From 1673519e2b327ad515d4d127d788a9329117157f Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Thu, 11 Sep 2025 12:38:52 +0200
Subject: [PATCH 1/4] augenrules: use ls from $PATH

We already use rm and mktemp from $PATH, it makes
little sense to use an absolute path just for `ls`.
It is part of coreutils too.
---
 init.d/augenrules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init.d/augenrules b/init.d/augenrules
index 8c1a670b8..a5f6e07c4 100644
--- a/init.d/augenrules
+++ b/init.d/augenrules
@@ -83,7 +83,7 @@ fi
 #   - the last processed -e directive is emitted as the last line
 umask 0137
 echo "## This file is automatically generated from $SourceRulesDir" >> "${TmpRules}"
-for rules in $(/bin/ls -1v ${SourceRulesDir} | grep "\.rules$") ; do
+for rules in $(ls -1v ${SourceRulesDir} | grep "\.rules$") ; do
 	cat ${SourceRulesDir}/"${rules}"
 done | awk '
 BEGIN   {

From 265b5e2fb176897afe3d250ae81c75b688e9c011 Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Thu, 11 Sep 2025 12:40:32 +0200
Subject: [PATCH 2/4] augenrules: use sh from PATH

expecting a shell to be in `/bin/sh` is not super portable for non-FHS systems.
While systemd does implicitly expect /bin/sh to exist,
this may not be the case on systemd-less systems.
`/usr/bin/env` is still an absolute path, but at least using env
 allows replacing the interpreter shell via $PATH.
---
 init.d/augenrules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init.d/augenrules b/init.d/augenrules
index a5f6e07c4..eb1186075 100644
--- a/init.d/augenrules
+++ b/init.d/augenrules
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 
 # Script to concatenate rules files found in a base audit rules directory
 # to form a single /etc/audit/audit.rules file suitable for loading into

From d0f8f8c54ca5f1bb1977e7b13143a743d88718cc Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Thu, 11 Sep 2025 12:54:56 +0200
Subject: [PATCH 3/4] augenrules: process with autotools to do variable
 expansion

---
 .gitignore                           | 1 +
 configure.ac                         | 2 +-
 init.d/{augenrules => augenrules.in} | 0
 3 files changed, 2 insertions(+), 1 deletion(-)
 rename init.d/{augenrules => augenrules.in} (100%)

diff --git a/.gitignore b/.gitignore
index 510693e8a..c68972a85 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,6 +50,7 @@ bindings/swig/python3/audit_wrap.c
 bindings/swig/python3/_audit.so
 init.d/auditd.service
 init.d/audit-rules.service
+init.d/augenrules
 lib/*tabs.h
 lib/*tables.h
 ltmain.sh
diff --git a/configure.ac b/configure.ac
index 4ca3bbce1..f9f9ce620 100644
--- a/configure.ac
+++ b/configure.ac
@@ -458,7 +458,7 @@ AC_CONFIG_FILES([Makefile common/Makefile lib/Makefile lib/audit.pc
        bindings/python/python3/Makefile bindings/golang/Makefile
        bindings/swig/Makefile bindings/swig/src/Makefile
        bindings/swig/python3/Makefile tools/Makefile tools/aulast/Makefile
-       tools/aulast/test/Makefile
+       tools/aulast/test/Makefile init.d/augenrules
        tools/aulastlog/Makefile tools/ausyscall/Makefile m4/Makefile],
        [chmod +x auparse/test/run_auparse_tests.sh auparse/test/run_auparselol_test.sh])
 AC_OUTPUT
diff --git a/init.d/augenrules b/init.d/augenrules.in
similarity index 100%
rename from init.d/augenrules
rename to init.d/augenrules.in

From 515df557e72b52ca6bf0e9eea4016ca3becceeed Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Thu, 11 Sep 2025 13:01:37 +0200
Subject: [PATCH 4/4] augenrules: use auditctl from sbindir

This allows running augenrules even if auditctl was not
installed to `/sbin/auditctl` at system-wide fs root.
This may be the case e.g. on non-FHS-compliant systems,
as well as during testing when installing to a temporary prefix.
---
 init.d/augenrules.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/init.d/augenrules.in b/init.d/augenrules.in
index eb1186075..7b29e236b 100644
--- a/init.d/augenrules.in
+++ b/init.d/augenrules.in
@@ -34,20 +34,21 @@ LoadRules=0
 RETVAL=0
 cmd="$0"
 usage="Usage: $cmd [--check|--load]"
+auditctl_bin=@sbindir@/auditctl
 
 # Delete the interim file on faults
 trap 'rm -f ${TmpRules}; exit 1' HUP INT QUIT PIPE TERM
 
 try_load() {
 	if [ $LoadRules -eq 1 ] ; then
-		/sbin/auditctl -R ${DestinationFile}
+		$auditctl_bin -R ${DestinationFile}
 		RETVAL=$?
 	fi
 }
 
 # Check if audit is in immutable mode - exit if so
 check_immutable () {
-    if [ "$(auditctl -s | awk '$1 == "enabled" { print $2 }')" = "2" ] ; then
+    if [ "$($auditctl_bin -s | awk '$1 == "enabled" { print $2 }')" = "2" ] ; then
 	echo "$cmd: Audit system is in immutable mode - exiting with no changes"
 	exit 0
     fi