[9487] | 1 | %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} |
---|
| 2 | |
---|
[3260] | 3 | %define sca_version 0.4.10 |
---|
[9488] | 4 | %define sca_release 4 |
---|
[521] | 5 | |
---|
| 6 | Summary: User space tools for 2.6 kernel auditing |
---|
| 7 | Name: audit |
---|
[3260] | 8 | Version: 1.7.18 |
---|
[9488] | 9 | Release: 4%{?_dist_release} |
---|
[521] | 10 | License: GPLv2+ |
---|
| 11 | Group: System Environment/Daemons |
---|
| 12 | URL: http://people.redhat.com/sgrubb/audit/ |
---|
| 13 | Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz |
---|
| 14 | Source1: system-config-audit-ja.po |
---|
[3260] | 15 | Patch10: audit-1.7.18-pthread.patch |
---|
| 16 | Patch11: audit-1.7.18-krb5.patch |
---|
[5701] | 17 | Patch12: audit-1.7.18-libaudit.patch |
---|
[3260] | 18 | |
---|
[521] | 19 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
| 20 | BuildRequires: gettext intltool libtool swig python-devel |
---|
| 21 | BuildRequires: tcp_wrappers |
---|
[3260] | 22 | BuildRequires: krb5-devel |
---|
[521] | 23 | BuildRequires: kernel-headers >= 2.6.18 |
---|
| 24 | BuildRequires: automake >= 1.9 |
---|
| 25 | BuildRequires: autoconf >= 2.59 |
---|
| 26 | Requires: %{name}-libs = %{version}-%{release} |
---|
| 27 | Requires: chkconfig |
---|
| 28 | Requires(pre): coreutils |
---|
| 29 | |
---|
| 30 | %description |
---|
| 31 | The audit package contains the user space utilities for |
---|
| 32 | storing and searching the audit records generate by |
---|
| 33 | the audit subsystem in the Linux 2.6 kernel. |
---|
| 34 | |
---|
| 35 | %package libs |
---|
| 36 | Summary: Dynamic library for libaudit |
---|
| 37 | License: LGPLv2+ |
---|
| 38 | Group: Development/Libraries |
---|
| 39 | |
---|
| 40 | %description libs |
---|
| 41 | The audit-libs package contains the dynamic libraries needed for |
---|
| 42 | applications to use the audit framework. |
---|
| 43 | |
---|
| 44 | %package libs-devel |
---|
| 45 | Summary: Header files and static library for libaudit |
---|
| 46 | License: LGPLv2+ |
---|
| 47 | Group: Development/Libraries |
---|
| 48 | Requires: %{name}-libs = %{version}-%{release} |
---|
| 49 | Requires: kernel-headers >= 2.6.18 |
---|
| 50 | |
---|
| 51 | %description libs-devel |
---|
| 52 | The audit-libs-devel package contains the static libraries and header |
---|
| 53 | files needed for developing applications that need to use the audit |
---|
| 54 | framework libraries. |
---|
| 55 | |
---|
| 56 | %package libs-python |
---|
| 57 | Summary: Python bindings for libaudit |
---|
| 58 | License: LGPLv2+ |
---|
| 59 | Group: Development/Libraries |
---|
| 60 | Requires: %{name}-libs = %{version}-%{release} |
---|
| 61 | |
---|
| 62 | %description libs-python |
---|
| 63 | The audit-libs-python package contains the bindings so that libaudit |
---|
| 64 | and libauparse can be used by python. |
---|
| 65 | |
---|
| 66 | %package -n audispd-plugins |
---|
| 67 | Summary: Plugins for the audit event dispatcher |
---|
| 68 | License: GPLv2+ |
---|
| 69 | Group: System Environment/Daemons |
---|
| 70 | BuildRequires: openldap-devel |
---|
| 71 | Requires: %{name} = %{version}-%{release} |
---|
| 72 | Requires: %{name}-libs = %{version}-%{release} |
---|
| 73 | Requires: openldap |
---|
| 74 | |
---|
| 75 | %description -n audispd-plugins |
---|
| 76 | The audispd-plugins package provides plugins for the real-time |
---|
| 77 | interface to the audit system, audispd. These plugins can do things |
---|
| 78 | like relay events to remote machines or analyze events for suspicious |
---|
| 79 | behavior. |
---|
| 80 | |
---|
| 81 | %package -n system-config-audit |
---|
| 82 | Summary: Utility for editing audit configuration |
---|
| 83 | Version: %{sca_version} |
---|
| 84 | Release: %{sca_release}%{?_dist_release} |
---|
| 85 | License: GPLv2+ |
---|
| 86 | Group: Applications/System |
---|
| 87 | BuildRequires: desktop-file-utils |
---|
| 88 | Requires: pygtk2-libglade usermode usermode-gtk |
---|
| 89 | |
---|
| 90 | %description -n system-config-audit |
---|
| 91 | A graphical utility for editing audit configuration. |
---|
| 92 | |
---|
[9487] | 93 | %package -n compat32-%{name}-libs |
---|
| 94 | Summary: Dynamic library for libaudit |
---|
| 95 | License: LGPLv2+ |
---|
| 96 | Group: Development/Libraries |
---|
| 97 | |
---|
| 98 | %description -n compat32-%{name}-libs |
---|
| 99 | The audit-libs package contains the dynamic libraries needed for |
---|
| 100 | applications to use the audit framework. |
---|
| 101 | |
---|
[521] | 102 | %prep |
---|
| 103 | %setup -q |
---|
[3260] | 104 | %patch10 -p1 |
---|
| 105 | %patch11 -p1 |
---|
[5701] | 106 | %patch12 -p1 |
---|
[521] | 107 | cp -f %{SOURCE1} system-config-audit/po/ja.po |
---|
| 108 | |
---|
| 109 | %build |
---|
[3260] | 110 | (cd system-config-audit; %configure) |
---|
| 111 | %configure --sbindir=/sbin --libdir=/%{_lib} --with-libwrap --enable-gssapi-krb5=yes |
---|
[521] | 112 | make %{?_smp_mflags} |
---|
| 113 | |
---|
| 114 | %install |
---|
| 115 | rm -rf $RPM_BUILD_ROOT |
---|
| 116 | mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,rc.d/init.d}} |
---|
| 117 | mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8} |
---|
| 118 | mkdir -p $RPM_BUILD_ROOT/%{_lib} |
---|
| 119 | mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit |
---|
| 120 | mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit |
---|
| 121 | make DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} install |
---|
| 122 | make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora |
---|
| 123 | |
---|
| 124 | mkdir -p $RPM_BUILD_ROOT/%{_libdir} |
---|
| 125 | # This winds up in the wrong place when libtool is involved |
---|
| 126 | mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir} |
---|
| 127 | mv $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir} |
---|
| 128 | curdir=`pwd` |
---|
| 129 | cd $RPM_BUILD_ROOT/%{_libdir} |
---|
| 130 | LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*\`` |
---|
| 131 | ln -s ../../%{_lib}/$LIBNAME libaudit.so |
---|
| 132 | LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*\`` |
---|
| 133 | ln -s ../../%{_lib}/$LIBNAME libauparse.so |
---|
| 134 | cd $curdir |
---|
| 135 | # Remove these items so they don't get picked up. |
---|
| 136 | rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so |
---|
| 137 | rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so |
---|
| 138 | rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.la |
---|
| 139 | rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.la |
---|
| 140 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.a |
---|
| 141 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.la |
---|
| 142 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.a |
---|
| 143 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.la |
---|
| 144 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.a |
---|
| 145 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.la |
---|
| 146 | |
---|
| 147 | # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp |
---|
| 148 | touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf |
---|
| 149 | |
---|
| 150 | %find_lang system-config-audit |
---|
| 151 | |
---|
| 152 | desktop-file-install \ |
---|
| 153 | --dir $RPM_BUILD_ROOT/%{_datadir}/applications \ |
---|
| 154 | --delete-original \ |
---|
| 155 | system-config-audit/system-config-audit.desktop |
---|
| 156 | |
---|
| 157 | #% check |
---|
| 158 | #make check |
---|
| 159 | |
---|
| 160 | %clean |
---|
| 161 | rm -rf $RPM_BUILD_ROOT |
---|
| 162 | rm -rf zos-remote-policy |
---|
| 163 | |
---|
| 164 | %post libs -p /sbin/ldconfig |
---|
| 165 | |
---|
| 166 | %post |
---|
| 167 | /sbin/chkconfig --add auditd |
---|
| 168 | # This is to migrate users from audit-1.0.x installations |
---|
| 169 | if [ -f /etc/auditd.conf ]; then |
---|
| 170 | mv /etc/auditd.conf /etc/audit/auditd.conf |
---|
| 171 | fi |
---|
| 172 | if [ -f /etc/audit.rules ]; then |
---|
| 173 | mv /etc/audit.rules /etc/audit/audit.rules |
---|
| 174 | fi |
---|
| 175 | # This is to enable the dispatcher option which was commented out |
---|
| 176 | if [ -f /etc/audit/auditd.conf ]; then |
---|
| 177 | grep '^dispatcher' /etc/audit/auditd.conf >/dev/null |
---|
| 178 | if [ $? -eq 1 ] ; then |
---|
| 179 | tmp=`mktemp /etc/audit/auditd-post.XXXXXX` |
---|
| 180 | if [ -n $tmp ]; then |
---|
| 181 | sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \ |
---|
| 182 | cat $tmp > /etc/audit/auditd.conf |
---|
| 183 | rm -f $tmp |
---|
| 184 | fi |
---|
| 185 | fi |
---|
| 186 | fi |
---|
| 187 | |
---|
[9487] | 188 | %post -n compat32-%{name}-libs -p /sbin/ldconfig |
---|
| 189 | |
---|
[521] | 190 | %preun |
---|
| 191 | if [ $1 -eq 0 ]; then |
---|
| 192 | /sbin/service auditd stop > /dev/null 2>&1 |
---|
| 193 | /sbin/chkconfig --del auditd |
---|
| 194 | fi |
---|
| 195 | |
---|
| 196 | %postun libs -p /sbin/ldconfig |
---|
| 197 | |
---|
| 198 | %postun |
---|
| 199 | if [ $1 -ge 1 ]; then |
---|
| 200 | /sbin/service auditd condrestart > /dev/null 2>&1 || : |
---|
| 201 | fi |
---|
| 202 | |
---|
[9487] | 203 | %postun -n compat32-%{name}-libs -p /sbin/ldconfig |
---|
| 204 | |
---|
[521] | 205 | %files libs |
---|
| 206 | %defattr(-,root,root) |
---|
| 207 | %attr(755,root,root) /%{_lib}/libaudit.* |
---|
| 208 | %attr(755,root,root) /%{_lib}/libauparse.* |
---|
| 209 | %config(noreplace) %attr(640,root,root) /etc/libaudit.conf |
---|
| 210 | |
---|
| 211 | %files libs-devel |
---|
| 212 | %defattr(-,root,root) |
---|
| 213 | %doc contrib/skeleton.c contrib/plugin |
---|
| 214 | %{_libdir}/libaudit.a |
---|
| 215 | %{_libdir}/libauparse.a |
---|
| 216 | %{_libdir}/libaudit.so |
---|
| 217 | %{_libdir}/libauparse.so |
---|
| 218 | %{_includedir}/libaudit.h |
---|
| 219 | %{_includedir}/auparse.h |
---|
| 220 | %{_includedir}/auparse-defs.h |
---|
| 221 | %{_mandir}/man3/* |
---|
| 222 | |
---|
| 223 | %files libs-python |
---|
| 224 | %defattr(-,root,root) |
---|
[3260] | 225 | %attr(755,root,root) %{python_sitearch}/_audit.so |
---|
| 226 | %attr(755,root,root) %{python_sitearch}/auparse.so |
---|
| 227 | %{python_sitearch}/audit.py* |
---|
[521] | 228 | |
---|
| 229 | %files |
---|
| 230 | %defattr(-,root,root,-) |
---|
| 231 | %doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron |
---|
| 232 | %attr(644,root,root) %{_mandir}/man8/audispd.8.gz |
---|
| 233 | %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz |
---|
| 234 | %attr(644,root,root) %{_mandir}/man8/auditd.8.gz |
---|
| 235 | %attr(644,root,root) %{_mandir}/man8/aureport.8.gz |
---|
| 236 | %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz |
---|
| 237 | %attr(644,root,root) %{_mandir}/man8/autrace.8.gz |
---|
| 238 | %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz |
---|
[3260] | 239 | %attr(644,root,root) %{_mandir}/man8/aulast.8.gz |
---|
[521] | 240 | %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz |
---|
[3260] | 241 | %attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz |
---|
[521] | 242 | %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz |
---|
| 243 | %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz |
---|
| 244 | %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz |
---|
| 245 | %attr(750,root,root) /sbin/auditctl |
---|
| 246 | %attr(750,root,root) /sbin/auditd |
---|
| 247 | %attr(755,root,root) /sbin/ausearch |
---|
| 248 | %attr(755,root,root) /sbin/aureport |
---|
| 249 | %attr(750,root,root) /sbin/autrace |
---|
| 250 | %attr(750,root,root) /sbin/audispd |
---|
| 251 | %attr(750,root,root) %{_bindir}/aulastlog |
---|
[3260] | 252 | %attr(750,root,root) %{_bindir}/aulast |
---|
[521] | 253 | %attr(755,root,root) %{_bindir}/ausyscall |
---|
| 254 | %attr(755,root,root) /etc/rc.d/init.d/auditd |
---|
| 255 | %attr(750,root,root) %{_var}/log/audit |
---|
| 256 | %attr(750,root,root) %dir /etc/audit |
---|
| 257 | %attr(750,root,root) %dir /etc/audisp |
---|
| 258 | %attr(750,root,root) %dir /etc/audisp/plugins.d |
---|
| 259 | %attr(750,root,root) %dir %{_libdir}/audit |
---|
| 260 | %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf |
---|
| 261 | %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules |
---|
| 262 | %config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd |
---|
| 263 | %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf |
---|
| 264 | %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf |
---|
| 265 | |
---|
| 266 | %files -n audispd-plugins |
---|
| 267 | %defattr(-,root,root,-) |
---|
| 268 | %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf |
---|
| 269 | %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz |
---|
| 270 | %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz |
---|
| 271 | %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf |
---|
| 272 | %config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf |
---|
| 273 | %attr(750,root,root) /sbin/audispd-zos-remote |
---|
| 274 | %config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf |
---|
| 275 | %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf |
---|
| 276 | %attr(750,root,root) /sbin/audisp-remote |
---|
| 277 | %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz |
---|
| 278 | %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz |
---|
| 279 | |
---|
| 280 | %files -n system-config-audit -f system-config-audit.lang |
---|
| 281 | %defattr(-,root,root,-) |
---|
| 282 | %doc system-config-audit/AUTHORS |
---|
| 283 | %doc system-config-audit/COPYING |
---|
| 284 | %doc system-config-audit/ChangeLog |
---|
| 285 | %doc system-config-audit/NEWS |
---|
| 286 | %doc system-config-audit/README |
---|
| 287 | %{_bindir}/system-config-audit |
---|
| 288 | %{_datadir}/applications/system-config-audit.desktop |
---|
| 289 | %{_datadir}/system-config-audit |
---|
| 290 | %{_libexecdir}/system-config-audit-server-real |
---|
| 291 | %{_libexecdir}/system-config-audit-server |
---|
| 292 | %config(noreplace) %{_sysconfdir}/pam.d/system-config-audit-server |
---|
| 293 | %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server |
---|
| 294 | |
---|
[9487] | 295 | %if %{build_compat32} |
---|
| 296 | %files -n compat32-%{name}-libs |
---|
| 297 | %defattr(-,root,root) |
---|
| 298 | %attr(755,root,root) /%{_lib}/libaudit.* |
---|
| 299 | %attr(755,root,root) /%{_lib}/libauparse.* |
---|
| 300 | %endif |
---|
| 301 | |
---|
[521] | 302 | %changelog |
---|
[9488] | 303 | * Sun Apr 05 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-4 |
---|
| 304 | - fix sca_release |
---|
| 305 | |
---|
[9487] | 306 | * Sun Apr 05 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-3 |
---|
| 307 | - create compat32-audit-libs subpackage |
---|
| 308 | |
---|
[5701] | 309 | * Wed Feb 15 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-2 |
---|
| 310 | - rebuild with python-2.7.2 |
---|
| 311 | - add Patch12 (audit-1.7.18-libaudit.patch) |
---|
| 312 | |
---|
[3260] | 313 | * Sun Apr 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.18-1 |
---|
| 314 | - new upstream release |
---|
| 315 | - rebuild with krb5-1.8.2 |
---|
| 316 | |
---|
[521] | 317 | * Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-6 |
---|
| 318 | - forgot to increment sca_release macro (why on earth is sca_release |
---|
| 319 | individually defined from main package's release number anyway?) |
---|
| 320 | |
---|
| 321 | * Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-5 |
---|
| 322 | - rebuilt with gcc-4.4.3-3 on ppc |
---|
| 323 | |
---|
| 324 | * Fri Feb 5 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-4 |
---|
| 325 | - rebuilt with rpm-4.8.0-3 (on ppc) |
---|
| 326 | |
---|
| 327 | * Tue Feb 02 2010 Shu KONNO <owa@bg.wakwak.com> 1.7.6-3 |
---|
| 328 | - rebuild with python-2.6 |
---|
| 329 | |
---|
| 330 | * Sat Apr 04 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-2 |
---|
| 331 | - rebuild with openldap-2.4.11 |
---|
| 332 | |
---|
| 333 | * Mon Sep 15 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-1 |
---|
| 334 | - initial build for Vine Linux |
---|
| 335 | - disable krb5, prelude and selinux |
---|
| 336 | - add ja.po (XXX: minimal) |
---|
| 337 | |
---|
[9487] | 338 | * Thu Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.6-1 |
---|
[521] | 339 | - Add subject to audit daemon events (Chu Li) |
---|
| 340 | - Add tcp_wrappers support for auditd |
---|
| 341 | - Updated syscall tables for 2.6.27 kernel |
---|
| 342 | - Audit connect/disconnect of remote clients |
---|
| 343 | - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie) |
---|
| 344 | |
---|
| 345 | * Mon Aug 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.5-1 |
---|
| 346 | - Update system-config-audit to 0.4.8 |
---|
| 347 | - Whole lot of bug fixes - see ChangeLog for details |
---|
| 348 | - Reimplement auditd main loop using libev |
---|
| 349 | - Add TCP listener to auditd to receive remote events |
---|
| 350 | - Fix scheduler problem (#457061) |
---|
| 351 | |
---|
| 352 | * Thu Jul 03 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-2 |
---|
| 353 | - Move ausearch-expression to main package (#453437) |
---|
| 354 | |
---|
| 355 | * Mon May 19 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-1 |
---|
| 356 | - Fix interpreting of keys in syscall records |
---|
| 357 | - Don't error on name=(null) PATH records in ausearch/report |
---|
| 358 | - Add key report to aureport |
---|
| 359 | - Update system-config-audit to 0.4.7 (Miloslav Trmac) |
---|
| 360 | - Add support for the filetype field option in auditctl new to 2.6.26 kernels |
---|
| 361 | |
---|
| 362 | * Fri May 09 2008 Steve Grubb <sgrubb@redhat.com> 1.7.3-1 |
---|
| 363 | - Fix output of keys in ausearch interpretted mode |
---|
| 364 | - Fix ausearch/report --start now to not be reset to midnight |
---|
| 365 | - audispd now has a priority boost config option |
---|
| 366 | - Look for laddr in avcs reported via prelude |
---|
| 367 | - Detect page 0 mmaps and alert via prelude |
---|
| 368 | |
---|
| 369 | * Fri Apr 18 2008 Steve Grubb <sgrubb@redhat.com> 1.7.2-6 |
---|
| 370 | - Fix overflow in audit_log_user_command, better (#438840) |
---|
| 371 | - ausearch was not matching path in avc records |
---|
| 372 | - audisp-prelude attempt to reposition index after examining each type |
---|
| 373 | - correct building of mls policy |
---|
| 374 | - Fix auparse iterating in auparse_find_field and next_field |
---|
| 375 | - Don't alert on USER_AVC's - they are not quite right |
---|
| 376 | |
---|
| 377 | * Tue Apr 08 2008 Steve Grubb <sgrubb@redhat.com> 1.7.1-1 |
---|
| 378 | - Fix buffer overflow in audit_log_user_command, again (#438840) |
---|
| 379 | - Fix memory leak in EOE code in auditd (#440075) |
---|
| 380 | - In auditctl, don't use new operators in legacy rule format |
---|
| 381 | - Made a couple corrections in alpha & x86_64 syscall tables (Miloslav Trmac) |
---|
| 382 | |
---|
| 383 | * Fri Apr 04 2008 Steve Grubb <sgrubb@redhat.com> 1.7-3 |
---|
| 384 | - Fix memleak in auditd eoe code |
---|
| 385 | |
---|
| 386 | * Tue Apr 01 2008 Steve Grubb <sgrubb@redhat.com> 1.7-2 |
---|
| 387 | - Remove LSB headers from init scripts |
---|
| 388 | - Fix buffer overflow in audit_log_user_command again |
---|
| 389 | |
---|
| 390 | * Sun Mar 30 2008 Steve Grubb <sgrubb@redhat.com> 1.7-1 |
---|
| 391 | - Handle user space avcs in prelude plugin |
---|
| 392 | - Fix watched account login detection for some failed login attempts |
---|
| 393 | - Couple fixups in audit logging functions (Miloslav Trmac) |
---|
| 394 | - Add support in auditctl for virtual keys |
---|
| 395 | - auparse_find_field_next was not iterating correctly, fixed it |
---|
| 396 | - Add idmef alerts for access or execution of watched file |
---|
| 397 | - Fix buffer overflow in audit_log_user_command |
---|
| 398 | - Add basic remote logging plugin - only sends & no flow control |
---|
| 399 | - Update ausearch with interpret fixes from auparse |
---|
| 400 | |
---|
| 401 | * Sun Mar 09 2008 Steve Grubb <sgrubb@redhat.com> 1.6.9-1 |
---|
| 402 | - Apply hidden attribute cleanup patch (Miloslav Trmac) |
---|
| 403 | - Apply auparse expression interface patch (Miloslav Trmac) |
---|
| 404 | - Fix potential memleak in audit event dispatcher |
---|
| 405 | - Update system-config-audit to version 0.4.6 (Miloslav Trmac) |
---|
| 406 | - audisp-prelude alerts now controlled by config file |
---|
| 407 | - Updated syscall table for 2.6.25 kernel |
---|
| 408 | - Apply patch correcting acct field being misencoded (Miloslav Trmac) |
---|
| 409 | - Added watched account login detection for prelude plugin |
---|
| 410 | |
---|
| 411 | * Thu Feb 14 2008 Steve Grubb <sgrubb@redhat.com> 1.6.8-1 |
---|
| 412 | - Update for gcc 4.3 |
---|
| 413 | - Cleanup descriptors in audispd before running plugin |
---|
| 414 | - Fix 'recent' keyword for aureport/search |
---|
| 415 | - Fix SE Linux policy for zos_remote plugin |
---|
| 416 | - Add event type for group password authentication attempts |
---|
| 417 | - Couple of updates to the translation tables |
---|
| 418 | - Add detection of failed group authentication to audisp-prelude |
---|
| 419 | |
---|
| 420 | * Thu Jan 31 2008 Steve Grubb <sgrubb@redhat.com> 1.6.7-2 |
---|
| 421 | - In ausearch/report, prefer -if to stdin |
---|
| 422 | - In ausearch/report, add new command line option --input-logs (#428860) |
---|
| 423 | - Updated audisp-prelude based on feedback from prelude-devel |
---|
| 424 | - Added prelude alert for promiscuous socket being opened |
---|
| 425 | - Added prelude alert for SE Linux policy enforcement changes |
---|
| 426 | - Added prelude alerts for Forbidden Login Locations and Time |
---|
| 427 | - Applied patch to auparse fixing error handling of searching by |
---|
| 428 | interpreted value (Miloslav Trmac) |
---|
| 429 | |
---|
| 430 | * Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1 |
---|
| 431 | - Add prelude IDS plugin for IDMEF alerts |
---|
| 432 | - Add --user option to aulastlog command |
---|
| 433 | - Use desktop-file-install for system-config-audit |
---|
| 434 | - Avoid touching auditd.conf most of the time (#408501) |
---|
| 435 | |
---|
| 436 | * Fri Jan 11 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-3 |
---|
| 437 | - Updates for spec file review |
---|
| 438 | - Adjust permission on selinux policy file |
---|
| 439 | |
---|
| 440 | * Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1 |
---|
| 441 | - Fix config parser to allow either 0640 or 0600 for audit logs (#427062) |
---|
| 442 | - Check for audit log being writable by owner in auditd |
---|
| 443 | - If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639) |
---|
| 444 | - Updated CAPP, LSPP, and NISPOM rules for new capabilities |
---|
| 445 | - Added aulastlog utility |
---|
| 446 | |
---|
| 447 | * Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3 |
---|
| 448 | - Allow 0600 file perms for audit logs |
---|
| 449 | |
---|
| 450 | * Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1 |
---|
| 451 | - fchmod of log file was on wrong variable (#426934) |
---|
| 452 | - Allow use of errno strings for exit codes in audit rules |
---|
| 453 | |
---|
| 454 | * Sat Dec 29 2007 Miloslav Trmač <mitr@redhat.com> - 1.6.3-2 |
---|
| 455 | - Don't fchmod() /dev/null to mode 0400 (#426934) |
---|
| 456 | |
---|
| 457 | * Thu Dec 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6.3-1 |
---|
| 458 | - Add kernel release string to DEAMON_START events |
---|
| 459 | - Fix keep_logs when num_logs option disabled (#325561) |
---|
| 460 | - Fix auparse to handle node fields for syscall records |
---|
| 461 | - Update system-config-audit to version 0.4.5 (Miloslav Trmac) |
---|
| 462 | - Add keyword week-ago to aureport & ausearch start/end times |
---|
| 463 | - Fix audit log permissions on rotate. If group is root 0400, otherwise 0440 |
---|
| 464 | - Add RACF zos remote audispd plugin (Klaus Kiwi) |
---|
| 465 | - Add event queue overflow action to audispd |
---|
| 466 | |
---|
| 467 | * Mon Oct 1 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-2 |
---|
| 468 | - Don't retry if the rt queue is full. |
---|
| 469 | |
---|
| 470 | * Tue Sep 25 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-1 |
---|
| 471 | - Add support for searching by posix regular expressions in auparse |
---|
| 472 | - Route DEAMON events into rt interface |
---|
| 473 | - If event pipe is full, try again after doing local logging |
---|
| 474 | - Optionally add node/machine name to records in audit daemon |
---|
| 475 | - Update ausearch/aureport to specify nodes to search on |
---|
| 476 | - Fix segfault interpretting saddr fields in avcs |
---|
| 477 | |
---|
| 478 | * Thu Sep 6 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-2 |
---|
| 479 | - Fix uninitialized variable in auparse (John Dennis) |
---|
| 480 | |
---|
| 481 | * Sun Sep 2 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-1 |
---|
| 482 | - External plugin support in place |
---|
| 483 | - Fix reference counting in auparse python bindings (#263961) |
---|
| 484 | - Moved default af_unix plugin socket to /var/run/audispd_events |
---|
| 485 | |
---|
| 486 | * Wed Aug 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6-3 |
---|
| 487 | - Add newline to audispd string formatted events |
---|
| 488 | |
---|
| 489 | * Tue Aug 28 2007 Steve Grubb <sgrubb@redhat.com> 1.6-2 |
---|
| 490 | - spec file cleanups |
---|
| 491 | - Update to s-c-audit 0.4.3 |
---|
| 492 | |
---|
| 493 | * Mon Aug 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6-1 |
---|
| 494 | - Update Licence tags |
---|
| 495 | - Adding perm field should not set syscall added flag in auditctl |
---|
| 496 | - Fix segfault when aureport -if option is used |
---|
| 497 | - Fix auditctl to better check keys on rule lines |
---|
| 498 | - Add support for audit by TTY and other new event types |
---|
| 499 | - Auditd config option for group permission of audit logs |
---|
| 500 | - Swig messed up a variable in ppc's python bindings causing crashes. (#251327) |
---|
| 501 | - New audit event dispatcher |
---|
| 502 | - Update syscall tables for 2.6.23 kernel |
---|
| 503 | |
---|
| 504 | * Wed Jul 25 2007 Steve Grubb <sgrubb@redhat.com> 1.5.6-1 |
---|
| 505 | - Fix potential buffer overflow in print clone flags of auparse |
---|
| 506 | - Fix python traceback parsing watches without perm statement (Miloslav Trmac) |
---|
| 507 | - Update auditctl to handle legacy kernels when putting a watch on a dir |
---|
| 508 | - Fix acct interpretation in auparse |
---|
| 509 | |
---|
| 510 | * Tue Jul 17 2007 Miloslav Trmač <mitr@redhat.com> - 1.5.5-5 |
---|
| 511 | - Fix a double free when auditd receives SIGHUP |
---|
| 512 | - Move the system-config-audit menu entry to the Administration menu |
---|
| 513 | |
---|
| 514 | * Tue Jul 10 2007 Steve Grubb <sgrubb@redhat.com> 1.5.5-1 |
---|
| 515 | - Add system-config-audit (Miloslav Trmac) |
---|
| 516 | - Correct bug in audit_make_equivalent function (Al Viro) |
---|
| 517 | |
---|
| 518 | * Tue Jun 26 2007 Steve Grubb <sgrubb@redhat.com> 1.5.4-1 |
---|
| 519 | - Add feed interface to auparse library (John Dennis) |
---|
| 520 | - Apply patch to libauparse for unresolved symbols (#241178) |
---|
| 521 | - Apply patch to add line numbers for file events in libauparse (John Dennis) |
---|
| 522 | - Change seresults to seresult in libauparse (John Dennis) |
---|
| 523 | - Add unit32_t definition to swig (#244210) |
---|
| 524 | - Add support for directory auditing |
---|
| 525 | - Update acct field to be escaped |
---|
| 526 | |
---|
| 527 | * Tue May 01 2007 Steve Grubb <sgrubb@redhat.com> 1.5.3-1 |
---|
| 528 | - Change buffer size to prevent truncation of DAEMON events with large labels |
---|
| 529 | - Fix memory leaks in auparse (John Dennis) |
---|
| 530 | - Update syscall tables for 2.6.21 kernel |
---|
| 531 | - Update capp & lspp rules |
---|
| 532 | - New python bindings for libauparse (John Dennis) |
---|
| 533 | |
---|
[9487] | 534 | * Wed Apr 04 2007 Steve Grubb <sgrubb@redhat.com> 1.5.2-1 |
---|
[521] | 535 | - New event dispatcher (James Antill) |
---|
| 536 | - Apply patches fixing man pages and Makefile.am (Philipp Hahn) |
---|
| 537 | - Apply patch correcting python libs permissions (Philipp Hahn) |
---|
| 538 | - Fix auditd segfault on reload |
---|
| 539 | - Fix bug in auparse library for file pointers and descriptors |
---|
| 540 | - Extract subject information out of daemon events for ausearch |
---|
| 541 | |
---|
| 542 | * Thu Mar 29 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-2 |
---|
| 543 | - Remove requires kernel-headers for python-libs |
---|
| 544 | - Apply patch to prevent segfaults on auditd reload |
---|
| 545 | |
---|
| 546 | * Tue Mar 20 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-1 |
---|
| 547 | - Updated autrace to monitor *at syscalls |
---|
| 548 | - Add support in libaudit for AUDIT_BIT_TEST(^) and AUDIT_MASK_TEST (&) |
---|
| 549 | - Finish reworking auditd config parser |
---|
| 550 | - In auparse, interpret open, fcntl, and clone flags |
---|
| 551 | - In auparse, when interpreting execve record types, run args through unencode |
---|
| 552 | - Add support for OBJ_PID message type |
---|
| 553 | - Event dispatcher updates |
---|
| 554 | |
---|
| 555 | * Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-2 |
---|
| 556 | - rebuild |
---|
| 557 | |
---|
| 558 | * Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-1 |
---|
| 559 | - NEW audit dispatcher program & plugin framework |
---|
| 560 | - Correct hidden variables in libauparse |
---|
| 561 | - Added NISPOM sample rules |
---|
| 562 | - Verify accessibility of files passed in auparse_init |
---|
| 563 | - Fix bug in parser library interpreting socketcalls |
---|
| 564 | - Add support for stdio FILE pointer in auparse_init |
---|
| 565 | - Adjust init script to allow anyone to status auditd (#230626) |
---|
| 566 | |
---|
| 567 | * Tue Feb 20 2007 Steve Grubb <sgrubb@redhat.com> 1.4.2-1 |
---|
| 568 | - Add man pages |
---|
| 569 | - Reduce text relocations in parser library |
---|
| 570 | - Add -n option to auditd for no fork |
---|
| 571 | - Add exec option to space_left, admin_space_left, disk_full, |
---|
| 572 | and disk_error - eg EXEC /usr/local/script |
---|
| 573 | |
---|
| 574 | * Fri Feb 16 2007 Steve Grubb <sgrubb@redhat.com> 1.4.1-1 |
---|
| 575 | - updated audit_rule_fieldpair_data to handle perm correctly (#226780) |
---|
| 576 | - Finished search options for audit parsing library |
---|
| 577 | - Fix ausearch -se to work correctly |
---|
| 578 | - Fix auditd init script for /usr on netdev (#228528) |
---|
| 579 | - Parse avc seperms better when there are more than one |
---|
| 580 | |
---|
| 581 | * Sun Feb 04 2007 Steve Grubb <sgrubb@redhat.com> 1.4-1 |
---|
| 582 | - New report about authentication attempts |
---|
| 583 | - Updates for python 2.5 |
---|
| 584 | - update autrace to have resource usage mode |
---|
| 585 | - update auditctl to support immutable config |
---|
| 586 | - added audit_log_user_command function to libaudit api |
---|
| 587 | - interpret capabilities |
---|
| 588 | - added audit event parsing library |
---|
| 589 | - updates for 2.6.20 kernel |
---|
| 590 | |
---|
| 591 | * Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-2 |
---|
| 592 | - Make more adjustments for python 2.5 |
---|
| 593 | |
---|
| 594 | * Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-1 |
---|
| 595 | - Fix a couple parsing problems (#217952) |
---|
| 596 | - Add tgkill to S390* syscall tables (#218484) |
---|
| 597 | - Fix error messages in ausearch/aureport |
---|
| 598 | |
---|
| 599 | * Wed Dec 6 2006 Jeremy Katz <katzj@redhat.com> - 1.3-4 |
---|
| 600 | - rebuild against python 2.5 |
---|
| 601 | |
---|
| 602 | * Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-3 |
---|
| 603 | - Fix timestamp for libaudit.conf (#218053) |
---|
| 604 | |
---|
| 605 | * Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-2 |
---|
| 606 | - Fix minor parsing problem and add new msg types |
---|
| 607 | |
---|
| 608 | * Tue Nov 28 2006 Steve Grubb <sgrubb@redhat.com> 1.3-1 |
---|
| 609 | - ausearch & aureport implement uid/gid caching |
---|
| 610 | - In ausearch & aureport, extract addr when hostname is unknown |
---|
| 611 | - In ausearch & aureport, test audit log presence O_RDONLY |
---|
| 612 | - New ausearch/aureport time keywords: recent, this-week, this-month, this-year |
---|
| 613 | - Added --add & --delete option to aureport |
---|
| 614 | - Update res parsing in config change events |
---|
| 615 | - Increase the size on audit daemon buffers |
---|
| 616 | - Parse avc_path records in ausearch/aureport |
---|
| 617 | - ausearch has new output mode, raw, for extracting events |
---|
| 618 | - ausearch/aureport can now read stdin |
---|
| 619 | - Rework AVC processing in ausearch/aureport |
---|
| 620 | - Added long options to ausearch and aureport |
---|
| 621 | |
---|
| 622 | * Tue Oct 24 2006 Steve Grubb <sgrubb@redhat.com> 1.2.9-1 |
---|
| 623 | - In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834) |
---|
| 624 | - Fix some defines in libaudit.h |
---|
| 625 | - Some auditd config strings were not initialized in aureport (#211443) |
---|
| 626 | - Updated man pages |
---|
| 627 | - Add Netlabel event types to libaudit |
---|
| 628 | - Update aureports to current audit event types |
---|
| 629 | - Update autrace a little |
---|
| 630 | - Deprecated all the old audit_rule functions from public API |
---|
| 631 | - Drop auparse library for the moment |
---|
| 632 | |
---|
| 633 | * Fri Sep 29 2006 Steve Grubb <sgrubb@redhat.com> 1.2.8-1 |
---|
| 634 | - Add dist tag and bump version (#208532) |
---|
| 635 | - Make internal auditd buffers bigger for context info |
---|
| 636 | - Correct address resolving of hostname in logging functions |
---|
| 637 | - Do not allow multiple msgtypes in same audit rule in auditctl (#207666) |
---|
| 638 | - Only =, != operators for arch & inode fields in auditctl (#206427) |
---|
| 639 | - Updated audit message type table |
---|
| 640 | - Remove watches from aureport since FS_WATCH is deprecated |
---|
| 641 | - Add audit_log_avc back temporarily (#208152) |
---|
| 642 | |
---|