SSSD has introduced the internal tool sss_analyze since 2.6.0[1].
Add log parsing tool which can be used to track requests across
responder and backend logs.
sss_analyze is a python3 script[2] with modules[3] that is run by the
sssctl command analyze[4][5][6].
The autotools installs the files to ${libexec} and ${python3dir}[7]. The
latter is set if the configure option --with-python3-bindings is set
only.
As a consequence, the Makefile installs the python3 files to /sssd
instead of /usr/lib/python3.12/site-packages/sssd if the option
--with-python3-bindings is unset:
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/util.py
The sss_analyze tool is unrelated to the python3 bindings; the sssctl
does not condition its code if the python3 bindings are unset.
Therefore, sss_analyze has to be installed even if the python3 bindings
are unset.
This ensures the variable python3dir is set to the expected location by
adding it to --without-python3-bindings if the python3 feature is
disabled.
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/util.py
[1]: 82e051e1f1
[2]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/sss_analyze#L1
[3]: https://github.com/SSSD/sssd/tree/2.9.2/src/tools/analyzer
[4]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L47
[5]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L605
[6]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl.c#L337
[7]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/Makefile.am#L7
[8]: https://github.com/SSSD/sssd/blob/2.9.2/configure.ac#L394
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze imports the python module logging[1].
However, the package sssd lacks installing this python module that is
required to run the script.
This adds the missing run-time dependency python3-logging to ensure this
module comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
Traceback (most recent call last):
File "/usr/libexec/sssd/sss_analyze", line 3, in <module>
from sssd import sss_analyze
File "/usr/lib/python3.12/site-packages/sssd/sss_analyze.py", line 3, in <module>
from sssd.modules import request
File "/usr/lib/python3.12/site-packages/sssd/modules/request.py", line 2, in <module>
import logging
ModuleNotFoundError: No module named 'logging'
[1]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/source_files.py#L2
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze is shipped by the package sssd since 2.6.0.
However, the package sssd lacks installing the python interpreter that
is required to run the script.
This adds the missing run-time dependency python3-core to ensure the
interpreter python3 comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
env: can't execute 'python3': No such file or directory
Command '/usr/libexec/sssd/sss_analyze' failed with [127]
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Otherwise Makefile isn't regenerated and do_compile fails with:
suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found
after automake upgrade from 1.16.5 to 1.17 from:
https://git.openembedded.org/openembedded-core/commit/?id=b98328a6ff07119e7ba4f1072090d789e69edef8
Fixes:
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/bash 'TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing' aclocal-1.16 -I m4
TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found
WARNING: 'aclocal-1.16' is missing on your system.
You should only need it if you modified 'acinclude.m4' or
'configure.ac' or m4 files included by 'configure.ac'.
The 'aclocal' program is part of the GNU Automake package:
<https://www.gnu.org/software/automake>
It also requires GNU Autoconf, GNU m4 and Perl in order to run:
<https://www.gnu.org/software/autoconf>
<https://www.gnu.org/software/m4/>
<https://www.perl.org/>
make: *** [Makefile:465: aclocal.m4] Error 127
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The 0.8 orig.tar.gz is not in debian mirror any more. In fact, we
really should avoid using orig.tar.gz like this because distros
like debian will just delete those that they don't maintain any more.
Switch to use git source.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
address new configure error.
Enable pthread always
mhash is being dropped in the next release so switch to gcrypt for now.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Current 1.0.2 version does not work with scarthgap or later releases,
as the asynchat module has been removed (as scheduled) from python's
stdlib as of v3.12.
fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
module which the pyinotify and systemd backends depend has also been
removed.
So update the recipe to point at commit ac62658c10f4, which fixes
those two backends to no longer depend on distutils.
Upstream's out-of-the-box ban action now uses the 'nft'
command. People can still override and customize that in
jail.conf/jail.local, but to make the recipe useful without
customizing things back to use iptables, change the dependency
iptables->nftables.
Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
somewhat simpler since the whole do_compile preparation step can be
removed.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| ./dns.c:118:24: error: implicit declaration of function '_getshort'; did you mean '__putshort'? [-Wimplicit-function-declaration]
upon others
Signed-off-by: Armin Kuster <akuster808@gmail.com>
configure: error: installation or configuration problem: C compiler cannot create executables.
| NOTE: The following config.log files may provide further information.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A race condition flaw was found in sssd where the GPO policy is
not consistently applied for authenticated users. This may lead
to improper authorization issues, granting or denying access to
resources inappropriately.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3758
Upstream-patch:
f4ebe1408e
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upstream-Status: Backport from [aab7f35c76, a753cdbe84, c82fa5ca0d, 2bd3bd0e31]
CVE's Fixed:
CVE-2024-37151 suricata: suricata: packet reassembly failure, which can lead to policy bypass
CVE-2024-38534 suricata: suricata: Crafted modbus traffic can lead to unlimited resource accumulation within a flow
CVE-2024-38535 suricata: Suricata: can run out of memory when parsing crafted HTTP/2 traffic
CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix typo: remdediate_service -> remediate_service
* No need to manually install oscap-remediate.service, as it is already
installed when ENABLE_OSCAP_REMEDIATE_SERVICE=ON is set.
* Add a patch to fix installation directory for systemd service file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Allow users to pass the private key password using
IMA_EVM_EVMCTL_KEY_PASSWORD.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
