From b6bb1eed336d8144069324d382e2b2e607a09cae Mon Sep 17 00:00:00 2001
From: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Date: Wed, 14 Sep 2022 13:01:05 -0300
Subject: [PATCH] Build Debian image(s): stx-audit

This commit enables the creation of audit docker image in Debian.

Test Plan:

PASS: Install new audit pod using debian docker image.
1. Build audit docker image using stx-debian.
2. Install a new debian simplex.
3. Push the new audit docker image to local.registry.
4. Modify application file auditd.tgz to point to the new docker
   image at the local registries.
5. Change service parameter "auditd" to 1, upload and apply
   application.
6. Check if the pod is running correctly and is using the new
   docker image with "kubectl describe pod".

Story: 2009831
Task: 45076

Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: Idba556eca232c4b6c51f2360b016e198562693fc
---
 debian_stable_docker_images.inc               |  1 +
 .../debian/docker/stx-audit/Dockerfile        | 16 ++++++++++++
 .../debian/docker/stx-audit/startAuditd.sh    | 26 +++++++++++++++++++
 .../stx-snmp-helm-audit.stable_docker_image   |  3 +++
 4 files changed, 46 insertions(+)
 create mode 100644 debian_stable_docker_images.inc
 create mode 100644 stx-audit-helm/debian/docker/stx-audit/Dockerfile
 create mode 100644 stx-audit-helm/debian/docker/stx-audit/startAuditd.sh
 create mode 100755 stx-audit-helm/debian/stx-snmp-helm-audit.stable_docker_image

diff --git a/debian_stable_docker_images.inc b/debian_stable_docker_images.inc
new file mode 100644
index 0000000..cc62b53
--- /dev/null
+++ b/debian_stable_docker_images.inc
@@ -0,0 +1 @@
+stx-audit-helm
diff --git a/stx-audit-helm/debian/docker/stx-audit/Dockerfile b/stx-audit-helm/debian/docker/stx-audit/Dockerfile
new file mode 100644
index 0000000..3d1f72f
--- /dev/null
+++ b/stx-audit-helm/debian/docker/stx-audit/Dockerfile
@@ -0,0 +1,16 @@
+ARG BASE
+FROM ${BASE} AS stx
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get -y update && \
+    apt-get -y install auditd
+
+COPY startAuditd.sh .
+
+RUN mkdir -p /etc/audit && \
+    touch /etc/audit/audit.rules && \
+    chmod 600 /etc/audit/audit.rules
+
+RUN chmod 755 startAuditd.sh
+ENTRYPOINT ["./startAuditd.sh"]
diff --git a/stx-audit-helm/debian/docker/stx-audit/startAuditd.sh b/stx-audit-helm/debian/docker/stx-audit/startAuditd.sh
new file mode 100644
index 0000000..5d2739d
--- /dev/null
+++ b/stx-audit-helm/debian/docker/stx-audit/startAuditd.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set -u
+
+echo "Starting auditd …"
+
+# update /etc/audit/audit.rules with any changes made to
+# /etc/audit/rules.d/audit.rules
+augenrules --load
+
+# start auditd with no fork to run in the background in the container
+/sbin/auditd -n -l
+EXIT_STATUS=$?
+
+if [ "$EXIT_STATUS" -ne "0" ]; then
+        echo "Error code: $EXIT_STATUS"
+        echo "Could not start auditd" >&2
+fi
+
+exit ${EXIT_STATUS}
diff --git a/stx-audit-helm/debian/stx-snmp-helm-audit.stable_docker_image b/stx-audit-helm/debian/stx-snmp-helm-audit.stable_docker_image
new file mode 100755
index 0000000..8501dcb
--- /dev/null
+++ b/stx-audit-helm/debian/stx-snmp-helm-audit.stable_docker_image
@@ -0,0 +1,3 @@
+BUILDER=docker
+LABEL=stx-audit
+DOCKER_CONTEXT=docker/stx-audit