source: projects/specs/branches/6/a/audit/audit-vl.spec @ 3260

Revision 3260, 23.3 KB checked in by daisuke, 13 years ago (diff)

audit: update to 1.7.18, build with krb5-1.8.2

Line 
1%define sca_version 0.4.10
2%define sca_release 1
3
4Summary: User space tools for 2.6 kernel auditing
5Name: audit
6Version: 1.7.18
7Release: 1%{?_dist_release}
8License: GPLv2+
9Group: System Environment/Daemons
10URL: http://people.redhat.com/sgrubb/audit/
11Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
12Source1: system-config-audit-ja.po
13Patch10: audit-1.7.18-pthread.patch
14Patch11: audit-1.7.18-krb5.patch
15
16BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
17BuildRequires: gettext intltool libtool swig python-devel
18BuildRequires: tcp_wrappers
19BuildRequires: krb5-devel
20BuildRequires: kernel-headers >= 2.6.18
21BuildRequires: automake >= 1.9
22BuildRequires: autoconf >= 2.59
23Requires: %{name}-libs = %{version}-%{release}
24Requires: chkconfig
25Requires(pre): coreutils
26
27%description
28The audit package contains the user space utilities for
29storing and searching the audit records generate by
30the audit subsystem in the Linux 2.6 kernel.
31
32%package libs
33Summary: Dynamic library for libaudit
34License: LGPLv2+
35Group: Development/Libraries
36
37%description libs
38The audit-libs package contains the dynamic libraries needed for
39applications to use the audit framework.
40
41%package libs-devel
42Summary: Header files and static library for libaudit
43License: LGPLv2+
44Group: Development/Libraries
45Requires: %{name}-libs = %{version}-%{release}
46Requires: kernel-headers >= 2.6.18
47
48%description libs-devel
49The audit-libs-devel package contains the static libraries and header
50files needed for developing applications that need to use the audit
51framework libraries.
52
53%package libs-python
54Summary: Python bindings for libaudit
55License: LGPLv2+
56Group: Development/Libraries
57Requires: %{name}-libs = %{version}-%{release}
58
59%description libs-python
60The audit-libs-python package contains the bindings so that libaudit
61and libauparse can be used by python.
62
63%package -n audispd-plugins
64Summary: Plugins for the audit event dispatcher
65License: GPLv2+
66Group: System Environment/Daemons
67BuildRequires: openldap-devel
68Requires: %{name} = %{version}-%{release}
69Requires: %{name}-libs = %{version}-%{release}
70Requires: openldap
71
72%description -n audispd-plugins
73The audispd-plugins package provides plugins for the real-time
74interface to the audit system, audispd. These plugins can do things
75like relay events to remote machines or analyze events for suspicious
76behavior.
77
78%package -n system-config-audit
79Summary: Utility for editing audit configuration
80Version: %{sca_version}
81Release: %{sca_release}%{?_dist_release}
82License: GPLv2+
83Group: Applications/System
84BuildRequires: desktop-file-utils
85Requires: pygtk2-libglade usermode usermode-gtk
86
87%description -n system-config-audit
88A graphical utility for editing audit configuration.
89
90%prep
91%setup -q
92%patch10 -p1
93%patch11 -p1
94cp -f %{SOURCE1} system-config-audit/po/ja.po
95
96%build
97(cd system-config-audit; %configure)
98%configure --sbindir=/sbin --libdir=/%{_lib} --with-libwrap --enable-gssapi-krb5=yes
99make %{?_smp_mflags}
100
101%install
102rm -rf $RPM_BUILD_ROOT
103mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,rc.d/init.d}}
104mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
105mkdir -p $RPM_BUILD_ROOT/%{_lib}
106mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
107mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit
108make DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} install
109make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora
110
111mkdir -p $RPM_BUILD_ROOT/%{_libdir}
112# This winds up in the wrong place when libtool is involved
113mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir}
114mv $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
115curdir=`pwd`
116cd $RPM_BUILD_ROOT/%{_libdir}
117LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*\``
118ln -s ../../%{_lib}/$LIBNAME libaudit.so
119LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*\``
120ln -s ../../%{_lib}/$LIBNAME libauparse.so
121cd $curdir
122# Remove these items so they don't get picked up.
123rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so
124rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so
125rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.la
126rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.la
127rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.a
128rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.la
129rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.a
130rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.la
131rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.a
132rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.la
133
134# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
135touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
136
137%find_lang system-config-audit
138
139desktop-file-install                                    \
140        --dir $RPM_BUILD_ROOT/%{_datadir}/applications  \
141        --delete-original                               \
142        system-config-audit/system-config-audit.desktop
143
144#% check
145#make check
146
147%clean
148rm -rf $RPM_BUILD_ROOT
149rm -rf zos-remote-policy
150
151%post libs -p /sbin/ldconfig
152
153%post
154/sbin/chkconfig --add auditd
155# This is to migrate users from audit-1.0.x installations
156if [ -f /etc/auditd.conf ]; then
157   mv /etc/auditd.conf /etc/audit/auditd.conf
158fi
159if [ -f /etc/audit.rules ]; then
160   mv /etc/audit.rules /etc/audit/audit.rules
161fi
162# This is to enable the dispatcher option which was commented out
163if [ -f /etc/audit/auditd.conf ]; then
164   grep '^dispatcher' /etc/audit/auditd.conf >/dev/null
165   if [ $? -eq 1 ] ; then
166      tmp=`mktemp /etc/audit/auditd-post.XXXXXX`
167      if [ -n $tmp ]; then
168         sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
169         cat $tmp > /etc/audit/auditd.conf
170         rm -f $tmp
171      fi
172   fi
173fi
174
175%preun
176if [ $1 -eq 0 ]; then
177   /sbin/service auditd stop > /dev/null 2>&1
178   /sbin/chkconfig --del auditd
179fi
180
181%postun libs -p /sbin/ldconfig
182
183%postun
184if [ $1 -ge 1 ]; then
185   /sbin/service auditd condrestart > /dev/null 2>&1 || :
186fi
187
188%files libs
189%defattr(-,root,root)
190%attr(755,root,root) /%{_lib}/libaudit.*
191%attr(755,root,root) /%{_lib}/libauparse.*
192%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
193
194%files libs-devel
195%defattr(-,root,root)
196%doc contrib/skeleton.c contrib/plugin
197%{_libdir}/libaudit.a
198%{_libdir}/libauparse.a
199%{_libdir}/libaudit.so
200%{_libdir}/libauparse.so
201%{_includedir}/libaudit.h
202%{_includedir}/auparse.h
203%{_includedir}/auparse-defs.h
204%{_mandir}/man3/*
205
206%files libs-python
207%defattr(-,root,root)
208%attr(755,root,root) %{python_sitearch}/_audit.so
209%attr(755,root,root) %{python_sitearch}/auparse.so
210%{python_sitearch}/audit.py*
211
212%files
213%defattr(-,root,root,-)
214%doc  README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron
215%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
216%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
217%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
218%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
219%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
220%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
221%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
222%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
223%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
224%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
225%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
226%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
227%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
228%attr(750,root,root) /sbin/auditctl
229%attr(750,root,root) /sbin/auditd
230%attr(755,root,root) /sbin/ausearch
231%attr(755,root,root) /sbin/aureport
232%attr(750,root,root) /sbin/autrace
233%attr(750,root,root) /sbin/audispd
234%attr(750,root,root) %{_bindir}/aulastlog
235%attr(750,root,root) %{_bindir}/aulast
236%attr(755,root,root) %{_bindir}/ausyscall
237%attr(755,root,root) /etc/rc.d/init.d/auditd
238%attr(750,root,root) %{_var}/log/audit
239%attr(750,root,root) %dir /etc/audit
240%attr(750,root,root) %dir /etc/audisp
241%attr(750,root,root) %dir /etc/audisp/plugins.d
242%attr(750,root,root) %dir %{_libdir}/audit
243%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
244%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
245%config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd
246%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
247%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
248
249%files -n audispd-plugins
250%defattr(-,root,root,-)
251%attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
252%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
253%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
254%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
255%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
256%attr(750,root,root) /sbin/audispd-zos-remote
257%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
258%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
259%attr(750,root,root) /sbin/audisp-remote
260%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
261%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
262
263%files -n system-config-audit -f system-config-audit.lang
264%defattr(-,root,root,-)
265%doc system-config-audit/AUTHORS
266%doc system-config-audit/COPYING
267%doc system-config-audit/ChangeLog
268%doc system-config-audit/NEWS
269%doc system-config-audit/README
270%{_bindir}/system-config-audit
271%{_datadir}/applications/system-config-audit.desktop
272%{_datadir}/system-config-audit
273%{_libexecdir}/system-config-audit-server-real
274%{_libexecdir}/system-config-audit-server
275%config(noreplace) %{_sysconfdir}/pam.d/system-config-audit-server
276%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
277
278%changelog
279* Sun Apr 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.18-1
280- new upstream release
281- rebuild with krb5-1.8.2
282
283* Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-6
284- forgot to increment sca_release macro (why on earth is sca_release
285  individually defined from main package's release number anyway?)
286
287* Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-5
288- rebuilt with gcc-4.4.3-3 on ppc
289
290* Fri Feb  5 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-4
291- rebuilt with rpm-4.8.0-3 (on ppc)
292
293* Tue Feb 02 2010 Shu KONNO <owa@bg.wakwak.com> 1.7.6-3
294- rebuild with python-2.6
295
296* Sat Apr 04 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-2
297- rebuild with openldap-2.4.11
298
299* Mon Sep 15 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-1
300- initial build for Vine Linux
301- disable krb5, prelude and selinux
302- add ja.po (XXX: minimal)
303
304* Wed Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.6-1
305- Add subject to audit daemon events (Chu Li)
306- Add tcp_wrappers support for auditd
307- Updated syscall tables for 2.6.27 kernel
308- Audit connect/disconnect of remote clients
309- Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
310
311* Mon Aug 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.5-1
312- Update system-config-audit to 0.4.8
313- Whole lot of bug fixes - see ChangeLog for details
314- Reimplement auditd main loop using libev
315- Add TCP listener to auditd to receive remote events
316- Fix scheduler problem (#457061)
317
318* Thu Jul 03 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-2
319- Move ausearch-expression to main package (#453437)
320
321* Mon May 19 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-1
322- Fix interpreting of keys in syscall records
323- Don't error on name=(null) PATH records in ausearch/report
324- Add key report to aureport
325- Update system-config-audit to 0.4.7 (Miloslav Trmac)
326- Add support for the filetype field option in auditctl new to 2.6.26 kernels
327
328* Fri May 09 2008 Steve Grubb <sgrubb@redhat.com> 1.7.3-1
329- Fix output of keys in ausearch interpretted mode
330- Fix ausearch/report --start now to not be reset to midnight
331- audispd now has a priority boost config option
332- Look for laddr in avcs reported via prelude
333- Detect page 0 mmaps and alert via prelude
334
335* Fri Apr 18 2008 Steve Grubb <sgrubb@redhat.com> 1.7.2-6
336- Fix overflow in audit_log_user_command, better (#438840)
337- ausearch was not matching path in avc records
338- audisp-prelude attempt to reposition index after examining each type
339- correct building of mls policy
340- Fix auparse iterating in auparse_find_field and next_field
341- Don't alert on USER_AVC's - they are not quite right
342
343* Tue Apr 08 2008 Steve Grubb <sgrubb@redhat.com> 1.7.1-1
344- Fix buffer overflow in audit_log_user_command, again (#438840)
345- Fix memory leak in EOE code in auditd (#440075)
346- In auditctl, don't use new operators in legacy rule format
347- Made a couple corrections in alpha & x86_64 syscall tables (Miloslav Trmac)
348
349* Fri Apr 04 2008 Steve Grubb <sgrubb@redhat.com> 1.7-3
350- Fix memleak in auditd eoe code
351
352* Tue Apr 01 2008 Steve Grubb <sgrubb@redhat.com> 1.7-2
353- Remove LSB headers from init scripts
354- Fix buffer overflow in audit_log_user_command again
355
356* Sun Mar 30 2008 Steve Grubb <sgrubb@redhat.com> 1.7-1
357- Handle user space avcs in prelude plugin
358- Fix watched account login detection for some failed login attempts
359- Couple fixups in audit logging functions (Miloslav Trmac)
360- Add support in auditctl for virtual keys
361- auparse_find_field_next was not iterating correctly, fixed it
362- Add idmef alerts for access or execution of watched file
363- Fix buffer overflow in audit_log_user_command
364- Add basic remote logging plugin - only sends & no flow control
365- Update ausearch with interpret fixes from auparse
366
367* Sun Mar 09 2008 Steve Grubb <sgrubb@redhat.com> 1.6.9-1
368- Apply hidden attribute cleanup patch (Miloslav Trmac)
369- Apply auparse expression interface patch (Miloslav Trmac)
370- Fix potential memleak in audit event dispatcher
371- Update system-config-audit to version 0.4.6 (Miloslav Trmac)
372- audisp-prelude alerts now controlled by config file
373- Updated syscall table for 2.6.25 kernel
374- Apply patch correcting acct field being misencoded (Miloslav Trmac)
375- Added watched account login detection for prelude plugin
376
377* Thu Feb 14 2008 Steve Grubb <sgrubb@redhat.com> 1.6.8-1
378- Update for gcc 4.3
379- Cleanup descriptors in audispd before running plugin
380- Fix 'recent' keyword for aureport/search
381- Fix SE Linux policy for zos_remote plugin
382- Add event type for group password authentication attempts
383- Couple of updates to the translation tables
384- Add detection of failed group authentication to audisp-prelude
385
386* Thu Jan 31 2008 Steve Grubb <sgrubb@redhat.com> 1.6.7-2
387- In ausearch/report, prefer -if to stdin
388- In ausearch/report, add new command line option --input-logs (#428860)
389- Updated audisp-prelude based on feedback from prelude-devel
390- Added prelude alert for promiscuous socket being opened
391- Added prelude alert for SE Linux policy enforcement changes
392- Added prelude alerts for Forbidden Login Locations and Time
393- Applied patch to auparse fixing error handling of searching by
394  interpreted value (Miloslav Trmac)
395
396* Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1
397- Add prelude IDS plugin for IDMEF alerts
398- Add --user option to aulastlog command
399- Use desktop-file-install for system-config-audit
400- Avoid touching auditd.conf most of the time (#408501)
401
402* Fri Jan 11 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-3
403- Updates for spec file review
404- Adjust permission on selinux policy file
405
406* Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1
407- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
408- Check for audit log being writable by owner in auditd
409- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
410- Updated CAPP, LSPP, and NISPOM rules for new capabilities
411- Added aulastlog utility
412
413* Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3
414- Allow 0600 file perms for audit logs
415
416* Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1
417- fchmod of log file was on wrong variable (#426934)
418- Allow use of errno strings for exit codes in audit rules
419
420* Sat Dec 29 2007 Miloslav Trmač <mitr@redhat.com> - 1.6.3-2
421- Don't fchmod() /dev/null to mode 0400 (#426934)
422
423* Thu Dec 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6.3-1
424- Add kernel release string to DEAMON_START events
425- Fix keep_logs when num_logs option disabled (#325561)
426- Fix auparse to handle node fields for syscall records
427- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
428- Add keyword week-ago to aureport & ausearch start/end times
429- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
430- Add RACF zos remote audispd plugin (Klaus Kiwi)
431- Add event queue overflow action to audispd
432
433* Mon Oct 1 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-2
434- Don't retry if the rt queue is full.
435
436* Tue Sep 25 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-1
437- Add support for searching by posix regular expressions in auparse
438- Route DEAMON events into rt interface
439- If event pipe is full, try again after doing local logging
440- Optionally add node/machine name to records in audit daemon
441- Update ausearch/aureport to specify nodes to search on
442- Fix segfault interpretting saddr fields in avcs
443
444* Thu Sep 6 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-2
445- Fix uninitialized variable in auparse (John Dennis)
446
447* Sun Sep 2 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-1
448- External plugin support in place
449- Fix reference counting in auparse python bindings (#263961)
450- Moved default af_unix plugin socket to /var/run/audispd_events
451
452* Wed Aug 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6-3
453- Add newline to audispd string formatted events
454
455* Tue Aug 28 2007 Steve Grubb <sgrubb@redhat.com> 1.6-2
456- spec file cleanups
457- Update to s-c-audit 0.4.3
458
459* Mon Aug 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6-1
460- Update Licence tags
461- Adding perm field should not set syscall added flag in auditctl
462- Fix segfault when aureport -if option is used
463- Fix auditctl to better check keys on rule lines
464- Add support for audit by TTY and other new event types
465- Auditd config option for group permission of audit logs
466- Swig messed up a variable in ppc's python bindings causing crashes. (#251327)
467- New audit event dispatcher
468- Update syscall tables for 2.6.23 kernel
469
470* Wed Jul 25 2007 Steve Grubb <sgrubb@redhat.com> 1.5.6-1
471- Fix potential buffer overflow in print clone flags of auparse
472- Fix python traceback parsing watches without perm statement (Miloslav Trmac)
473- Update auditctl to handle legacy kernels when putting a watch on a dir
474- Fix acct interpretation in auparse
475
476* Tue Jul 17 2007 Miloslav Trmač <mitr@redhat.com> - 1.5.5-5
477- Fix a double free when auditd receives SIGHUP
478- Move the system-config-audit menu entry to the Administration menu
479
480* Tue Jul 10 2007 Steve Grubb <sgrubb@redhat.com> 1.5.5-1
481- Add system-config-audit (Miloslav Trmac)
482- Correct bug in audit_make_equivalent function (Al Viro)
483
484* Tue Jun 26 2007 Steve Grubb <sgrubb@redhat.com> 1.5.4-1
485- Add feed interface to auparse library (John Dennis)
486- Apply patch to libauparse for unresolved symbols (#241178)
487- Apply patch to add line numbers for file events in libauparse (John Dennis)
488- Change seresults to seresult in libauparse (John Dennis)
489- Add unit32_t definition to swig (#244210)
490- Add support for directory auditing
491- Update acct field to be escaped
492
493* Tue May 01 2007 Steve Grubb <sgrubb@redhat.com> 1.5.3-1
494- Change buffer size to prevent truncation of DAEMON events with large labels
495- Fix memory leaks in auparse (John Dennis)
496- Update syscall tables for 2.6.21 kernel
497- Update capp & lspp rules
498- New python bindings for libauparse (John Dennis)
499
500* Thu Apr 04 2007 Steve Grubb <sgrubb@redhat.com> 1.5.2-1
501- New event dispatcher (James Antill)
502- Apply patches fixing man pages and Makefile.am (Philipp Hahn)
503- Apply patch correcting python libs permissions (Philipp Hahn)
504- Fix auditd segfault on reload
505- Fix bug in auparse library for file pointers and descriptors
506- Extract subject information out of daemon events for ausearch
507
508* Thu Mar 29 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-2
509- Remove requires kernel-headers for python-libs
510- Apply patch to prevent segfaults on auditd reload
511
512* Tue Mar 20 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-1
513- Updated autrace to monitor *at syscalls
514- Add support in libaudit for AUDIT_BIT_TEST(^) and AUDIT_MASK_TEST (&)
515- Finish reworking auditd config parser
516- In auparse, interpret open, fcntl, and clone flags
517- In auparse, when interpreting execve record types, run args through unencode
518- Add support for OBJ_PID message type
519- Event dispatcher updates
520
521* Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-2
522- rebuild
523
524* Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-1
525- NEW audit dispatcher program & plugin framework
526- Correct hidden variables in libauparse
527- Added NISPOM sample rules
528- Verify accessibility of files passed in auparse_init
529- Fix bug in parser library interpreting socketcalls
530- Add support for stdio FILE pointer in auparse_init
531- Adjust init script to allow anyone to status auditd (#230626)
532
533* Tue Feb 20 2007 Steve Grubb <sgrubb@redhat.com> 1.4.2-1
534- Add man pages
535- Reduce text relocations in parser library
536- Add -n option to auditd for no fork
537- Add exec option to space_left, admin_space_left, disk_full,
538  and disk_error - eg EXEC /usr/local/script
539
540* Fri Feb 16 2007 Steve Grubb <sgrubb@redhat.com> 1.4.1-1
541- updated audit_rule_fieldpair_data to handle perm correctly (#226780)
542- Finished search options for audit parsing library
543- Fix ausearch -se to work correctly
544- Fix auditd init script for /usr on netdev (#228528)
545- Parse avc seperms better when there are more than one
546
547* Sun Feb 04 2007 Steve Grubb <sgrubb@redhat.com> 1.4-1
548- New report about authentication attempts
549- Updates for python 2.5
550- update autrace to have resource usage mode
551- update auditctl to support immutable config
552- added audit_log_user_command function to libaudit api
553- interpret capabilities
554- added audit event parsing library
555- updates for 2.6.20 kernel
556
557* Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-2
558- Make more adjustments for python 2.5
559
560* Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-1
561- Fix a couple parsing problems (#217952)
562- Add tgkill to S390* syscall tables (#218484)
563- Fix error messages in ausearch/aureport
564
565* Wed Dec  6 2006 Jeremy Katz <katzj@redhat.com> - 1.3-4
566- rebuild against python 2.5
567
568* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-3
569- Fix timestamp for libaudit.conf (#218053)
570
571* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-2
572- Fix minor parsing problem and add new msg types
573
574* Tue Nov 28 2006 Steve Grubb <sgrubb@redhat.com> 1.3-1
575- ausearch & aureport implement uid/gid caching
576- In ausearch & aureport, extract addr when hostname is unknown
577- In ausearch & aureport, test audit log presence O_RDONLY
578- New ausearch/aureport time keywords: recent, this-week, this-month, this-year
579- Added --add & --delete option to aureport
580- Update res parsing in config change events
581- Increase the size on audit daemon buffers
582- Parse avc_path records in ausearch/aureport
583- ausearch has new output mode, raw, for extracting events
584- ausearch/aureport can now read stdin
585- Rework AVC processing in ausearch/aureport
586- Added long options to ausearch and aureport
587
588* Tue Oct 24 2006 Steve Grubb <sgrubb@redhat.com> 1.2.9-1
589- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834)
590- Fix some defines in libaudit.h
591- Some auditd config strings were not initialized in aureport (#211443)
592- Updated man pages
593- Add Netlabel event types to libaudit
594- Update aureports to current audit event types
595- Update autrace a little
596- Deprecated all the old audit_rule functions from public API
597- Drop auparse library for the moment
598
599* Fri Sep 29 2006 Steve Grubb <sgrubb@redhat.com> 1.2.8-1
600- Add dist tag and bump version (#208532)
601- Make internal auditd buffers bigger for context info
602- Correct address resolving of hostname in logging functions
603- Do not allow multiple msgtypes in same audit rule in auditctl (#207666)
604- Only =, != operators for arch & inode fields in auditctl (#206427)
605- Updated audit message type table
606- Remove watches from aureport since FS_WATCH is deprecated
607- Add audit_log_avc back temporarily (#208152)
608 
Note: See TracBrowser for help on using the repository browser.