-
Notifications
You must be signed in to change notification settings - Fork 17
/
Makefile
145 lines (120 loc) · 5.34 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# Copyright (c) 2014 Mozilla Corporation.
# All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Authors:
# Guillaume Destuynder <[email protected]>
VERSION := 2.2.10
#FPM options, suggestions:
# --replaces audisp-cef
# --rpm-digest sha512 --rpm-sign
FPMOPTS :=
# CentOS 8 moves audisp plugins into a different path. Ignore for
# all other variants
CENTOS8TEST := $(shell test -f /etc/redhat-release && grep -q release\ 8\\.0 /etc/redhat-release)
ifeq ($(.SHELLSTATUS),0)
AUDISP_PLUGINS_PATH := etc/audit/plugins.d
else
AUDISP_PLUGINS_PATH := etc/audisp/plugins.d
endif
# Turn this on if you get issues with out of sequence messages/missing event attributes
# Only needed for some versions of libaudit - if you don't have problems, leave off.
REORDER_HACK :=
ifeq ($(REORDER_HACK),1)
REORDER_HACKF := -DREORDER_HACK
endif
# Turn this off if you want the extra noise of script execs and the like, which do not produce an EXECVE audit message
# See the source code for more info.
IGNORE_EMPTY_EXECVE_COMMAND := 1
ifneq ($(IGNORE_EMPTY_EXECVE_COMMAND),0)
IGNORE_EMPTY_EXECVE_COMMANDF := -DIGNORE_EMPTY_EXECVE_COMMAND
endif
DEBUG :=
ifeq ($(DEBUG),2)
DEBUGF := -DDEBUG
CFLAGS := -Wall -fPIE -DPIE -g -O0 -D_REENTRANT -D_GNU_SOURCE -fstack-protector-all
else ifeq ($(DEBUG),1)
CFLAGS := -fPIE -DPIE -g -O0 -D_REENTRANT -D_GNU_SOURCE -fstack-protector-all
else
CFLAGS := -fPIE -DPIE -g -O2 -D_REENTRANT -D_GNU_SOURCE -fstack-protector-all -D_FORTIFY_SOURCE=2
endif
LDFLAGS := -pie -Wl,-z,relro
LIBS := -lauparse -laudit `curl-config --libs`
DEFINES := -DPROGRAM_VERSION\=${VERSION} ${REORDER_HACKF} ${IGNORE_EMPTY_EXECVE_COMMANDF}
GCC := gcc
LIBTOOL := libtool
INSTALL := install
DESTDIR := /
PREFIX := /usr
all: audisp-json
version:
@echo $(VERSION)
audisp-json: json-config.o audisp-json.o
${LIBTOOL} --tag=CC --mode=link gcc ${CFLAGS} ${LDFLAGS} ${LIBS} -o audisp-json json-config.o audisp-json.o
json-config.o: json-config.c
${GCC} -I. ${CFLAGS} ${LIBS} -c -o json-config.o json-config.c
audisp-json.o: audisp-json.c
${GCC} -I. ${CFLAGS} ${DEBUGF} ${LIBS} ${DEFINES} -c -o audisp-json.o audisp-json.c
install: audisp-json au-json.conf audisp-json.conf
${INSTALL} -D -m 0644 au-json.conf ${DESTDIR}/${PREFIX}/${AUDISP_PLUGINS_PATH}/au-json.conf
${INSTALL} -D -m 0644 audisp-json.conf ${DESTDIR}/${PREFIX}/etc/audisp/audisp-json.conf
${INSTALL} -D -m 0755 audisp-json ${DESTDIR}/${PREFIX}/sbin/audisp-json
uninstall:
rm -f ${DESTDIR}/${PREFIX}/${AUDISP_PLUGINS_PATH}/au-json.conf
rm -f ${DESTDIR}/${PREFIX}/etc/audisp/audisp-json.conf
rm -f ${DESTDIR}/${PREFIX}/sbin/audisp-json
packaging: audisp-json au-json.conf audisp-json.conf example_audit.rules
${INSTALL} -D -m 0644 au-json.conf tmp/${AUDISP_PLUGINS_PATH}/au-json.conf
${INSTALL} -D -m 0644 audisp-json.conf tmp/etc/audisp/audisp-json.conf
${INSTALL} -D -m 0755 audisp-json tmp/sbin/audisp-json
${INSTALL} -D -m 0755 example_audit.rules tmp/usr/share/doc/audisp-json/rules/example_audit.rules
rpm-deps:
@echo "If you want to run this on an centos|amazon|etc build system (e.g. here, amazon), do this:"
@echo `docker run --rm -ti -v $(pwd):/build amazonlinux /bin/bash` then cd /build and run this make target
@echo Installing dependencies...
yum -y install libcurl-devel audit-libs-devel libtool
yum -y install ruby-devel gcc make rpm-build rubygems
gem install --no-ri --no-rdoc fpm
$(MAKE) rpm
rpm: packaging
fpm ${FPMOPTS} -C tmp -v ${VERSION} -n audisp-json --license GPL --vendor mozilla --description "json plugin for Linux Audit" \
--url https://github.com/gdestuynder/audisp-json -d audit-libs -d libcurl \
--config-files ${AUDISP_PLUGINS_PATH}/au-json.conf --config-files etc/audisp/audisp-json.conf -s dir -t rpm .
deb-deps:
@echo "If you want to run this on a debian|ubuntuetc build system (e.g. here, ubuntu), do this:"
@echo `docker run --rm -ti -v $(pwd):/build ubuntu:14.04 /bin/bash` then cd /build and run this make target
@echo Installing dependencies...
apt-get install -y libtool build-essential libcurl4-openssl-dev libaudit-dev libaudit1 libaudit-common libauparse-dev libauparse0 libtool ruby ruby-dev
gem install --no-ri --no-rdoc fpm
$(MAKE) deb
deb: packaging
fpm ${FPMOPTS} -C tmp -v ${VERSION} -n audisp-json --license GPL --vendor mozilla --description "json plugin for Linux Audit" \
--url https://github.com/gdestuynder/audisp-json -d auditd -d libcurl3 \
--deb-build-depends libaudit-dev --deb-build-depends libcurl4-openssl-dev \
--config-files etc/audisp/plugins.d/au-json.conf --config-files etc/audisp/audisp-json.conf -s dir -t deb .
clean:
rm -f audisp-json
rm -fr *.o
rm -fr tmp
rm -rf *.rpm
rm -rf *.deb
release: build_all.sh
./build_all.sh
clean-release:
rm -rf release
test:
./test.sh audit.log
.PHONY: clean