diff --git a/README.md b/README.md
index cc62278..9d2035d 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,4 @@
 # audit
 
+The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6+ kernel.
+
diff --git a/audit.spec b/audit.spec
new file mode 100644
index 0000000..425b712
--- /dev/null
+++ b/audit.spec
@@ -0,0 +1,327 @@
+Name:          audit
+Version:       2.6.7
+Release:       3mamba
+Summary:       User space tools for kernel auditing
+Group:         System/Tools
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://people.redhat.com/sgrubb/audit
+Source:        http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
+Patch0:        libaudit-2.6.6-usrsbin.patch
+License:       GPL, LGPL
+## AUTOBUILDREQ-BEGIN
+BuildRequires: glibc-devel
+BuildRequires: libcap-ng-devel
+BuildRequires: libffi-devel
+BuildRequires: libgcrypt-devel
+BuildRequires: libgmp-devel
+BuildRequires: libgnutls-devel
+BuildRequires: libgpg-error-devel
+BuildRequires: libkrb5-devel
+BuildRequires: libltdl-devel
+BuildRequires: libnettle-devel
+BuildRequires: libopenldap-devel
+BuildRequires: libopenssl-devel
+BuildRequires: libp11-kit-devel
+BuildRequires: libprelude-devel
+BuildRequires: libpython-devel
+BuildRequires: libsasl2-devel
+BuildRequires: libtasn1-devel
+BuildRequires: libwrap-devel
+BuildRequires: libz-devel
+BuildRequires: trousers-devel
+## AUTOBUILDREQ-END
+BuildRequires: gcc-go
+BuildRequires: libgo-devel
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: swig
+%systemd_requires
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%description
+The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6+ kernel.
+
+%package -n lib%{name}
+Group:         System/Libraries
+Summary:       Shared libraries for %{name}
+
+%description -n lib%{name}
+This package contains shared libraries for %{name}.
+
+%package -n lib%{name}-devel
+Group:         Development/Libraries
+Summary:       Development files for %{name}
+Requires:      lib%{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description -n lib%{name}-devel
+This package contains libraries and header files for developing applications that use %{name}.
+
+%package -n lib%{name}-static
+Group:         Development/Libraries
+Summary:       Static libraries for %{name}
+Requires:      %{name}-devel = %{?epoch:%epoch:}%{version}-%{release}
+
+%description -n lib%{name}-static
+This package contains the static libraries needed for developing applications that need to use static %{name} framework libraries.
+
+%package -n python-audit
+Summary:       Python bindings for libaudit
+Group:         Development/Libraries/Python
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description -n python-audit
+The python-audit package contains the bindings so that libaudit and libauparse can be used by python.
+
+%package -n python-audit-py3
+Group:         Development/Libraries
+Summary:       Python3 bindings to %{name}
+Requires:      python3
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description -n python-audit-py3
+The python-audit package containts Python 3 bindings to %{name}.
+The libaudit-devel package contains the header files needed for developing applications that need to use the audit framework libraries.
+
+%package plugins
+Group:        System/Tools
+Summary:      Plugins for the audit event dispatcher
+Requires:     %{name} = %{?epoch:%epoch:}%{version}-%{release}
+Requires:     audit = %{?epoch:%epoch:}%{version}-%{release}
+#Requires:     openldap
+
+%description plugins
+The audispd-plugins package provides plugins for the real-time interface to the audit system, audispd. These plugins can do things like relay events to remote machines or analyze events for suspicious behavior.
+
+%prep
+%setup -q
+%patch0 -p1
+
+%build
+#autoreconf -v --install
+%configure \
+  --with-prelude \
+  --with-libwrap \
+  --enable-gssapi-krb5=yes \
+  --with-libcap-ng=yes \
+  --with-python=yes \
+  --enable-systemd=yes
+  
+%make
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+mkdir -p %{buildroot}%{_localstatedir}/log/audit
+
+%makeinstall \
+   initdir=%{_unitdir}
+
+rm -f %{buildroot}%{python_sitearch}/_audit.a
+rm -f %{buildroot}%{python_sitearch}/_audit.la
+rm -f %{buildroot}%{python_sitearch}/_auparse.a
+rm -f %{buildroot}%{python_sitearch}/_auparse.la
+rm -f %{buildroot}%{python_sitearch}/auparse.a
+rm -f %{buildroot}%{python_sitearch}/auparse.la
+
+%check
+make check
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%post
+%systemd_post auditd
+if [ $1 -eq 1 -o -e /etc/rc5.d/S11auditd ]; then
+   systemctl -q daemon-reload
+   systemctl -q enable auditd
+fi
+:
+
+%preun
+%systemd_preun auditd
+:
+
+%postun
+%systemd_postun auditd
+:
+
+%post -n lib%{name} -p /sbin/ldconfig
+%postun -n lib%{name} -p /sbin/ldconfig
+
+%posttrans -n lib%{name}
+# clean broken old sysv links
+find /etc/rc[0-6].d/ -type l -xtype l -exec rm -f {} \;
+:
+
+%files
+%defattr(-,root,root)
+%attr(750,root,root) %dir %{_sysconfdir}/audisp
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf
+%attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
+%attr(750,root,root) %dir %{_sysconfdir}/audit
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
+#%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf
+%attr(644,root,root) %{_unitdir}/auditd.service
+%dir %{_libexecdir}/initscripts/legacy-actions/auditd
+%{_libexecdir}/initscripts/legacy-actions/auditd/*
+%attr(750,root,root) %dir %{_localstatedir}/log/audit
+%attr(750,root,root) %{_sbindir}/audispd
+%attr(750,root,root) %{_sbindir}/auditctl
+%attr(750,root,root) %{_sbindir}/auditd
+%attr(750,root,root) %{_sbindir}/augenrules
+%attr(750,root,root) %{_sbindir}/aureport
+%attr(750,root,root) %{_sbindir}/ausearch
+%attr(750,root,root) %{_sbindir}/autrace
+%attr(755,root,root) %{_bindir}/aulast
+%attr(755,root,root) %{_bindir}/aulastlog
+%attr(755,root,root) %{_bindir}/ausyscall
+%attr(750,root,root) %{_bindir}/auvirt
+%dir %{_prefix}/lib/golang/src/pkg/redhat.com/audit
+%{_mandir}/man5/audispd.conf.5*
+%{_mandir}/man5/auditd.conf.5*
+%{_mandir}/man5/ausearch-expression.5*
+%{_mandir}/man7/*.7*
+%{_mandir}/man8/audispd.8*
+%{_mandir}/man8/auditctl.8*
+%{_mandir}/man8/auditd.8*
+%{_mandir}/man8/augenrules.8*
+%{_mandir}/man8/aulast.8*
+%{_mandir}/man8/aulastlog.8*
+%{_mandir}/man8/aureport.8*
+%{_mandir}/man8/ausearch.8*
+%{_mandir}/man8/ausyscall.8*
+%{_mandir}/man8/autrace.8*
+%{_mandir}/man8/auvirt.8*
+
+%files -n lib%{name}
+%defattr(-,root,root)
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf
+%{_libdir}/libaudit.so.*
+%{_libdir}/libauparse.so.*
+%{_mandir}/man5/libaudit.conf.5*
+%doc AUTHORS COPYING
+
+%files -n lib%{name}-devel
+%defattr(-,root,root)
+%{_includedir}/auparse-defs.h
+%{_includedir}/auparse.h
+%{_includedir}/libaudit.h
+%{_libdir}/libaudit.so
+%{_libdir}/libauparse.so
+%{_libdir}/libaudit.la
+%{_libdir}/libauparse.la
+%{_libdir}/pkgconfig/auparse.pc
+%{_libdir}/pkgconfig/audit.pc
+%{_prefix}/lib/golang/src/pkg/redhat.com/audit/audit.go
+%{_datadir}/aclocal/audit.m4
+%{_mandir}/man3/*.3.gz
+%doc contrib/skeleton.c contrib/plugin
+%doc ChangeLog README THANKS TODO
+
+%files -n lib%{name}-static
+%defattr(-,root,root)
+%{_libdir}/libaudit.a
+%{_libdir}/libauparse.a
+
+%files -n python-audit
+%defattr(-,root,root)
+%{python_sitearch}/_audit.*
+%{python_sitearch}/audit.py*
+%{python_sitearch}/auparse.*
+
+%files -n python-audit-py3
+%defattr(-,root,root)
+%{python3_sitearch}/_audit.*
+%{python3_sitearch}/audit.py
+%{python3_sitearch}/auparse.*
+
+%files plugins
+%defattr(-,root,root)
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audisp-prelude.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/au-prelude.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
+%attr(750,root,root) %{_sbindir}/audispd-zos-remote
+%attr(750,root,root) %{_sbindir}/audisp-prelude
+%attr(750,root,root) %{_sbindir}/audisp-remote
+%{_mandir}/man5/zos-remote.conf.5*
+%{_mandir}/man8/audispd-zos-remote.8*
+%{_mandir}/man5/audisp-prelude.conf.5*
+%{_mandir}/man8/audisp-prelude.8*
+%{_mandir}/man5/audisp-remote.conf.5*
+%{_mandir}/man8/audisp-remote.8*
+
+%changelog
+* Thu Sep 22 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 2.6.7-3mamba
+- specfile was not renamed (webbuild rename function does this correctly)
+
+* Wed Sep 21 2016 Davide Madrisan <davide.madrisan@gmail.com> 2.6.7-2mamba
+- move audit.go from main to devel package
+- rename package from libaudit to audit
+
+* Mon Sep 19 2016 Automatic Build System <autodist@mambasoft.it> 2.6.7-1mamba
+- automatic update by autodist
+
+* Mon Aug 22 2016 Automatic Build System <autodist@mambasoft.it> 2.6.6-1mamba
+- automatic version update by autodist
+
+* Wed Dec 02 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 2.4.4-2mamba
+- patch systemd service files for /usr/sbin instead of /sbin
+
+* Sun Nov 15 2015 Automatic Build System <autodist@mambasoft.it> 2.4.4-1mamba
+- automatic version update by autodist
+
+* Thu May 07 2015 Automatic Build System <autodist@mambasoft.it> 2.4.2-1mamba
+- automatic update by autodist
+
+* Fri Mar 06 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 2.4.1-3mamba
+- set auditd.service world readable to silence systemd warning
+
+* Sat Feb 14 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 2.4.1-2mamba
+- rebuilt with systemd support and --enable-gssapi-krb5=yes
+
+* Mon Nov 03 2014 Automatic Build System <autodist@mambasoft.it> 2.4.1-1mamba
+- automatic version update by autodist
+
+* Mon Oct 13 2014 Automatic Build System <autodist@mambasoft.it> 2.4-1mamba
+- automatic update by autodist
+
+* Sun Jul 13 2014 Automatic Build System <autodist@mambasoft.it> 2.3.7-1mamba
+- automatic update by autodist
+
+* Tue Jun 03 2014 Automatic Build System <autodist@mambasoft.it> 2.3.6-1mamba
+- automatic update by autodist
+
+* Sun Feb 23 2014 Automatic Build System <autodist@mambasoft.it> 2.3.3-1mamba
+- automatic update by autodist
+
+* Sun Aug 11 2013 Automatic Build System <autodist@mambasoft.it> 2.3.2-1mamba
+- automatic update by autodist
+
+* Sun Jun 09 2013 Automatic Build System <autodist@mambasoft.it> 2.3.1-1mamba
+- automatic version update by autodist
+
+* Tue May 21 2013 Automatic Build System <autodist@mambasoft.it> 2.3-1mamba
+- automatic version update by autodist
+
+* Thu Mar 21 2013 Automatic Build System <autodist@mambasoft.it> 2.2.3-1mamba
+- automatic version update by autodist
+
+* Sun Dec 30 2012 Automatic Build System <autodist@mambasoft.it> 2.2.2-1mamba
+- automatic version update by autodist
+
+* Wed Aug 08 2012 Automatic Build System <autodist@mambasoft.it> 2.2.1-1mamba
+- automatic version update by autodist
+
+* Wed Nov 30 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.3-1mamba
+- update to 2.1.3
+
+* Wed Dec 08 2010 gil <puntogil@libero.it> 2.0.5-1mamba
+- package created by autospec
diff --git a/libaudit-2.6.6-usrsbin.patch b/libaudit-2.6.6-usrsbin.patch
new file mode 100644
index 0000000..c740e19
--- /dev/null
+++ b/libaudit-2.6.6-usrsbin.patch
@@ -0,0 +1,30 @@
+diff -Nru audit-2.4.4.orig/init.d/auditd.conf audit-2.4.4/init.d/auditd.conf
+--- audit-2.4.4.orig/init.d/auditd.conf	2015-08-13 22:56:25.000000000 +0200
++++ audit-2.4.4/init.d/auditd.conf	2015-12-01 19:54:24.403584662 +0100
+@@ -10,7 +10,7 @@
+ freq = 20
+ num_logs = 5
+ disp_qos = lossy
+-dispatcher = /sbin/audispd
++dispatcher = /usr/sbin/audispd
+ name_format = NONE
+ ##name = mydomain
+ max_log_file = 6 
+--- audit-2.6.6/init.d/auditd.service.orig	2016-08-11 19:51:33.493168550 +0200
++++ audit-2.6.6/init.d/auditd.service	2016-08-12 00:43:16.758055860 +0200
+@@ -9,12 +9,12 @@
+ Documentation=man:auditd(8) https://people.redhat.com/sgrubb/audit/
+ 
+ [Service]
+-ExecStart=/sbin/auditd -n
++ExecStart=/usr/sbin/auditd -n
+ ## To not use augenrules, copy this file to /etc/systemd/system/auditd.service
+ ## and comment/delete the next line and uncomment the auditctl line.
+ ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
+-ExecStartPost=-/sbin/augenrules --load
+-#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
++ExecStartPost=-/usr/sbin/augenrules --load
++#ExecStartPost=-/usr/sbin/auditctl -R /etc/audit/audit.rules
+ ExecReload=/bin/kill -HUP $MAINPID
+ # By default we don't clear the rules on exit. To enable this, uncomment
+ # the next line after copying the file to /etc/systemd/system/auditd.service