
|
|
|
- move xml serialization code from signature.py to xml_serialize.py
|
|
|
|
|
- simplify aspect of the serialization code
|
|
|
|
|
- add unstructured xml mapping, each xml element name has its content mapped to obj.name
|
|
|
|
|
- modify xml serialization to be driven by xml contents
|
|
|
|
|
- general clean up
|
|
|
|
|
- checkpoint conversion of serialization to use metaclasses
|
|
|
|
|
- clean up class/data specifications for XmlSerializable
|
|
|
|
|
- add support for client rpc testing
|
|
|
|
|
- add changelog entry
|
|
|
|
|
- add SubProcess class to setroubleshootd in preparation to
|
|
|
|
|
- run daemon as subprocess so we can gather results and
|
|
|
|
|
compare them to the expected data we sent
|
|
|
|
|
- rewrite all plugins to use new v2 audit data
|
|
|
|
|
- add SubProcess class to setroubleshootd in preparation to
|
|
|
|
|
run daemon as subprocess so we can gather results and
|
|
|
|
|
compare them to the expected data we sent
|
|
|
|
|
- add new test support: add config section 'test', add boolean 'analyze' to
|
|
|
|
|
config test section, add class TestPluginReportReceiver which is installed
|
|
|
|
|
if test.analyze is True, it prints analysis report. In test_setroubleshootd
|
|
|
|
|
send AUDIT_EOE to assure sequential event processing so analysis results
|
|
|
|
|
have same ordering as events that are sent by test_setroubleshootd
|
|
|
|
|
- alert signatures now include host information, alerts will be grouped by host
|
|
|
|
|
|
|
|
|
|
* Tue Oct 2 2007 John Dennis <jdennis@redhat.com> - 1.10.7-1
|
|
|
|
|
- Fix spec file requires for opening an HTML page
|
|
|
|
|
In configure.ac search for xdg-open and htmlview in priority order,
|
|
|
|
|