0

I want to set up auditd to collect its logs from remote server.

I'm using Ubuntu 14.04.3 LTS.

This feature seems to be disabled into Ubuntu auditd package.

So, I'm going to install it from source.

Where do I can download right auditd source code? Are there any issues with installing auditd from source?

Update: I tried to download audit_2.3.2.orig.tar.gz from package page and from project page (on https://people.redhat.com/sgrubb/audit), but when I run .configure get an error

Could not find libwrap headers

Mateusz Piotrowski
  • 168
  • 9
Valeria
  • 21
  • 1
  • 3

3 Answers3

1

In general: packages.ubuntu.com contains a home page for each package.

That home page has a number of interesting sections, including in the right column a number of links, one of which is to the home page of the original open source project but you can also download both the original source and the modified Debian/Ubuntu sources that were used to build the original package.

This answer has a nice description of how to modify an existing Debian/Ubuntu (source) package, which might be more maintainable than just downloading the source.

Community
  • 1
HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • Thanks! I tried to download audit_2.3.2.orig.tar.gz from [package page](http://packages.ubuntu.com/ru/trusty/admin/auditd) and from [project page](http://people.redhat.com/sgrubb/audit/), but when run .configure got an error 'Could not find libwrap headers'. How to use audit_2.3.2-2ubuntu1.dsc file? Now, reading and trying 'rebuilding package' manual. – Valeria Feb 03 '16 at 20:05
  • You need set up a correct development environment, the topic of which is much more suitable for StackOverflow, with the development files/packages containing the headers (for all dependancies) such as for instance `libwrap0-dev` – HBruijn Feb 03 '16 at 20:12
  • Thank you, @hbruijn! 'apt-get install libwrap0-dev libcap-ng-dev swig' solved installing problems. Also, I tried to rebuild package (with fixed 'debian/rules' file). It's not too complex as it seems. Now I have installed and working auditd. – Valeria Feb 03 '16 at 21:59
1

First

sudo apt-get install build-essential
sudo apt-get source apt-get source
sudo apt-get build-dep audit
cd audit-2.3.2

Then: fix 'debian/rules' file. You need to remove '–disable-listener' option.

Finally:

sudo dpkg-buildpackage -b
cd ../
sudo dpkg -i auditd_2.3.2-2ubuntu1_amd64.deb

And if you need plugins:

sudo dpkg -i audispd-plugins_2.3.2-2ubuntu1_amd64.deb
Valeria
  • 21
  • 1
  • 3
0

In order to setup audit subsystem on Ubuntu 14.04 distribution, you just run the following command line:

sudo apt-get update 
sudo apt-get install auditd
0x3bfc
  • 129
  • 2