接前一篇文章:SELinux零知识学习三、SELinux应用层源码下载、编译和安装
在前篇文章中编译SELinux源码时,出现了如下错误:
seusers_local.c:11:10: 致命错误:libaudit.h:没有那个文件或目录。
要解决这个错误,需要Audit相关组件。本文就来介绍Audit应用层源码的下载、编译和安装。
一、Audit Userspace源码下载
1. 源码主页
源码GitHub地址如下:
https://github.com/linux-audit/audit-userspace
页面如下所示:
2. 下载指定版本
从上图中可以看到,最新稳定版本为3.1。
选择此版本进行下载。点击上图中链接进入以下页面:
点击上图中的Source code(tar.gz)进行下载,实际链接为:https://github.com/linux-audit/audit-userspace/archive/refs/tags/v3.1.tar.gz。
3. 源码解压
源码下载后的文件为audit-userspace-3.1.tar.gz。将其放到指定目录。
解压源码,命令及结果如下:
$ tar zxvf audit-userspace-3.1.tar.gz
audit-userspace-3.1/
audit-userspace-3.1/.gitattributes
audit-userspace-3.1/.github/
audit-userspace-3.1/.github/ISSUE_TEMPLATE.md
audit-userspace-3.1/.gitignore
audit-userspace-3.1/AUTHORS
audit-userspace-3.1/COPYING
audit-userspace-3.1/COPYING.LIB
audit-userspace-3.1/ChangeLog
audit-userspace-3.1/INSTALL.tmp
audit-userspace-3.1/Makefile.am
audit-userspace-3.1/NEWS
audit-userspace-3.1/README
audit-userspace-3.1/SECURITY.md
audit-userspace-3.1/THANKS
audit-userspace-3.1/TODO
audit-userspace-3.1/audisp/
audit-userspace-3.1/audisp/Makefile.am
audit-userspace-3.1/audisp/audispd-builtins.c
audit-userspace-3.1/audisp/audispd-builtins.h
audit-userspace-3.1/audisp/audispd-config.h
audit-userspace-3.1/audisp/audispd-llist.c
audit-userspace-3.1/audisp/audispd-llist.h
audit-userspace-3.1/audisp/audispd-pconfig.c
audit-userspace-3.1/audisp/audispd-pconfig.h
audit-userspace-3.1/audisp/audispd.c
audit-userspace-3.1/audisp/libdisp.h
audit-userspace-3.1/audisp/plugins/
audit-userspace-3.1/audisp/plugins/Makefile.am
audit-userspace-3.1/audisp/plugins/builtins/
audit-userspace-3.1/audisp/plugins/builtins/Makefile.am
audit-userspace-3.1/audisp/plugins/builtins/af_unix.conf
audit-userspace-3.1/audisp/plugins/ids/
audit-userspace-3.1/audisp/plugins/ids/Makefile.am
audit-userspace-3.1/audisp/plugins/ids/README.md
audit-userspace-3.1/audisp/plugins/ids/TODO
audit-userspace-3.1/audisp/plugins/ids/account.c
audit-userspace-3.1/audisp/plugins/ids/account.h
audit-userspace-3.1/audisp/plugins/ids/audisp-ids.conf
audit-userspace-3.1/audisp/plugins/ids/avl.c
audit-userspace-3.1/audisp/plugins/ids/avl.h
audit-userspace-3.1/audisp/plugins/ids/gcc-attributes.h
audit-userspace-3.1/audisp/plugins/ids/ids.c
audit-userspace-3.1/audisp/plugins/ids/ids.conf
audit-userspace-3.1/audisp/plugins/ids/ids.h
audit-userspace-3.1/audisp/plugins/ids/ids_config.c
audit-userspace-3.1/audisp/plugins/ids/ids_config.h
audit-userspace-3.1/audisp/plugins/ids/model_bad_event.c
audit-userspace-3.1/audisp/plugins/ids/model_bad_event.h
audit-userspace-3.1/audisp/plugins/ids/model_behavior.c
audit-userspace-3.1/audisp/plugins/ids/model_behavior.h
audit-userspace-3.1/audisp/plugins/ids/nvpair.c
audit-userspace-3.1/audisp/plugins/ids/nvpair.h
audit-userspace-3.1/audisp/plugins/ids/origin.c
audit-userspace-3.1/audisp/plugins/ids/origin.h
audit-userspace-3.1/audisp/plugins/ids/reactions.c
audit-userspace-3.1/audisp/plugins/ids/reactions.h
audit-userspace-3.1/audisp/plugins/ids/rules/
audit-userspace-3.1/audisp/plugins/ids/rules/25-connections.rules
audit-userspace-3.1/audisp/plugins/ids/rules/25-make-exec.rules
audit-userspace-3.1/audisp/plugins/ids/rules/25-recon.rules
audit-userspace-3.1/audisp/plugins/ids/rules/25-unpacking.rules
audit-userspace-3.1/audisp/plugins/ids/rules/Makefile.am
audit-userspace-3.1/audisp/plugins/ids/session.c
audit-userspace-3.1/audisp/plugins/ids/session.h
audit-userspace-3.1/audisp/plugins/ids/timer-services.c
audit-userspace-3.1/audisp/plugins/ids/timer-services.h
audit-userspace-3.1/audisp/plugins/remote/
audit-userspace-3.1/audisp/plugins/remote/Makefile.am
audit-userspace-3.1/audisp/plugins/remote/au-remote.conf
audit-userspace-3.1/audisp/plugins/remote/audisp-remote.8
audit-userspace-3.1/audisp/plugins/remote/audisp-remote.c
audit-userspace-3.1/audisp/plugins/remote/audisp-remote.conf
audit-userspace-3.1/audisp/plugins/remote/audisp-remote.conf.5
audit-userspace-3.1/audisp/plugins/remote/notes.txt
audit-userspace-3.1/audisp/plugins/remote/queue.c
audit-userspace-3.1/audisp/plugins/remote/queue.h
audit-userspace-3.1/audisp/plugins/remote/remote-config.c
audit-userspace-3.1/audisp/plugins/remote/remote-config.h
audit-userspace-3.1/audisp/plugins/remote/test-queue.c
audit-userspace-3.1/audisp/plugins/statsd/
audit-userspace-3.1/audisp/plugins/statsd/Makefile.am
audit-userspace-3.1/audisp/plugins/statsd/au-statsd.conf
audit-userspace-3.1/audisp/plugins/statsd/audisp-statsd.8
audit-userspace-3.1/audisp/plugins/statsd/audisp-statsd.c
audit-userspace-3.1/audisp/plugins/statsd/audisp-statsd.conf
audit-userspace-3.1/audisp/plugins/syslog/
audit-userspace-3.1/audisp/plugins/syslog/Makefile.am
audit-userspace-3.1/audisp/plugins/syslog/audisp-syslog.8
audit-userspace-3.1/audisp/plugins/syslog/audisp-syslog.c
audit-userspace-3.1/audisp/plugins/syslog/syslog.conf
audit-userspace-3.1/audisp/plugins/zos-remote/
audit-userspace-3.1/audisp/plugins/zos-remote/Makefile.am
audit-userspace-3.1/audisp/plugins/zos-remote/audispd-zos-remote.conf
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-config.c
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-config.h
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-ldap.c
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-ldap.h
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-log.c
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-log.h
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-plugin.c
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-queue.c
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote-queue.h
audit-userspace-3.1/audisp/plugins/zos-remote/zos-remote.conf
audit-userspace-3.1/audisp/queue.c
audit-userspace-3.1/audisp/queue.h
audit-userspace-3.1/audit.spec
audit-userspace-3.1/auparse/
audit-userspace-3.1/auparse/Makefile.am
audit-userspace-3.1/auparse/accesstab.h
audit-userspace-3.1/auparse/auditd-config.c
audit-userspace-3.1/auparse/auparse-defs.h
audit-userspace-3.1/auparse/auparse-idata.h
audit-userspace-3.1/auparse/auparse.c
audit-userspace-3.1/auparse/auparse.h
audit-userspace-3.1/auparse/auparse.pc.in
audit-userspace-3.1/auparse/bpftab.h
audit-userspace-3.1/auparse/captab.h
audit-userspace-3.1/auparse/clocktab.h
audit-userspace-3.1/auparse/clone-flagtab.h
audit-userspace-3.1/auparse/data_buf.c
audit-userspace-3.1/auparse/data_buf.h
audit-userspace-3.1/auparse/ellist.c
audit-userspace-3.1/auparse/ellist.h
audit-userspace-3.1/auparse/epoll_ctl.h
audit-userspace-3.1/auparse/expression-design.txt
audit-userspace-3.1/auparse/expression.c
audit-userspace-3.1/auparse/expression.h
audit-userspace-3.1/auparse/famtab.h
audit-userspace-3.1/auparse/fcntl-cmdtab.h
audit-userspace-3.1/auparse/flagtab.h
audit-userspace-3.1/auparse/icmptypetab.h
audit-userspace-3.1/auparse/inethooktab.h
audit-userspace-3.1/auparse/internal.h
audit-userspace-3.1/auparse/interpret.c
audit-userspace-3.1/auparse/interpret.h
audit-userspace-3.1/auparse/ioctlreqtab.h
audit-userspace-3.1/auparse/ip6optnametab.h
audit-userspace-3.1/auparse/ipccmdtab.h
audit-userspace-3.1/auparse/ipctab.h
audit-userspace-3.1/auparse/ipoptnametab.h
audit-userspace-3.1/auparse/lru.c
audit-userspace-3.1/auparse/lru.h
audit-userspace-3.1/auparse/message.c
audit-userspace-3.1/auparse/mmaptab.h
audit-userspace-3.1/auparse/mounttab.h
audit-userspace-3.1/auparse/netactiontab.h
audit-userspace-3.1/auparse/nfprototab.h
audit-userspace-3.1/auparse/normalize-internal.h
audit-userspace-3.1/auparse/normalize-llist.c
audit-userspace-3.1/auparse/normalize-llist.h
audit-userspace-3.1/auparse/normalize.c
audit-userspace-3.1/auparse/normalize_evtypetab.h
audit-userspace-3.1/auparse/normalize_obj_kind_map.h
audit-userspace-3.1/auparse/normalize_record_map.h
audit-userspace-3.1/auparse/normalize_syscall_map.h
audit-userspace-3.1/auparse/nvlist.c
audit-userspace-3.1/auparse/nvlist.h
audit-userspace-3.1/auparse/open-flagtab.h
audit-userspace-3.1/auparse/openat2-resolvetab.h
audit-userspace-3.1/auparse/persontab.h
audit-userspace-3.1/auparse/pktoptnametab.h
audit-userspace-3.1/auparse/prctl-opt-tab.h
audit-userspace-3.1/auparse/private.h
audit-userspace-3.1/auparse/prottab.h
audit-userspace-3.1/auparse/ptracetab.h
audit-userspace-3.1/auparse/recvtab.h
audit-userspace-3.1/auparse/rlimittab.h
audit-userspace-3.1/auparse/rnode.h
audit-userspace-3.1/auparse/schedtab.h
audit-userspace-3.1/auparse/seccomptab.h
audit-userspace-3.1/auparse/seektab.h
audit-userspace-3.1/auparse/shm_modetab.h
audit-userspace-3.1/auparse/signaltab.h
audit-userspace-3.1/auparse/sockleveltab.h
audit-userspace-3.1/auparse/sockoptnametab.h
audit-userspace-3.1/auparse/socktab.h
audit-userspace-3.1/auparse/socktypetab.h
audit-userspace-3.1/auparse/tcpoptnametab.h
audit-userspace-3.1/auparse/test/
audit-userspace-3.1/auparse/test/Makefile.am
audit-userspace-3.1/auparse/test/auditd_raw.sed
audit-userspace-3.1/auparse/test/auparse_test.c
audit-userspace-3.1/auparse/test/auparse_test.py
audit-userspace-3.1/auparse/test/auparse_test.ref
audit-userspace-3.1/auparse/test/auparse_test.ref.py
audit-userspace-3.1/auparse/test/auparselol_test.c
audit-userspace-3.1/auparse/test/lookup_test.c
audit-userspace-3.1/auparse/test/test.log
audit-userspace-3.1/auparse/test/test2.log
audit-userspace-3.1/auparse/test/test3.log
audit-userspace-3.1/auparse/test/test4.log
audit-userspace-3.1/auparse/tty_named_keys.h
audit-userspace-3.1/auparse/typetab.h
audit-userspace-3.1/auparse/umounttab.h
audit-userspace-3.1/autogen.sh
audit-userspace-3.1/bindings/
audit-userspace-3.1/bindings/Makefile.am
audit-userspace-3.1/bindings/golang/
audit-userspace-3.1/bindings/golang/Makefile.am
audit-userspace-3.1/bindings/golang/audit.go
audit-userspace-3.1/bindings/golang/test.go
audit-userspace-3.1/bindings/python/
audit-userspace-3.1/bindings/python/Makefile.am
audit-userspace-3.1/bindings/python/auparse_python.c
audit-userspace-3.1/bindings/python/python2/
audit-userspace-3.1/bindings/python/python2/Makefile.am
audit-userspace-3.1/bindings/python/python3/
audit-userspace-3.1/bindings/python/python3/Makefile.am
audit-userspace-3.1/bindings/swig/
audit-userspace-3.1/bindings/swig/Makefile.am
audit-userspace-3.1/bindings/swig/python/
audit-userspace-3.1/bindings/swig/python/Makefile.am
audit-userspace-3.1/bindings/swig/python3/
audit-userspace-3.1/bindings/swig/python3/Makefile.am
audit-userspace-3.1/bindings/swig/src/
audit-userspace-3.1/bindings/swig/src/Makefile.am
audit-userspace-3.1/bindings/swig/src/auditswig.i
audit-userspace-3.1/common/
audit-userspace-3.1/common/Makefile.am
audit-userspace-3.1/common/audit-fgets.c
audit-userspace-3.1/common/common.h
audit-userspace-3.1/common/strsplit.c
audit-userspace-3.1/configure.ac
audit-userspace-3.1/contrib/
audit-userspace-3.1/contrib/avc_snap
audit-userspace-3.1/contrib/plugin/
audit-userspace-3.1/contrib/plugin/Makefile
audit-userspace-3.1/contrib/plugin/audisp-example.c
audit-userspace-3.1/contrib/plugin/audisp-example.conf
audit-userspace-3.1/docs/
audit-userspace-3.1/docs/Makefile.am
audit-userspace-3.1/docs/audispd-zos-remote.8
audit-userspace-3.1/docs/audit.rules.7
audit-userspace-3.1/docs/audit_add_rule_data.3
audit-userspace-3.1/docs/audit_add_watch.3
audit-userspace-3.1/docs/audit_close.3
audit-userspace-3.1/docs/audit_delete_rule_data.3
audit-userspace-3.1/docs/audit_detect_machine.3
audit-userspace-3.1/docs/audit_encode_nv_string.3
audit-userspace-3.1/docs/audit_encode_value.3
audit-userspace-3.1/docs/audit_flag_to_name.3
audit-userspace-3.1/docs/audit_fstype_to_name.3
audit-userspace-3.1/docs/audit_get_reply.3
audit-userspace-3.1/docs/audit_get_session.3
audit-userspace-3.1/docs/audit_getloginuid.3
audit-userspace-3.1/docs/audit_is_enabled.3
audit-userspace-3.1/docs/audit_log_acct_message.3
audit-userspace-3.1/docs/audit_log_semanage_message.3
audit-userspace-3.1/docs/audit_log_user_avc_message.3
audit-userspace-3.1/docs/audit_log_user_comm_message.3
audit-userspace-3.1/docs/audit_log_user_command.3
audit-userspace-3.1/docs/audit_log_user_message.3
audit-userspace-3.1/docs/audit_name_to_action.3
audit-userspace-3.1/docs/audit_name_to_errno.3
audit-userspace-3.1/docs/audit_name_to_flag.3
audit-userspace-3.1/docs/audit_name_to_fstype.3
audit-userspace-3.1/docs/audit_name_to_syscall.3
audit-userspace-3.1/docs/audit_open.3
audit-userspace-3.1/docs/audit_request_rules_list_data.3
audit-userspace-3.1/docs/audit_request_signal_info.3
audit-userspace-3.1/docs/audit_request_status.3
audit-userspace-3.1/docs/audit_set_backlog_limit.3
audit-userspace-3.1/docs/audit_set_backlog_wait_time.3
audit-userspace-3.1/docs/audit_set_enabled.3
audit-userspace-3.1/docs/audit_set_failure.3
audit-userspace-3.1/docs/audit_set_pid.3
audit-userspace-3.1/docs/audit_set_rate_limit.3
audit-userspace-3.1/docs/audit_setloginuid.3
audit-userspace-3.1/docs/audit_syscall_to_name.3
audit-userspace-3.1/docs/audit_update_watch_perms.3
audit-userspace-3.1/docs/audit_value_needs_encoding.3
audit-userspace-3.1/docs/auditctl.8
audit-userspace-3.1/docs/auditd-plugins.5
audit-userspace-3.1/docs/auditd.8
audit-userspace-3.1/docs/auditd.conf.5
audit-userspace-3.1/docs/augenrules.8
audit-userspace-3.1/docs/auparse_add_callback.3
audit-userspace-3.1/docs/auparse_destroy.3
audit-userspace-3.1/docs/auparse_feed.3
audit-userspace-3.1/docs/auparse_feed_age_events.3
audit-userspace-3.1/docs/auparse_feed_has_data.3
audit-userspace-3.1/docs/auparse_find_field.3
audit-userspace-3.1/docs/auparse_find_field_next.3
audit-userspace-3.1/docs/auparse_first_field.3
audit-userspace-3.1/docs/auparse_first_record.3
audit-userspace-3.1/docs/auparse_flush_feed.3
audit-userspace-3.1/docs/auparse_get_field_int.3
audit-userspace-3.1/docs/auparse_get_field_name.3
audit-userspace-3.1/docs/auparse_get_field_num.3
audit-userspace-3.1/docs/auparse_get_field_str.3
audit-userspace-3.1/docs/auparse_get_field_type.3
audit-userspace-3.1/docs/auparse_get_filename.3
audit-userspace-3.1/docs/auparse_get_line_number.3
audit-userspace-3.1/docs/auparse_get_milli.3
audit-userspace-3.1/docs/auparse_get_node.3
audit-userspace-3.1/docs/auparse_get_num_fields.3
audit-userspace-3.1/docs/auparse_get_num_records.3
audit-userspace-3.1/docs/auparse_get_record_num.3
audit-userspace-3.1/docs/auparse_get_record_text.3
audit-userspace-3.1/docs/auparse_get_serial.3
audit-userspace-3.1/docs/auparse_get_time.3
audit-userspace-3.1/docs/auparse_get_timestamp.3
audit-userspace-3.1/docs/auparse_get_type.3
audit-userspace-3.1/docs/auparse_get_type_name.3
audit-userspace-3.1/docs/auparse_goto_field_num.3
audit-userspace-3.1/docs/auparse_goto_record_num.3
audit-userspace-3.1/docs/auparse_init.3
audit-userspace-3.1/docs/auparse_interpret_field.3
audit-userspace-3.1/docs/auparse_new_buffer.3
audit-userspace-3.1/docs/auparse_next_event.3
audit-userspace-3.1/docs/auparse_next_field.3
audit-userspace-3.1/docs/auparse_next_record.3
audit-userspace-3.1/docs/auparse_node_compare.3
audit-userspace-3.1/docs/auparse_normalize.3
audit-userspace-3.1/docs/auparse_normalize_functions.3
audit-userspace-3.1/docs/auparse_reset.3
audit-userspace-3.1/docs/auparse_set_eoe_timeout.3
audit-userspace-3.1/docs/auparse_set_escape_mode.3
audit-userspace-3.1/docs/auparse_timestamp_compare.3
audit-userspace-3.1/docs/aureport.8
audit-userspace-3.1/docs/ausearch-expression.5
audit-userspace-3.1/docs/ausearch.8
audit-userspace-3.1/docs/ausearch_add_expression.3
audit-userspace-3.1/docs/ausearch_add_interpreted_item.3
audit-userspace-3.1/docs/ausearch_add_item.3
audit-userspace-3.1/docs/ausearch_add_regex.3
audit-userspace-3.1/docs/ausearch_add_timestamp_item.3
audit-userspace-3.1/docs/ausearch_add_timestamp_item_ex.3
audit-userspace-3.1/docs/ausearch_clear.3
audit-userspace-3.1/docs/ausearch_next_event.3
audit-userspace-3.1/docs/ausearch_set_stop.3
audit-userspace-3.1/docs/autrace.8
audit-userspace-3.1/docs/get_auditfail_action.3
audit-userspace-3.1/docs/libaudit.conf.5
audit-userspace-3.1/docs/set_aumessage_mode.3
audit-userspace-3.1/docs/zos-remote.conf.5
audit-userspace-3.1/init.d/
audit-userspace-3.1/init.d/Makefile.am
audit-userspace-3.1/init.d/audit-functions
audit-userspace-3.1/init.d/audit-stop.rules
audit-userspace-3.1/init.d/auditd.condrestart
audit-userspace-3.1/init.d/auditd.conf
audit-userspace-3.1/init.d/auditd.cron
audit-userspace-3.1/init.d/auditd.init
audit-userspace-3.1/init.d/auditd.reload
audit-userspace-3.1/init.d/auditd.restart
audit-userspace-3.1/init.d/auditd.resume
audit-userspace-3.1/init.d/auditd.rotate
audit-userspace-3.1/init.d/auditd.service
audit-userspace-3.1/init.d/auditd.state
audit-userspace-3.1/init.d/auditd.stop
audit-userspace-3.1/init.d/auditd.sysconfig
audit-userspace-3.1/init.d/augenrules
audit-userspace-3.1/init.d/libaudit.conf
audit-userspace-3.1/lib/
audit-userspace-3.1/lib/Makefile.am
audit-userspace-3.1/lib/aarch64_table.h
audit-userspace-3.1/lib/actiontab.h
audit-userspace-3.1/lib/arm_table.h
audit-userspace-3.1/lib/audit.pc.in
audit-userspace-3.1/lib/audit_logging.c
audit-userspace-3.1/lib/deprecated.c
audit-userspace-3.1/lib/dso.h
audit-userspace-3.1/lib/errormsg.h
audit-userspace-3.1/lib/errtab.h
audit-userspace-3.1/lib/fieldtab.h
audit-userspace-3.1/lib/flagtab.h
audit-userspace-3.1/lib/fstypetab.h
audit-userspace-3.1/lib/ftypetab.h
audit-userspace-3.1/lib/gen_tables.c
audit-userspace-3.1/lib/gen_tables.h
audit-userspace-3.1/lib/i386_table.h
audit-userspace-3.1/lib/libaudit.c
audit-userspace-3.1/lib/libaudit.h
audit-userspace-3.1/lib/lookup_table.c
audit-userspace-3.1/lib/machinetab.h
audit-userspace-3.1/lib/message.c
audit-userspace-3.1/lib/msg_typetab.h
audit-userspace-3.1/lib/netlink.c
audit-userspace-3.1/lib/optab.h
audit-userspace-3.1/lib/ppc_table.h
audit-userspace-3.1/lib/private.h
audit-userspace-3.1/lib/s390_table.h
audit-userspace-3.1/lib/s390x_table.h
audit-userspace-3.1/lib/syscall-update.txt
audit-userspace-3.1/lib/test/
audit-userspace-3.1/lib/test/Makefile.am
audit-userspace-3.1/lib/test/lookup_test.c
audit-userspace-3.1/lib/uringop_table.h
audit-userspace-3.1/lib/x86_64_table.h
audit-userspace-3.1/m4/
audit-userspace-3.1/m4/Makefile.am
audit-userspace-3.1/m4/audit.m4
audit-userspace-3.1/m4/ax_prog_cc_for_build.m4
audit-userspace-3.1/m4/cap-ng.m4
audit-userspace-3.1/rules/
audit-userspace-3.1/rules/10-base-config.rules
audit-userspace-3.1/rules/10-no-audit.rules
audit-userspace-3.1/rules/11-loginuid.rules
audit-userspace-3.1/rules/12-cont-fail.rules
audit-userspace-3.1/rules/12-ignore-error.rules
audit-userspace-3.1/rules/20-dont-audit.rules
audit-userspace-3.1/rules/21-no32bit.rules
audit-userspace-3.1/rules/22-ignore-chrony.rules
audit-userspace-3.1/rules/23-ignore-filesystems.rules
audit-userspace-3.1/rules/30-nispom.rules
audit-userspace-3.1/rules/30-ospp-v42-1-create-failed.rules
audit-userspace-3.1/rules/30-ospp-v42-1-create-success.rules
audit-userspace-3.1/rules/30-ospp-v42-2-modify-failed.rules
audit-userspace-3.1/rules/30-ospp-v42-2-modify-success.rules
audit-userspace-3.1/rules/30-ospp-v42-3-access-failed.rules
audit-userspace-3.1/rules/30-ospp-v42-3-access-success.rules
audit-userspace-3.1/rules/30-ospp-v42-4-delete-failed.rules
audit-userspace-3.1/rules/30-ospp-v42-4-delete-success.rules
audit-userspace-3.1/rules/30-ospp-v42-5-perm-change-failed.rules
audit-userspace-3.1/rules/30-ospp-v42-5-perm-change-success.rules
audit-userspace-3.1/rules/30-ospp-v42-6-owner-change-failed.rules
audit-userspace-3.1/rules/30-ospp-v42-6-owner-change-success.rules
audit-userspace-3.1/rules/30-ospp-v42.rules
audit-userspace-3.1/rules/30-pci-dss-v31.rules
audit-userspace-3.1/rules/30-stig.rules
audit-userspace-3.1/rules/31-privileged.rules
audit-userspace-3.1/rules/32-power-abuse.rules
audit-userspace-3.1/rules/40-local.rules
audit-userspace-3.1/rules/41-containers.rules
audit-userspace-3.1/rules/42-injection.rules
audit-userspace-3.1/rules/43-module-load.rules
audit-userspace-3.1/rules/44-installers.rules
audit-userspace-3.1/rules/70-einval.rules
audit-userspace-3.1/rules/71-networking.rules
audit-userspace-3.1/rules/99-finalize.rules
audit-userspace-3.1/rules/Makefile.am
audit-userspace-3.1/rules/README-rules
audit-userspace-3.1/src/
audit-userspace-3.1/src/Makefile.am
audit-userspace-3.1/src/auditctl-listing.c
audit-userspace-3.1/src/auditctl-listing.h
audit-userspace-3.1/src/auditctl-llist.c
audit-userspace-3.1/src/auditctl-llist.h
audit-userspace-3.1/src/auditctl.c
audit-userspace-3.1/src/auditd-config.c
audit-userspace-3.1/src/auditd-config.h
audit-userspace-3.1/src/auditd-dispatch.c
audit-userspace-3.1/src/auditd-dispatch.h
audit-userspace-3.1/src/auditd-event.c
audit-userspace-3.1/src/auditd-event.h
audit-userspace-3.1/src/auditd-listen.c
audit-userspace-3.1/src/auditd-listen.h
audit-userspace-3.1/src/auditd-reconfig.c
audit-userspace-3.1/src/auditd-sendmail.c
audit-userspace-3.1/src/auditd.c
audit-userspace-3.1/src/aureport-options.c
audit-userspace-3.1/src/aureport-options.h
audit-userspace-3.1/src/aureport-output.c
audit-userspace-3.1/src/aureport-scan.c
audit-userspace-3.1/src/aureport-scan.h
audit-userspace-3.1/src/aureport.c
audit-userspace-3.1/src/ausearch-avc.c
audit-userspace-3.1/src/ausearch-avc.h
audit-userspace-3.1/src/ausearch-checkpt.c
audit-userspace-3.1/src/ausearch-checkpt.h
audit-userspace-3.1/src/ausearch-common.h
audit-userspace-3.1/src/ausearch-int.c
audit-userspace-3.1/src/ausearch-int.h
audit-userspace-3.1/src/ausearch-llist.c
audit-userspace-3.1/src/ausearch-llist.h
audit-userspace-3.1/src/ausearch-lol.c
audit-userspace-3.1/src/ausearch-lol.h
audit-userspace-3.1/src/ausearch-lookup.c
audit-userspace-3.1/src/ausearch-lookup.h
audit-userspace-3.1/src/ausearch-match.c
audit-userspace-3.1/src/ausearch-nvpair.c
audit-userspace-3.1/src/ausearch-nvpair.h
audit-userspace-3.1/src/ausearch-options.c
audit-userspace-3.1/src/ausearch-options.h
audit-userspace-3.1/src/ausearch-parse.c
audit-userspace-3.1/src/ausearch-parse.h
audit-userspace-3.1/src/ausearch-report.c
audit-userspace-3.1/src/ausearch-string.c
audit-userspace-3.1/src/ausearch-string.h
audit-userspace-3.1/src/ausearch-time.c
audit-userspace-3.1/src/ausearch-time.h
audit-userspace-3.1/src/ausearch.c
audit-userspace-3.1/src/autrace.c
audit-userspace-3.1/src/delete_all.c
audit-userspace-3.1/src/libev/
audit-userspace-3.1/src/libev/Makefile.am
audit-userspace-3.1/src/libev/README
audit-userspace-3.1/src/libev/ev.c
audit-userspace-3.1/src/libev/ev.h
audit-userspace-3.1/src/libev/ev_epoll.c
audit-userspace-3.1/src/libev/ev_iouring.c
audit-userspace-3.1/src/libev/ev_linuxaio.c
audit-userspace-3.1/src/libev/ev_poll.c
audit-userspace-3.1/src/libev/ev_select.c
audit-userspace-3.1/src/libev/ev_vars.h
audit-userspace-3.1/src/libev/ev_wrap.h
audit-userspace-3.1/src/libev/event.c
audit-userspace-3.1/src/libev/event.h
audit-userspace-3.1/src/libev/libev.m4
audit-userspace-3.1/src/test/
audit-userspace-3.1/src/test/Makefile.am
audit-userspace-3.1/src/test/ilist_test.c
audit-userspace-3.1/src/test/slist_test.c
audit-userspace-3.1/tools/
audit-userspace-3.1/tools/Makefile.am
audit-userspace-3.1/tools/aulast/
audit-userspace-3.1/tools/aulast/Makefile.am
audit-userspace-3.1/tools/aulast/aulast-llist.c
audit-userspace-3.1/tools/aulast/aulast-llist.h
audit-userspace-3.1/tools/aulast/aulast.8
audit-userspace-3.1/tools/aulast/aulast.c
audit-userspace-3.1/tools/aulastlog/
audit-userspace-3.1/tools/aulastlog/Makefile.am
audit-userspace-3.1/tools/aulastlog/aulastlog-llist.c
audit-userspace-3.1/tools/aulastlog/aulastlog-llist.h
audit-userspace-3.1/tools/aulastlog/aulastlog.8
audit-userspace-3.1/tools/aulastlog/aulastlog.c
audit-userspace-3.1/tools/ausyscall/
audit-userspace-3.1/tools/ausyscall/Makefile.am
audit-userspace-3.1/tools/ausyscall/ausyscall.8
audit-userspace-3.1/tools/ausyscall/ausyscall.c
audit-userspace-3.1/tools/auvirt/
audit-userspace-3.1/tools/auvirt/Makefile.am
audit-userspace-3.1/tools/auvirt/auvirt-list.c
audit-userspace-3.1/tools/auvirt/auvirt-list.h
audit-userspace-3.1/tools/auvirt/auvirt.8
audit-userspace-3.1/tools/auvirt/auvirt.c
解压后进入到源码根目录。
$ cd audit-userspace-3.1/
$ ls
audisp audit.spec auparse AUTHORS autogen.sh bindings ChangeLog common configure.ac contrib COPYING COPYING.LIB docs init.d INSTALL.tmp lib m4 Makefile.am NEWS README rules SECURITY.md src THANKS TODO tools
$ ls -l
总计 176
drwxrwxr-x 3 penghao penghao 4096 2月 9日 23:35 audisp
-rw-rw-r-- 1 penghao penghao 9615 2月 9日 23:35 audit.spec
drwxrwxr-x 3 penghao penghao 4096 2月 9日 23:35 auparse
-rw-rw-r-- 1 penghao penghao 102 2月 9日 23:35 AUTHORS
-rwxrwxr-x 1 penghao penghao 132 2月 9日 23:35 autogen.sh
drwxrwxr-x 5 penghao penghao 4096 2月 9日 23:35 bindings
-rw-rw-r-- 1 penghao penghao 12745 2月 9日 23:35 ChangeLog
drwxrwxr-x 2 penghao penghao 4096 2月 9日 23:35 common
-rw-rw-r-- 1 penghao penghao 16277 2月 9日 23:35 configure.ac
drwxrwxr-x 3 penghao penghao 4096 2月 9日 23:35 contrib
-rw-rw-r-- 1 penghao penghao 17992 2月 9日 23:35 COPYING
-rw-rw-r-- 1 penghao penghao 26542 2月 9日 23:35 COPYING.LIB
drwxrwxr-x 2 penghao penghao 4096 2月 9日 23:35 docs
drwxrwxr-x 2 penghao penghao 4096 2月 9日 23:35 init.d
-rw-rw-r-- 1 penghao penghao 1046 2月 9日 23:35 INSTALL.tmp
drwxrwxr-x 3 penghao penghao 4096 2月 9日 23:35 lib
drwxrwxr-x 2 penghao penghao 4096 2月 9日 23:35 m4
-rw-rw-r-- 1 penghao penghao 1344 2月 9日 23:35 Makefile.am
-rw-rw-r-- 1 penghao penghao 0 2月 9日 23:35 NEWS
-rw-rw-r-- 1 penghao penghao 4952 2月 9日 23:35 README
drwxrwxr-x 2 penghao penghao 4096 2月 9日 23:35 rules
-rw-rw-r-- 1 penghao penghao 484 2月 9日 23:35 SECURITY.md
drwxrwxr-x 4 penghao penghao 4096 2月 9日 23:35 src
-rw-rw-r-- 1 penghao penghao 1038 2月 9日 23:35 THANKS
-rw-rw-r-- 1 penghao penghao 669 2月 9日 23:35 TODO
drwxrwxr-x 6 penghao penghao 4096 2月 9日 23:35 tools
二、Audit Userspace源码构建
参考源码根目录下的INSTALL.tmp文件中的指导步骤。
1. 生成configure文件
运行autogen.sh命令生成configure文件,命令及结果如下所示:
$ ./autogen.sh
+ autoreconf -fv --install
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
libtoolize: Consider adding '-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
autoreconf: configure.ac: not using Intltool
autoreconf: configure.ac: not using Gtkdoc
autoreconf: running: aclocal --force
autoreconf: running: /usr/local/bin/autoconf --force
configure.ac:34: warning: 'AM_CONFIG_HEADER': this macro is obsolete.
configure.ac:34: You should use the 'AC_CONFIG_HEADERS' macro instead.
./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
aclocal.m4:745: AM_CONFIG_HEADER is expanded from...
configure.ac:34: the top level
configure.ac:41: warning: The macro `AM_PROG_LIBTOOL' is obsolete.
configure.ac:41: You should run autoupdate.
m4/libtool.m4:101: AM_PROG_LIBTOOL is expanded from...
configure.ac:41: the top level
configure.ac:58: warning: The macro `AC_HEADER_STDC' is obsolete.
configure.ac:58: You should run autoupdate.
./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
configure.ac:58: the top level
configure.ac:59: warning: The macro `AC_HEADER_TIME' is obsolete.
configure.ac:59: You should run autoupdate.
./lib/autoconf/headers.m4:743: AC_HEADER_TIME is expanded from...
configure.ac:59: the top level
configure.ac:409: warning: The macro `AC_TRY_LINK' is obsolete.
configure.ac:409: You should run autoupdate.
./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from...
lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
./lib/autoconf/general.m4:1553: AC_ARG_WITH is expanded from...
configure.ac:409: the top level
configure.ac:474: warning: AC_OUTPUT should be used without arguments.
configure.ac:474: You should run autoupdate.
autoreconf: running: /usr/local/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:41: installing './compile'
configure.ac:39: installing './config.guess'
configure.ac:39: installing './config.sub'
configure.ac:40: installing './install-sh'
configure.ac:40: installing './missing'
Makefile.am: installing './INSTALL'
audisp/Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
auparse/Makefile.am:91: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:91: but option 'subdir-objects' is disabled
automake: warning: possible forward-incompatibility.
automake: At least one source file is in a subdirectory, but the 'subdir-objects'
automake: automake option hasn't been enabled. For now, the corresponding output
automake: object file(s) will be placed in the top-level directory. However, this
automake: behavior may change in a future Automake major version, with object
automake: files being placed in the same subdirectory as the corresponding sources.
automake: You are advised to start using 'subdir-objects' option throughout your
automake: project, to avoid future incompatibilities.
auparse/Makefile.am:654: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:654: but option 'subdir-objects' is disabled
auparse/Makefile.am:104: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:104: but option 'subdir-objects' is disabled
auparse/Makefile.am:117: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:117: but option 'subdir-objects' is disabled
auparse/Makefile.am:130: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:130: but option 'subdir-objects' is disabled
auparse/Makefile.am:144: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:144: but option 'subdir-objects' is disabled
auparse/Makefile.am:157: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:157: but option 'subdir-objects' is disabled
auparse/Makefile.am:184: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:184: but option 'subdir-objects' is disabled
auparse/Makefile.am:170: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:170: but option 'subdir-objects' is disabled
auparse/Makefile.am:198: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:198: but option 'subdir-objects' is disabled
auparse/Makefile.am:576: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:576: but option 'subdir-objects' is disabled
auparse/Makefile.am:211: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:211: but option 'subdir-objects' is disabled
auparse/Makefile.am:263: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:263: but option 'subdir-objects' is disabled
auparse/Makefile.am:237: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:237: but option 'subdir-objects' is disabled
auparse/Makefile.am:224: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:224: but option 'subdir-objects' is disabled
auparse/Makefile.am:250: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:250: but option 'subdir-objects' is disabled
auparse/Makefile.am:276: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:276: but option 'subdir-objects' is disabled
auparse/Makefile.am:289: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:289: but option 'subdir-objects' is disabled
auparse/Makefile.am:589: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:589: but option 'subdir-objects' is disabled
auparse/Makefile.am:302: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:302: but option 'subdir-objects' is disabled
auparse/Makefile.am:641: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:641: but option 'subdir-objects' is disabled
auparse/Makefile.am:628: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:628: but option 'subdir-objects' is disabled
auparse/Makefile.am:602: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:602: but option 'subdir-objects' is disabled
auparse/Makefile.am:615: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:615: but option 'subdir-objects' is disabled
auparse/Makefile.am:315: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:315: but option 'subdir-objects' is disabled
auparse/Makefile.am:667: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:667: but option 'subdir-objects' is disabled
auparse/Makefile.am:329: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:329: but option 'subdir-objects' is disabled
auparse/Makefile.am:368: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:368: but option 'subdir-objects' is disabled
auparse/Makefile.am:355: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:355: but option 'subdir-objects' is disabled
auparse/Makefile.am:381: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:381: but option 'subdir-objects' is disabled
auparse/Makefile.am:342: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:342: but option 'subdir-objects' is disabled
auparse/Makefile.am:394: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:394: but option 'subdir-objects' is disabled
auparse/Makefile.am:407: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:407: but option 'subdir-objects' is disabled
auparse/Makefile.am:420: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:420: but option 'subdir-objects' is disabled
auparse/Makefile.am:433: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:433: but option 'subdir-objects' is disabled
auparse/Makefile.am:446: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:446: but option 'subdir-objects' is disabled
auparse/Makefile.am:459: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:459: but option 'subdir-objects' is disabled
auparse/Makefile.am:472: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:472: but option 'subdir-objects' is disabled
auparse/Makefile.am:485: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:485: but option 'subdir-objects' is disabled
auparse/Makefile.am:498: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:498: but option 'subdir-objects' is disabled
auparse/Makefile.am:511: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:511: but option 'subdir-objects' is disabled
auparse/Makefile.am:524: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:524: but option 'subdir-objects' is disabled
auparse/Makefile.am:537: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:537: but option 'subdir-objects' is disabled
auparse/Makefile.am:550: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:550: but option 'subdir-objects' is disabled
auparse/Makefile.am:563: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:563: but option 'subdir-objects' is disabled
bindings/python/python2/Makefile.am:31: warning: source file '$(top_srcdir)/bindings/python/auparse_python.c' is in a subdirectory,
bindings/python/python2/Makefile.am:31: but option 'subdir-objects' is disabled
bindings/python/python3/Makefile.am:30: warning: source file '$(top_srcdir)/bindings/python/auparse_python.c' is in a subdirectory,
bindings/python/python3/Makefile.am:30: but option 'subdir-objects' is disabled
bindings/swig/python/Makefile.am:28: installing './py-compile'
bindings/swig/src/Makefile.am:25: warning: variable 'SWIG_SOURCES' is defined but no program or
bindings/swig/src/Makefile.am:25: library has 'SWIG' as canonical name (possible typo)
tools/auvirt/Makefile.am:38: warning: source file '${top_srcdir}/src/ausearch-time.c' is in a subdirectory,
tools/auvirt/Makefile.am:38: but option 'subdir-objects' is disabled
autoreconf: Leaving directory '.'
+ cp INSTALL.tmp INSTALL
执行后源码根目录内容如下:
$ ls
aclocal.m4 auparse autom4te.cache common config.h.in configure.ac COPYING.LIB init.d INSTALL.tmp m4 missing README src TODO
audisp AUTHORS bindings compile config.sub contrib depcomp INSTALL lib Makefile.am NEWS rules test-driver tools
audit.spec autogen.sh ChangeLog config.guess configure COPYING docs install-sh ltmain.sh Makefile.in py-compile SECURITY.md THANKS
$ ls -l
总计 1344
-rw-rw-r-- 1 penghao penghao 57204 3月31日 10:17 aclocal.m4
drwxrwxr-x 3 penghao penghao 4096 3月31日 10:17 audisp
-rw-rw-r-- 1 penghao penghao 9615 2月 9日 23:35 audit.spec
drwxrwxr-x 3 penghao penghao 4096 3月31日 10:17 auparse
-rw-rw-r-- 1 penghao penghao 102 2月 9日 23:35 AUTHORS
-rwxrwxr-x 1 penghao penghao 132 2月 9日 23:35 autogen.sh
drwxr-xr-x 2 penghao penghao 4096 3月31日 10:17 autom4te.cache
drwxrwxr-x 5 penghao penghao 4096 3月31日 10:17 bindings
-rw-rw-r-- 1 penghao penghao 12745 2月 9日 23:35 ChangeLog
drwxrwxr-x 2 penghao penghao 4096 3月31日 10:17 common
-rwxr-xr-x 1 penghao penghao 7400 3月31日 10:17 compile
-rwxr-xr-x 1 penghao penghao 49348 3月31日 10:17 config.guess
-rw-rw-r-- 1 penghao penghao 6070 3月31日 10:17 config.h.in
-rwxr-xr-x 1 penghao penghao 35276 3月31日 10:17 config.sub
-rwxrwxr-x 1 penghao penghao 591519 3月31日 10:17 configure
-rw-rw-r-- 1 penghao penghao 16277 2月 9日 23:35 configure.ac
drwxrwxr-x 3 penghao penghao 4096 2月 9日 23:35 contrib
-rw-rw-r-- 1 penghao penghao 17992 2月 9日 23:35 COPYING
-rw-rw-r-- 1 penghao penghao 26542 2月 9日 23:35 COPYING.LIB
-rwxr-xr-x 1 penghao penghao 23568 3月31日 10:17 depcomp
drwxrwxr-x 2 penghao penghao 4096 3月31日 10:17 docs
drwxrwxr-x 2 penghao penghao 4096 3月31日 10:17 init.d
-rw-r--r-- 1 penghao penghao 1046 3月31日 10:17 INSTALL
-rwxr-xr-x 1 penghao penghao 15358 3月31日 10:17 install-sh
-rw-rw-r-- 1 penghao penghao 1046 2月 9日 23:35 INSTALL.tmp
drwxrwxr-x 3 penghao penghao 4096 3月31日 10:17 lib
-rw-r--r-- 1 penghao penghao 333062 3月31日 10:17 ltmain.sh
drwxrwxr-x 2 penghao penghao 4096 3月31日 10:17 m4
-rw-rw-r-- 1 penghao penghao 1344 2月 9日 23:35 Makefile.am
-rw-rw-r-- 1 penghao penghao 28384 3月31日 10:17 Makefile.in
-rwxr-xr-x 1 penghao penghao 6878 3月31日 10:17 missing
-rw-rw-r-- 1 penghao penghao 0 2月 9日 23:35 NEWS
-rwxr-xr-x 1 penghao penghao 5234 3月31日 10:17 py-compile
-rw-rw-r-- 1 penghao penghao 4952 2月 9日 23:35 README
drwxrwxr-x 2 penghao penghao 4096 3月31日 10:17 rules
-rw-rw-r-- 1 penghao penghao 484 2月 9日 23:35 SECURITY.md
drwxrwxr-x 4 penghao penghao 4096 3月31日 10:17 src
-rwxr-xr-x 1 penghao penghao 4879 3月31日 10:17 test-driver
-rw-rw-r-- 1 penghao penghao 1038 2月 9日 23:35 THANKS
-rw-rw-r-- 1 penghao penghao 669 2月 9日 23:35 TODO
drwxrwxr-x 6 penghao penghao 4096 3月31日 10:17 tools
2. 配置
执行configure命令进行配置,命令及结果如下:
$ ./configure
Configuring auditd
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking how to print strings... printf
checking whether make supports the include directive... yes (GNU style)
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for file... file
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
file: could not find any valid magic files! (No such file or directory)
checking for mt... mt
checking if mt is a manifest tool... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for sys/time.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for sys/inotify.h... yes
checking for sys/epoll.h... yes
checking for sys/event.h... no
checking for port.h... no
checking for poll.h... yes
checking for sys/timerfd.h... yes
checking for sys/select.h... yes
checking for sys/eventfd.h... yes
checking for sys/signalfd.h... yes
checking for linux/aio_abi.h... yes
checking for linux/fs.h... yes
checking for inotify_init... yes
checking for epoll_ctl... yes
checking for kqueue... no
checking for port_create... no
checking for poll... yes
checking for select... yes
checking for eventfd... yes
checking for signalfd... yes
checking for clock_gettime... yes
checking for nanosleep... yes
checking for __kernel_rwf_t... yes
checking for library containing floor... -lm
.
Checking for programs
checking for gcc... (cached) gcc
checking whether the compiler supports GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to enable C11 features... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking for gawk... (cached) gawk
checking how to run the C preprocessor... gcc -E
checking for gcc... gcc
checking whether the compiler supports GNU C... (cached) yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking how to run the C preprocessor... gcc -E
.
Checking for header files
checking for egrep... (cached) /usr/bin/grep -E
checking size of unsigned int... 4
checking size of unsigned long... 8
checking for gcc options needed to detect all undeclared functions... none needed
checking whether AUDIT_FEATURE_VERSION is declared... yes
checking for struct audit_status.feature_bitmap... yes
checking whether AUDIT_VERSION_BACKLOG_WAIT_TIME is declared... yes
checking whether AUDIT_STATUS_BACKLOG_WAIT_TIME is declared... yes
checking whether AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL is declared... yes
checking whether ADDR_NO_RANDOMIZE is declared... yes
checking for posix_fallocate... yes
checking for signalfd... (cached) yes
checking for rawmemchr... yes
checking __attr_access support... yes
checking for library containing pthread_yield... no
checking whether to create python bindings... testing
checking for versioned Python2 interpreter...
checking for python2... no
checking for python2.7... no
checking for python2.6... no
checking for python2.5... no
checking for python2.4... no
checking for python2.3... no
checking for python2.2... no
checking for python2.1... no
checking for python2.0... no
checking for python... /usr/local/bin/python
checking for python version... 3.10
checking for python platform... linux
checking for GNU default python prefix... ${prefix}
checking for GNU default python exec_prefix... ${exec_prefix}
checking for python script directory (pythondir)... ${PYTHON_PREFIX}/lib/python3.10/site-packages
checking for python extension module directory (pyexecdir)... ${PYTHON_EXEC_PREFIX}/lib/python3.10/site-packages
<string>:1: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
<string>:1: DeprecationWarning: The distutils.sysconfig module is deprecated, use sysconfig instead
configure: Python bindings will be built
checking whether to create python3 bindings... investigating
checking for python3-config... /usr/local/bin/python3-config
Python3 bindings WILL be built
checking for python3... /usr/local/bin/python3
<string>:1: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
<string>:1: DeprecationWarning: The distutils.sysconfig module is deprecated, use sysconfig instead
<string>:1: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
<string>:1: DeprecationWarning: The distutils.sysconfig module is deprecated, use sysconfig instead
checking whether to create Go language bindings... testing
checking for go... go
configure: Go bindings will be built
checking whether to include auditd network listener support... yes
checking for lber.h... no
checking for ber_free in -llber... no
configure: error: zos remote support was requested but the openldap library was not found
出现了错误。根据INSTSLL.tmp文件后边的内容,需要加入选项才能通过。加入选项后的命令及结果如下:
$ ./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --sbindir=/sbin --libdir=/lib64 --with-python=no --with-python3=no --enable-tcp=yes --enable-gssapi-krb5=yes --without-golang --enable-systemd --disable-zos-remote
configure: WARNING: unrecognized options: --enable-tcp
Configuring auditd
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking how to print strings... printf
checking whether make supports the include directive... yes (GNU style)
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for file... file
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
file: could not find any valid magic files! (No such file or directory)
checking for mt... mt
checking if mt is a manifest tool... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for sys/time.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for sys/inotify.h... yes
checking for sys/epoll.h... yes
checking for sys/event.h... no
checking for port.h... no
checking for poll.h... yes
checking for sys/timerfd.h... yes
checking for sys/select.h... yes
checking for sys/eventfd.h... yes
checking for sys/signalfd.h... yes
checking for linux/aio_abi.h... yes
checking for linux/fs.h... yes
checking for inotify_init... yes
checking for epoll_ctl... yes
checking for kqueue... no
checking for port_create... no
checking for poll... yes
checking for select... yes
checking for eventfd... yes
checking for signalfd... yes
checking for clock_gettime... yes
checking for nanosleep... yes
checking for __kernel_rwf_t... yes
checking for library containing floor... -lm
.
Checking for programs
checking for gcc... (cached) gcc
checking whether the compiler supports GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to enable C11 features... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking for gawk... (cached) gawk
checking how to run the C preprocessor... gcc -E
checking for gcc... gcc
checking whether the compiler supports GNU C... (cached) yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking how to run the C preprocessor... gcc -E
.
Checking for header files
checking for egrep... (cached) /usr/bin/grep -E
checking size of unsigned int... 4
checking size of unsigned long... 8
checking for gcc options needed to detect all undeclared functions... none needed
checking whether AUDIT_FEATURE_VERSION is declared... yes
checking for struct audit_status.feature_bitmap... yes
checking whether AUDIT_VERSION_BACKLOG_WAIT_TIME is declared... yes
checking whether AUDIT_STATUS_BACKLOG_WAIT_TIME is declared... yes
checking whether AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL is declared... yes
checking whether ADDR_NO_RANDOMIZE is declared... yes
checking for posix_fallocate... yes
checking for signalfd... (cached) yes
checking for rawmemchr... yes
checking __attr_access support... yes
checking for library containing pthread_yield... no
checking whether to create python bindings... no
checking whether to create python3 bindings... no
checking whether to create Go language bindings... no
checking whether to include auditd network listener support... yes
checking whether to include audisp ZOS remote plugin... no
checking for gss_acquire_cred in -lgssapi_krb5... yes
checking for gssapi/gssapi.h... yes
checking whether to enable systemd... yes
checking whether to enable experimental options... no
checking for linux/fanotify.h... yes
checking for -Wformat-truncation... yes
yes
checking whether to include arm eabi processor support... no
checking whether to include aarch64 processor support... no
checking whether to use apparmor... no
checking whether to use libwrap... no
checking whether to include io_uring support... no
checking for linux/ipx.h... no
checking for cap-ng.h... no
checking for capng_clear in -lcap-ng... no
checking whether to use libcap-ng... no
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating common/Makefile
config.status: creating lib/Makefile
config.status: creating lib/audit.pc
config.status: creating lib/test/Makefile
config.status: creating auparse/Makefile
config.status: creating auparse/test/Makefile
config.status: creating auparse/auparse.pc
config.status: creating src/Makefile
config.status: creating src/libev/Makefile
config.status: creating src/test/Makefile
config.status: creating docs/Makefile
config.status: creating rules/Makefile
config.status: creating init.d/Makefile
config.status: creating audisp/Makefile
config.status: creating audisp/plugins/Makefile
config.status: creating audisp/plugins/builtins/Makefile
config.status: creating audisp/plugins/remote/Makefile
config.status: creating audisp/plugins/zos-remote/Makefile
config.status: creating audisp/plugins/syslog/Makefile
config.status: creating audisp/plugins/ids/Makefile
config.status: creating audisp/plugins/ids/rules/Makefile
config.status: creating audisp/plugins/statsd/Makefile
config.status: creating bindings/Makefile
config.status: creating bindings/python/Makefile
config.status: creating bindings/python/python2/Makefile
config.status: creating bindings/python/python3/Makefile
config.status: creating bindings/golang/Makefile
config.status: creating bindings/swig/Makefile
config.status: creating bindings/swig/src/Makefile
config.status: creating bindings/swig/python/Makefile
config.status: creating bindings/swig/python3/Makefile
config.status: creating tools/Makefile
config.status: creating tools/aulast/Makefile
config.status: creating tools/aulastlog/Makefile
config.status: creating tools/ausyscall/Makefile
config.status: creating tools/auvirt/Makefile
config.status: creating m4/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
configure: WARNING: unrecognized options: --enable-tcp
.
Auditd Version: 3.1
Target: x86_64-pc-linux-gnu
Installation prefix: /usr
Compiler: gcc
Compiler flags:
-g -O2
__attr_access support: yes
3. 编译
执行make命令进行编译,命令及结果如下:
$ make
……
Making all in m4
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/m4”
make[2]: 对“all”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/m4”
Making all in docs
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/docs”
make[2]: 对“all”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/docs”
Making all in rules
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/rules”
make[2]: 对“all”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/rules”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1”
4. 安装
执行make install命令进行安装,命令及结果如下:
$ sudo make install
Making install in common
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/common”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/common”
make[2]: 对“install-exec-am”无需做任何事。make[2]: 对“install-data-am”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/common”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/common”
Making install in lib
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
make install-recursive
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
Making install in test
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib/test”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib/test”
make[4]: 对“install-exec-am”无需做任何事。make[4]: 对“install-data-am”无需做任何事。make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib/test”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib/test”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
/usr/bin/mkdir -p '/lib64'
/bin/sh ../libtool --mode=install /usr/bin/install -c libaudit.la '/lib64'
libtool: install: /usr/bin/install -c .libs/libaudit.so.1.0.0 /lib64/libaudit.so.1.0.0
libtool: install: (cd /lib64 && { ln -s -f libaudit.so.1.0.0 libaudit.so.1 || { rm -f libaudit.so.1 && ln -s libaudit.so.1.0.0 libaudit.so.1; }; })
libtool: install: (cd /lib64 && { ln -s -f libaudit.so.1.0.0 libaudit.so || { rm -f libaudit.so && ln -s libaudit.so.1.0.0 libaudit.so; }; })
libtool: install: /usr/bin/install -c .libs/libaudit.lai /lib64/libaudit.la
libtool: install: /usr/bin/install -c .libs/libaudit.a /lib64/libaudit.a
libtool: install: chmod 644 /lib64/libaudit.a
libtool: install: ranlib /lib64/libaudit.a
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin" ldconfig -n /lib64
----------------------------------------------------------------------
Libraries have been installed in:
/lib64
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the 'LD_RUN_PATH' environment variable
during linking
- use the '-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to '/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/usr/bin/mkdir -p '/usr/include'
/usr/bin/install -c -m 644 libaudit.h '/usr/include'
/usr/bin/mkdir -p '/lib64/pkgconfig'
/usr/bin/install -c -m 644 audit.pc '/lib64/pkgconfig'
make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/lib”
Making install in auparse
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
make install-recursive
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
Making install in test
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse/test”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse/test”
make[4]: 对“install-exec-am”无需做任何事。make[4]: 对“install-data-am”无需做任何事。make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse/test”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse/test”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
/usr/bin/mkdir -p '/lib64'
/bin/sh ../libtool --mode=install /usr/bin/install -c libauparse.la '/lib64'
libtool: warning: relinking 'libauparse.la'
libtool: install: (cd /home/penghao/SELinux_Related/audit-userspace-3.1/auparse; /bin/sh "/home/penghao/SELinux_Related/audit-userspace-3.1/libtool" --tag CC --mode=relink gcc -fPIC -DPIC -D_GNU_SOURCE -g -DNDEBUG -Wno-pointer-sign -Wno-enum-compare -Wno-switch -Wno-format-truncation -Wno-unused-but-set-variable -g -O2 -Wl,-z,relro -o libauparse.la -rpath /lib64 lru.lo interpret.lo nvlist.lo ellist.lo auparse.lo auditd-config.lo message.lo data_buf.lo expression.lo normalize.lo normalize-llist.lo ../lib/libaudit.la ../common/libaucommon.la )
libtool: relink: gcc -shared -fPIC -DPIC .libs/lru.o .libs/interpret.o .libs/nvlist.o .libs/ellist.o .libs/auparse.o .libs/auditd-config.o .libs/message.o .libs/data_buf.o .libs/expression.o .libs/normalize.o .libs/normalize-llist.o -Wl,--whole-archive ../common/.libs/libaucommon.a -Wl,--no-whole-archive -Wl,-rpath -Wl,/lib64 -L/lib64 -laudit -g -g -O2 -Wl,-z -Wl,relro -Wl,-soname -Wl,libauparse.so.0 -o .libs/libauparse.so.0.0.0
libtool: install: /usr/bin/install -c .libs/libauparse.so.0.0.0T /lib64/libauparse.so.0.0.0
libtool: install: (cd /lib64 && { ln -s -f libauparse.so.0.0.0 libauparse.so.0 || { rm -f libauparse.so.0 && ln -s libauparse.so.0.0.0 libauparse.so.0; }; })
libtool: install: (cd /lib64 && { ln -s -f libauparse.so.0.0.0 libauparse.so || { rm -f libauparse.so && ln -s libauparse.so.0.0.0 libauparse.so; }; })
libtool: install: /usr/bin/install -c .libs/libauparse.lai /lib64/libauparse.la
libtool: install: /usr/bin/install -c .libs/libauparse.a /lib64/libauparse.a
libtool: install: chmod 644 /lib64/libauparse.a
libtool: install: ranlib /lib64/libauparse.a
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin" ldconfig -n /lib64
----------------------------------------------------------------------
Libraries have been installed in:
/lib64
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the 'LD_RUN_PATH' environment variable
during linking
- use the '-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to '/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/usr/bin/mkdir -p '/usr/include'
/usr/bin/install -c -m 644 auparse.h auparse-defs.h '/usr/include'
/usr/bin/mkdir -p '/lib64/pkgconfig'
/usr/bin/install -c -m 644 auparse.pc '/lib64/pkgconfig'
make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/auparse”
Making install in audisp
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp”
Making install in plugins
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins”
Making install in builtins
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/builtins”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/builtins”
make[4]: 对“install-exec-am”无需做任何事。make install-data-hook
make[5]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/builtins”
mkdir -p -m 0750 /etc/audit/plugins.d
for i in af_unix.conf; do \
/usr/bin/install -c -m 644 -D -m 640 ./"$i" \
/etc/audit/plugins.d; \
done
make[5]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/builtins”
make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/builtins”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/builtins”
Making install in remote
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/remote”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/remote”
/usr/bin/mkdir -p '/sbin'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c audisp-remote '/sbin'
libtool: install: /usr/bin/install -c audisp-remote /sbin/audisp-remote
/usr/bin/mkdir -p '/usr/share/man/man5'
/usr/bin/install -c -m 644 audisp-remote.conf.5 '/usr/share/man/man5'
/usr/bin/mkdir -p '/usr/share/man/man8'
/usr/bin/install -c -m 644 audisp-remote.8 '/usr/share/man/man8'
make install-data-hook
make[5]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/remote”
mkdir -p -m 0750 /etc/audit/plugins.d
/usr/bin/install -c -m 644 -D -m 640 ./au-remote.conf /etc/audit/plugins.d
/usr/bin/install -c -m 644 -D -m 640 ./audisp-remote.conf /etc/audit
make[5]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/remote”
make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/remote”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/remote”
Making install in syslog
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/syslog”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/syslog”
/usr/bin/mkdir -p '/sbin'
/bin/sh ../../../libtool --mode=install /usr/bin/install -c audisp-syslog '/sbin'
libtool: install: /usr/bin/install -c .libs/audisp-syslog /sbin/audisp-syslog
/usr/bin/mkdir -p '/usr/share/man/man8'
/usr/bin/install -c -m 644 audisp-syslog.8 '/usr/share/man/man8'
make install-data-hook
make[5]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/syslog”
mkdir -p -m 0750 /etc/audit/plugins.d
/usr/bin/install -c -m 644 -D -m 640 ./syslog.conf /etc/audit/plugins.d
make[5]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/syslog”
make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/syslog”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins/syslog”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins”
make[4]: 对“install-exec-am”无需做任何事。make[4]: 对“install-data-am”无需做任何事。make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp/plugins”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp”
make[3]: 对“install-exec-am”无需做任何事。make[3]: 对“install-data-am”无需做任何事。make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/audisp”
Making install in src/libev
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/libev”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/libev”
make[2]: 对“install-exec-am”无需做任何事。make[2]: 对“install-data-am”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/libev”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/libev”
Making install in src
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src”
Making install in test
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/test”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/test”
make[3]: 对“install-exec-am”无需做任何事。make[3]: 对“install-data-am”无需做任何事。make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/test”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src/test”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src”
/usr/bin/mkdir -p '/sbin'
/bin/sh ../libtool --mode=install /usr/bin/install -c auditd auditctl aureport ausearch autrace '/sbin'
libtool: install: /usr/bin/install -c .libs/auditd /sbin/auditd
libtool: install: /usr/bin/install -c .libs/auditctl /sbin/auditctl
libtool: install: /usr/bin/install -c .libs/aureport /sbin/aureport
libtool: install: /usr/bin/install -c .libs/ausearch /sbin/ausearch
libtool: install: /usr/bin/install -c .libs/autrace /sbin/autrace
make[3]: 对“install-data-am”无需做任何事。make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/src”
Making install in tools
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools”
Making install in aulast
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulast”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulast”
/usr/bin/mkdir -p '/usr/bin'
/bin/sh ../../libtool --mode=install /usr/bin/install -c aulast '/usr/bin'
libtool: install: /usr/bin/install -c .libs/aulast /usr/bin/aulast
/usr/bin/mkdir -p '/usr/share/man/man8'
/usr/bin/install -c -m 644 aulast.8 '/usr/share/man/man8'
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulast”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulast”
Making install in aulastlog
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulastlog”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulastlog”
/usr/bin/mkdir -p '/usr/bin'
/bin/sh ../../libtool --mode=install /usr/bin/install -c aulastlog '/usr/bin'
libtool: install: /usr/bin/install -c .libs/aulastlog /usr/bin/aulastlog
/usr/bin/mkdir -p '/usr/share/man/man8'
/usr/bin/install -c -m 644 aulastlog.8 '/usr/share/man/man8'
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulastlog”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/aulastlog”
Making install in ausyscall
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/ausyscall”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/ausyscall”
/usr/bin/mkdir -p '/usr/bin'
/bin/sh ../../libtool --mode=install /usr/bin/install -c ausyscall '/usr/bin'
libtool: install: /usr/bin/install -c .libs/ausyscall /usr/bin/ausyscall
/usr/bin/mkdir -p '/usr/share/man/man8'
/usr/bin/install -c -m 644 ausyscall.8 '/usr/share/man/man8'
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/ausyscall”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/ausyscall”
Making install in auvirt
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/auvirt”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/auvirt”
/usr/bin/mkdir -p '/usr/bin'
/bin/sh ../../libtool --mode=install /usr/bin/install -c auvirt '/usr/bin'
libtool: install: /usr/bin/install -c .libs/auvirt /usr/bin/auvirt
/usr/bin/mkdir -p '/usr/share/man/man8'
/usr/bin/install -c -m 644 auvirt.8 '/usr/share/man/man8'
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/auvirt”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools/auvirt”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools”
make[3]: 对“install-exec-am”无需做任何事。make[3]: 对“install-data-am”无需做任何事。make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/tools”
Making install in bindings
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings”
Making install in python
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/python”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/python”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/python”
make[4]: 对“install-exec-am”无需做任何事。make[4]: 对“install-data-am”无需做任何事。make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/python”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/python”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/python”
Making install in golang
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/golang”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/golang”
make[3]: 对“install-exec-am”无需做任何事。make[3]: 对“install-data-am”无需做任何事。make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/golang”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/golang”
Making install in swig
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig”
Making install in src
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig/src”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig/src”
make[4]: 对“install-exec-am”无需做任何事。make[4]: 对“install-data-am”无需做任何事。make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig/src”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig/src”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig”
make[4]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig”
make[4]: 对“install-exec-am”无需做任何事。make[4]: 对“install-data-am”无需做任何事。make[4]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig”
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings/swig”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings”
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings”
make[3]: 对“install-exec-am”无需做任何事。make[3]: 对“install-data-am”无需做任何事。make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/bindings”
Making install in init.d
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
/usr/bin/mkdir -p '/sbin'
/usr/bin/install -c augenrules '/sbin'
make install-exec-hook
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
mkdir -p /usr/lib/systemd/system
mkdir -p /usr/libexec/initscripts/legacy-actions/auditd
mkdir -p /usr/libexec
/usr/bin/install -c -D -m 644 ./auditd.service /usr/lib/systemd/system
/usr/bin/install -c -D -m 750 ./auditd.rotate /usr/libexec/initscripts/legacy-actions/auditd/rotate
/usr/bin/install -c -D -m 750 ./auditd.resume /usr/libexec/initscripts/legacy-actions/auditd/resume
/usr/bin/install -c -D -m 750 ./auditd.reload /usr/libexec/initscripts/legacy-actions/auditd/reload
/usr/bin/install -c -D -m 750 ./auditd.state /usr/libexec/initscripts/legacy-actions/auditd/state
/usr/bin/install -c -D -m 750 ./auditd.stop /usr/libexec/initscripts/legacy-actions/auditd/stop
/usr/bin/install -c -D -m 750 ./auditd.restart /usr/libexec/initscripts/legacy-actions/auditd/restart
/usr/bin/install -c -D -m 750 ./auditd.condrestart /usr/libexec/initscripts/legacy-actions/auditd/condrestart
/usr/bin/install -c -D -m 750 ./audit-functions /usr/libexec
chmod 0755 /sbin/augenrules
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
/usr/bin/mkdir -p '/etc/audit'
/usr/bin/install -c -m 644 auditd.conf audit-stop.rules '/etc/audit'
make install-data-hook
make[3]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
/usr/bin/install -c -m 644 -D -m 640 ./libaudit.conf /etc
make[3]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/init.d”
Making install in m4
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/m4”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/m4”
make[2]: 对“install-exec-am”无需做任何事。 /usr/bin/mkdir -p '/usr/share/aclocal'
/usr/bin/install -c -m 644 audit.m4 '/usr/share/aclocal'
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/m4”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/m4”
Making install in docs
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/docs”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/docs”
make[2]: 对“install-exec-am”无需做任何事。 /usr/bin/mkdir -p '/usr/share/man/man3'
/usr/bin/install -c -m 644 audit_add_rule_data.3 audit_add_watch.3 audit_delete_rule_data.3 audit_detect_machine.3 audit_encode_nv_string.3 audit_getloginuid.3 audit_get_reply.3 audit_get_session.3 audit_log_acct_message.3 audit_log_user_avc_message.3 audit_log_user_command.3 audit_log_user_comm_message.3 audit_log_user_message.3 audit_log_semanage_message.3 auparse_new_buffer.3 audit_open.3 audit_close.3 audit_is_enabled.3 audit_request_rules_list_data.3 audit_request_signal_info.3 audit_request_status.3 audit_set_backlog_limit.3 audit_set_enabled.3 audit_set_failure.3 audit_setloginuid.3 audit_set_pid.3 audit_set_rate_limit.3 audit_update_watch_perms.3 audit_value_needs_encoding.3 audit_encode_value.3 auparse_add_callback.3 audit_name_to_syscall.3 audit_syscall_to_name.3 audit_name_to_errno.3 audit_fstype_to_name.3 audit_name_to_fstype.3 audit_name_to_action.3 audit_flag_to_name.3 audit_name_to_flag.3 auparse_destroy.3 '/usr/share/man/man3'
/usr/bin/install -c -m 644 auparse_feed.3 auparse_feed_age_events.3 auparse_feed_has_data.3 auparse_find_field.3 auparse_find_field_next.3 auparse_first_field.3 auparse_first_record.3 auparse_flush_feed.3 auparse_get_field_int.3 auparse_get_field_name.3 auparse_get_field_str.3 auparse_get_field_type.3 auparse_get_filename.3 auparse_get_line_number.3 auparse_get_milli.3 auparse_get_node.3 auparse_get_num_fields.3 auparse_get_num_records.3 auparse_get_record_text.3 auparse_get_serial.3 auparse_get_time.3 auparse_get_timestamp.3 auparse_get_type.3 auparse_get_type_name.3 auparse_get_field_num.3 auparse_get_record_num.3 auparse_goto_field_num.3 auparse_goto_record_num.3 auparse_init.3 auparse_interpret_field.3 auparse_next_event.3 auparse_next_field.3 auparse_next_record.3 auparse_node_compare.3 auparse_reset.3 auparse_set_escape_mode.3 auparse_normalize.3 auparse_normalize_functions.3 auparse_timestamp_compare.3 auparse_set_eoe_timeout.3 '/usr/share/man/man3'
/usr/bin/install -c -m 644 ausearch_add_item.3 ausearch_add_interpreted_item.3 ausearch_add_expression.3 ausearch_add_timestamp_item.3 ausearch_add_regex.3 ausearch_add_timestamp_item_ex.3 ausearch_clear.3 ausearch_next_event.3 ausearch_set_stop.3 get_auditfail_action.3 set_aumessage_mode.3 audit_set_backlog_wait_time.3 '/usr/share/man/man3'
/usr/bin/mkdir -p '/usr/share/man/man5'
/usr/bin/install -c -m 644 auditd.conf.5 auditd-plugins.5 ausearch-expression.5 libaudit.conf.5 zos-remote.conf.5 '/usr/share/man/man5'
/usr/bin/mkdir -p '/usr/share/man/man7'
/usr/bin/install -c -m 644 audit.rules.7 '/usr/share/man/man7'
/usr/bin/mkdir -p '/usr/share/man/man8'
/usr/bin/install -c -m 644 auditctl.8 auditd.8 aureport.8 ausearch.8 autrace.8 audispd-zos-remote.8 augenrules.8 '/usr/share/man/man8'
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/docs”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/docs”
Making install in rules
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/rules”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1/rules”
make[2]: 对“install-exec-am”无需做任何事。 /usr/bin/mkdir -p '/usr/share/audit/sample-rules'
/usr/bin/install -c -m 644 10-base-config.rules 10-no-audit.rules 11-loginuid.rules 12-ignore-error.rules 12-cont-fail.rules 20-dont-audit.rules 21-no32bit.rules 22-ignore-chrony.rules 23-ignore-filesystems.rules 30-nispom.rules 30-stig.rules 30-pci-dss-v31.rules 30-ospp-v42.rules 30-ospp-v42-1-create-failed.rules 30-ospp-v42-1-create-success.rules 30-ospp-v42-2-modify-failed.rules 30-ospp-v42-2-modify-success.rules 30-ospp-v42-3-access-failed.rules 30-ospp-v42-3-access-success.rules 30-ospp-v42-4-delete-failed.rules 30-ospp-v42-4-delete-success.rules 30-ospp-v42-5-perm-change-failed.rules 30-ospp-v42-5-perm-change-success.rules 30-ospp-v42-6-owner-change-failed.rules 30-ospp-v42-6-owner-change-success.rules 31-privileged.rules 32-power-abuse.rules 40-local.rules 41-containers.rules 42-injection.rules 43-module-load.rules 44-installers.rules 70-einval.rules 71-networking.rules 99-finalize.rules README-rules '/usr/share/audit/sample-rules'
make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/rules”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1/rules”
make[1]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1”
make[2]: 进入目录“/home/penghao/SELinux_Related/audit-userspace-3.1”
make[2]: 对“install-exec-am”无需做任何事。make[2]: 对“install-data-am”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1”
make[1]: 离开目录“/home/penghao/SELinux_Related/audit-userspace-3.1”
三、Audit systemd自启动设置
1. 拷贝配置文件
(1)auditd.service文件
拷贝auditd.service文件到/lib/systemd/system/下。auditd.service文件内容如下:
[Unit]
Description=Security Auditing Service
DefaultDependencies=no
## If auditd is sending or recieving remote logging, copy this file to
## /etc/systemd/system/auditd.service and comment out the first After and
## uncomment the second so that network-online.target is part of After.
## then comment the first Before and uncomment the second Before to remove
## sysinit.target from "Before".
After=local-fs.target systemd-tmpfiles-setup.service
##After=network-online.target local-fs.target systemd-tmpfiles-setup.service
Before=sysinit.target shutdown.target
##Before=shutdown.target
Conflicts=shutdown.target
ConditionKernelCommandLine=!audit=0
ConditionKernelCommandLine=!audit=off
Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
[Service]
Type=forking
PIDFile=/run/auditd.pid
ExecStart=/sbin/auditd
## To not use augenrules, copy this file to /etc/systemd/system/auditd.service
## and comment/delete the next line and uncomment the auditctl line.
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
ExecStartPost=-/sbin/augenrules --load
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
# By default we don't clear the rules on exit. To enable this, uncomment
# the next line after copying the file to /etc/systemd/system/auditd.service
#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
Restart=on-failure
# Do not restart for intentional exits. See EXIT CODES section in auditd(8).
RestartPreventExitStatus=2 4 6
### Security Settings ###
MemoryDenyWriteExecute=true
LockPersonality=true
ProtectControlGroups=true
ProtectKernelModules=true
RestrictRealtime=true
[Install]
WantedBy=multi-user.target
(2)audit.rules文件
拷贝audit.rules文件到/etc/audit/下。audit.rules文件内容如下:
## This file is automatically generated from /etc/audit/rules.d
-D
-b 8192
-f 1
--backlog_wait_time 60000
2. 创建日志目录
命令及结果如下:
$ mkdir /var/log/audit
mkdir: 无法创建目录 "/var/log/audit": 权限不够
$ sudo mkdir /var/log/audit
$ ls /var/log/
audit cups deviceState.log dmesg.0 dmesg.2.gz dmesg.4.gz osSleepState.log README serviceinstall.log syslog wpslog Xorg.0.log.old
collect_event.db devctl-report.sql dmesg dmesg.1.gz dmesg.3.gz kern.log os_startingup_time.log sddm.log session.log update-engine Xorg.0.log Xorg.1.log
3. 设置开机自启动
使用systemctl命令设置audit的开机自启动。命令及结果如下:
$ sudo systemctl enable auditd
Created symlink /etc/systemd/system/multi-user.target.wants/auditd.service → /usr/lib/systemd/system/auditd.service.
Systemd默认从目录/etc/systemd/system/下读取配置文件。但是,该目录下存放的大部分文件都是符号链接,指向目录/usr/lib/systemd/system/ ,真正的配置文件存放在那个目录。systemctl enable 命令用于在上面两个目录之间,建立符号链接关系。与之对应的,systemctl disable命令用于在两个目录之间撤销符号链接关系,相当于撤销开机启动。
4. 查看服务状态
重启之后使用systemctl status命令查看auditd服务状态。命令及结果如下:
$ systemctl status auditd.service
● auditd.service - Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-03-31 11:32:36 CST; 54s ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Main PID: 362 (auditd)
Tasks: 2 (limit: 18788)
Memory: 4.5M
CPU: 37ms
CGroup: /system.slice/auditd.service
└─362 /sbin/auditd
至此,Audit应用层相关组件及服务就全部完成了。