1 | %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} |
---|
2 | |
---|
3 | %define sca_version 0.4.10 |
---|
4 | %define sca_release 4 |
---|
5 | |
---|
6 | Summary: User space tools for 2.6 kernel auditing |
---|
7 | Name: audit0 |
---|
8 | Version: 1.7.18 |
---|
9 | Release: 5%{?_dist_release} |
---|
10 | License: GPLv2+ |
---|
11 | Group: System Environment/Daemons |
---|
12 | URL: http://people.redhat.com/sgrubb/audit/ |
---|
13 | Source0: http://people.redhat.com/sgrubb/audit/audit-%{version}.tar.gz |
---|
14 | Source1: system-config-audit-ja.po |
---|
15 | Patch10: audit-1.7.18-pthread.patch |
---|
16 | Patch11: audit-1.7.18-krb5.patch |
---|
17 | Patch12: audit-1.7.18-libaudit.patch |
---|
18 | Patch100: audit-deprecated.patch |
---|
19 | Obsoletes: audit < 1.7.18-5vl7 |
---|
20 | |
---|
21 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
22 | BuildRequires: gettext intltool libtool swig python-devel |
---|
23 | BuildRequires: openldap-devel tcp_wrappers |
---|
24 | BuildRequires: tcp_wrappers |
---|
25 | BuildRequires: krb5-devel |
---|
26 | BuildRequires: kernel-headers >= 2.6.18 |
---|
27 | BuildRequires: automake >= 1.9 |
---|
28 | BuildRequires: autoconf >= 2.59 |
---|
29 | Requires: %{name}-libs = %{version}-%{release} |
---|
30 | Requires: chkconfig |
---|
31 | Requires(pre): coreutils |
---|
32 | |
---|
33 | %description |
---|
34 | The audit package contains the user space utilities for |
---|
35 | storing and searching the audit records generate by |
---|
36 | the audit subsystem in the Linux 2.6 kernel. |
---|
37 | |
---|
38 | %package libs |
---|
39 | Summary: Dynamic library for libaudit |
---|
40 | License: LGPLv2+ |
---|
41 | Group: Development/Libraries |
---|
42 | Requires: audit-libs >= 2.7.7 |
---|
43 | Obsoletes: audit-libs < 1.7.18-5vl7 |
---|
44 | |
---|
45 | %description libs |
---|
46 | The audit-libs package contains the dynamic libraries needed for |
---|
47 | applications to use the audit framework. |
---|
48 | |
---|
49 | %package -n compat32-%{name}-libs |
---|
50 | Summary: Dynamic library for libaudit |
---|
51 | License: LGPLv2+ |
---|
52 | Group: Development/Libraries |
---|
53 | Requires: compat32-audit-libs >= 2.7.7 |
---|
54 | Obsoletes: compat32-%{name}-libs < 1.7.18-5vl7 |
---|
55 | |
---|
56 | %description -n compat32-%{name}-libs |
---|
57 | The audit-libs package contains the dynamic libraries needed for |
---|
58 | applications to use the audit framework. |
---|
59 | |
---|
60 | %prep |
---|
61 | %setup -q -n audit-%{version} |
---|
62 | %patch10 -p1 |
---|
63 | %patch11 -p1 |
---|
64 | %patch12 -p1 |
---|
65 | %patch100 -p1 |
---|
66 | cp -f %{SOURCE1} system-config-audit/po/ja.po |
---|
67 | |
---|
68 | %build |
---|
69 | %configure --sbindir=/sbin --libdir=/%{_lib} --with-libwrap --enable-gssapi-krb5=yes |
---|
70 | make %{?_smp_mflags} |
---|
71 | |
---|
72 | %install |
---|
73 | rm -rf $RPM_BUILD_ROOT |
---|
74 | mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,rc.d/init.d}} |
---|
75 | mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8} |
---|
76 | mkdir -p $RPM_BUILD_ROOT/%{_lib} |
---|
77 | mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit |
---|
78 | mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit |
---|
79 | make DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} install |
---|
80 | |
---|
81 | mkdir -p $RPM_BUILD_ROOT/%{_libdir} |
---|
82 | # This winds up in the wrong place when libtool is involved |
---|
83 | mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir} |
---|
84 | mv $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir} |
---|
85 | curdir=`pwd` |
---|
86 | cd $RPM_BUILD_ROOT/%{_libdir} |
---|
87 | LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*\`` |
---|
88 | ln -s ../../%{_lib}/$LIBNAME libaudit.so |
---|
89 | LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*\`` |
---|
90 | ln -s ../../%{_lib}/$LIBNAME libauparse.so |
---|
91 | cd $curdir |
---|
92 | # Remove these items so they don't get picked up. |
---|
93 | rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so |
---|
94 | rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so |
---|
95 | rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.la |
---|
96 | rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.la |
---|
97 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.a |
---|
98 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.la |
---|
99 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.a |
---|
100 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.la |
---|
101 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.a |
---|
102 | rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/auparse.la |
---|
103 | |
---|
104 | # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp |
---|
105 | touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf |
---|
106 | |
---|
107 | #% check |
---|
108 | #make check |
---|
109 | |
---|
110 | %clean |
---|
111 | rm -rf $RPM_BUILD_ROOT |
---|
112 | rm -rf zos-remote-policy |
---|
113 | |
---|
114 | %post libs -p /sbin/ldconfig |
---|
115 | |
---|
116 | %post -n compat32-%{name}-libs -p /sbin/ldconfig |
---|
117 | |
---|
118 | %postun libs -p /sbin/ldconfig |
---|
119 | |
---|
120 | %postun -n compat32-%{name}-libs -p /sbin/ldconfig |
---|
121 | |
---|
122 | %files libs |
---|
123 | %defattr(-,root,root) |
---|
124 | %attr(755,root,root) /%{_lib}/libaudit.* |
---|
125 | #%attr(755,root,root) /%{_lib}/libauparse.* |
---|
126 | #%config(noreplace) %attr(640,root,root) /etc/libaudit.conf |
---|
127 | |
---|
128 | #%files |
---|
129 | |
---|
130 | %if %{build_compat32} |
---|
131 | %files -n compat32-%{name}-libs |
---|
132 | %defattr(-,root,root) |
---|
133 | %attr(755,root,root) /%{_lib}/libaudit.* |
---|
134 | #%attr(755,root,root) /%{_lib}/libauparse.* |
---|
135 | %endif |
---|
136 | |
---|
137 | %changelog |
---|
138 | * Sat Sep 09 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.7.18-5 |
---|
139 | - new package for compatibility. |
---|
140 | |
---|
141 | * Sun Apr 05 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-4 |
---|
142 | - fix sca_release |
---|
143 | |
---|
144 | * Sun Apr 05 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-3 |
---|
145 | - create compat32-audit-libs subpackage |
---|
146 | |
---|
147 | * Wed Feb 15 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.7.18-2 |
---|
148 | - rebuild with python-2.7.2 |
---|
149 | - add Patch12 (audit-1.7.18-libaudit.patch) |
---|
150 | |
---|
151 | * Sun Apr 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.18-1 |
---|
152 | - new upstream release |
---|
153 | - rebuild with krb5-1.8.2 |
---|
154 | |
---|
155 | * Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-6 |
---|
156 | - forgot to increment sca_release macro (why on earth is sca_release |
---|
157 | individually defined from main package's release number anyway?) |
---|
158 | |
---|
159 | * Fri Feb 12 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-5 |
---|
160 | - rebuilt with gcc-4.4.3-3 on ppc |
---|
161 | |
---|
162 | * Fri Feb 5 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1.7.6-4 |
---|
163 | - rebuilt with rpm-4.8.0-3 (on ppc) |
---|
164 | |
---|
165 | * Tue Feb 02 2010 Shu KONNO <owa@bg.wakwak.com> 1.7.6-3 |
---|
166 | - rebuild with python-2.6 |
---|
167 | |
---|
168 | * Sat Apr 04 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-2 |
---|
169 | - rebuild with openldap-2.4.11 |
---|
170 | |
---|
171 | * Mon Sep 15 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.6-1 |
---|
172 | - initial build for Vine Linux |
---|
173 | - disable krb5, prelude and selinux |
---|
174 | - add ja.po (XXX: minimal) |
---|
175 | |
---|
176 | * Thu Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.6-1 |
---|
177 | - Add subject to audit daemon events (Chu Li) |
---|
178 | - Add tcp_wrappers support for auditd |
---|
179 | - Updated syscall tables for 2.6.27 kernel |
---|
180 | - Audit connect/disconnect of remote clients |
---|
181 | - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie) |
---|
182 | |
---|
183 | * Mon Aug 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.5-1 |
---|
184 | - Update system-config-audit to 0.4.8 |
---|
185 | - Whole lot of bug fixes - see ChangeLog for details |
---|
186 | - Reimplement auditd main loop using libev |
---|
187 | - Add TCP listener to auditd to receive remote events |
---|
188 | - Fix scheduler problem (#457061) |
---|
189 | |
---|
190 | * Thu Jul 03 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-2 |
---|
191 | - Move ausearch-expression to main package (#453437) |
---|
192 | |
---|
193 | * Mon May 19 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-1 |
---|
194 | - Fix interpreting of keys in syscall records |
---|
195 | - Don't error on name=(null) PATH records in ausearch/report |
---|
196 | - Add key report to aureport |
---|
197 | - Update system-config-audit to 0.4.7 (Miloslav Trmac) |
---|
198 | - Add support for the filetype field option in auditctl new to 2.6.26 kernels |
---|
199 | |
---|
200 | * Fri May 09 2008 Steve Grubb <sgrubb@redhat.com> 1.7.3-1 |
---|
201 | - Fix output of keys in ausearch interpretted mode |
---|
202 | - Fix ausearch/report --start now to not be reset to midnight |
---|
203 | - audispd now has a priority boost config option |
---|
204 | - Look for laddr in avcs reported via prelude |
---|
205 | - Detect page 0 mmaps and alert via prelude |
---|
206 | |
---|
207 | * Fri Apr 18 2008 Steve Grubb <sgrubb@redhat.com> 1.7.2-6 |
---|
208 | - Fix overflow in audit_log_user_command, better (#438840) |
---|
209 | - ausearch was not matching path in avc records |
---|
210 | - audisp-prelude attempt to reposition index after examining each type |
---|
211 | - correct building of mls policy |
---|
212 | - Fix auparse iterating in auparse_find_field and next_field |
---|
213 | - Don't alert on USER_AVC's - they are not quite right |
---|
214 | |
---|
215 | * Tue Apr 08 2008 Steve Grubb <sgrubb@redhat.com> 1.7.1-1 |
---|
216 | - Fix buffer overflow in audit_log_user_command, again (#438840) |
---|
217 | - Fix memory leak in EOE code in auditd (#440075) |
---|
218 | - In auditctl, don't use new operators in legacy rule format |
---|
219 | - Made a couple corrections in alpha & x86_64 syscall tables (Miloslav Trmac) |
---|
220 | |
---|
221 | * Fri Apr 04 2008 Steve Grubb <sgrubb@redhat.com> 1.7-3 |
---|
222 | - Fix memleak in auditd eoe code |
---|
223 | |
---|
224 | * Tue Apr 01 2008 Steve Grubb <sgrubb@redhat.com> 1.7-2 |
---|
225 | - Remove LSB headers from init scripts |
---|
226 | - Fix buffer overflow in audit_log_user_command again |
---|
227 | |
---|
228 | * Sun Mar 30 2008 Steve Grubb <sgrubb@redhat.com> 1.7-1 |
---|
229 | - Handle user space avcs in prelude plugin |
---|
230 | - Fix watched account login detection for some failed login attempts |
---|
231 | - Couple fixups in audit logging functions (Miloslav Trmac) |
---|
232 | - Add support in auditctl for virtual keys |
---|
233 | - auparse_find_field_next was not iterating correctly, fixed it |
---|
234 | - Add idmef alerts for access or execution of watched file |
---|
235 | - Fix buffer overflow in audit_log_user_command |
---|
236 | - Add basic remote logging plugin - only sends & no flow control |
---|
237 | - Update ausearch with interpret fixes from auparse |
---|
238 | |
---|
239 | * Sun Mar 09 2008 Steve Grubb <sgrubb@redhat.com> 1.6.9-1 |
---|
240 | - Apply hidden attribute cleanup patch (Miloslav Trmac) |
---|
241 | - Apply auparse expression interface patch (Miloslav Trmac) |
---|
242 | - Fix potential memleak in audit event dispatcher |
---|
243 | - Update system-config-audit to version 0.4.6 (Miloslav Trmac) |
---|
244 | - audisp-prelude alerts now controlled by config file |
---|
245 | - Updated syscall table for 2.6.25 kernel |
---|
246 | - Apply patch correcting acct field being misencoded (Miloslav Trmac) |
---|
247 | - Added watched account login detection for prelude plugin |
---|
248 | |
---|
249 | * Thu Feb 14 2008 Steve Grubb <sgrubb@redhat.com> 1.6.8-1 |
---|
250 | - Update for gcc 4.3 |
---|
251 | - Cleanup descriptors in audispd before running plugin |
---|
252 | - Fix 'recent' keyword for aureport/search |
---|
253 | - Fix SE Linux policy for zos_remote plugin |
---|
254 | - Add event type for group password authentication attempts |
---|
255 | - Couple of updates to the translation tables |
---|
256 | - Add detection of failed group authentication to audisp-prelude |
---|
257 | |
---|
258 | * Thu Jan 31 2008 Steve Grubb <sgrubb@redhat.com> 1.6.7-2 |
---|
259 | - In ausearch/report, prefer -if to stdin |
---|
260 | - In ausearch/report, add new command line option --input-logs (#428860) |
---|
261 | - Updated audisp-prelude based on feedback from prelude-devel |
---|
262 | - Added prelude alert for promiscuous socket being opened |
---|
263 | - Added prelude alert for SE Linux policy enforcement changes |
---|
264 | - Added prelude alerts for Forbidden Login Locations and Time |
---|
265 | - Applied patch to auparse fixing error handling of searching by |
---|
266 | interpreted value (Miloslav Trmac) |
---|
267 | |
---|
268 | * Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1 |
---|
269 | - Add prelude IDS plugin for IDMEF alerts |
---|
270 | - Add --user option to aulastlog command |
---|
271 | - Use desktop-file-install for system-config-audit |
---|
272 | - Avoid touching auditd.conf most of the time (#408501) |
---|
273 | |
---|
274 | * Fri Jan 11 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-3 |
---|
275 | - Updates for spec file review |
---|
276 | - Adjust permission on selinux policy file |
---|
277 | |
---|
278 | * Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1 |
---|
279 | - Fix config parser to allow either 0640 or 0600 for audit logs (#427062) |
---|
280 | - Check for audit log being writable by owner in auditd |
---|
281 | - If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639) |
---|
282 | - Updated CAPP, LSPP, and NISPOM rules for new capabilities |
---|
283 | - Added aulastlog utility |
---|
284 | |
---|
285 | * Sun Dec 30 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-3 |
---|
286 | - Allow 0600 file perms for audit logs |
---|
287 | |
---|
288 | * Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1 |
---|
289 | - fchmod of log file was on wrong variable (#426934) |
---|
290 | - Allow use of errno strings for exit codes in audit rules |
---|
291 | |
---|
292 | * Sat Dec 29 2007 Miloslav Trmač <mitr@redhat.com> - 1.6.3-2 |
---|
293 | - Don't fchmod() /dev/null to mode 0400 (#426934) |
---|
294 | |
---|
295 | * Thu Dec 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6.3-1 |
---|
296 | - Add kernel release string to DEAMON_START events |
---|
297 | - Fix keep_logs when num_logs option disabled (#325561) |
---|
298 | - Fix auparse to handle node fields for syscall records |
---|
299 | - Update system-config-audit to version 0.4.5 (Miloslav Trmac) |
---|
300 | - Add keyword week-ago to aureport & ausearch start/end times |
---|
301 | - Fix audit log permissions on rotate. If group is root 0400, otherwise 0440 |
---|
302 | - Add RACF zos remote audispd plugin (Klaus Kiwi) |
---|
303 | - Add event queue overflow action to audispd |
---|
304 | |
---|
305 | * Mon Oct 1 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-2 |
---|
306 | - Don't retry if the rt queue is full. |
---|
307 | |
---|
308 | * Tue Sep 25 2007 Steve Grubb <sgrubb@redhat.com> 1.6.2-1 |
---|
309 | - Add support for searching by posix regular expressions in auparse |
---|
310 | - Route DEAMON events into rt interface |
---|
311 | - If event pipe is full, try again after doing local logging |
---|
312 | - Optionally add node/machine name to records in audit daemon |
---|
313 | - Update ausearch/aureport to specify nodes to search on |
---|
314 | - Fix segfault interpretting saddr fields in avcs |
---|
315 | |
---|
316 | * Thu Sep 6 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-2 |
---|
317 | - Fix uninitialized variable in auparse (John Dennis) |
---|
318 | |
---|
319 | * Sun Sep 2 2007 Steve Grubb <sgrubb@redhat.com> 1.6.1-1 |
---|
320 | - External plugin support in place |
---|
321 | - Fix reference counting in auparse python bindings (#263961) |
---|
322 | - Moved default af_unix plugin socket to /var/run/audispd_events |
---|
323 | |
---|
324 | * Wed Aug 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6-3 |
---|
325 | - Add newline to audispd string formatted events |
---|
326 | |
---|
327 | * Tue Aug 28 2007 Steve Grubb <sgrubb@redhat.com> 1.6-2 |
---|
328 | - spec file cleanups |
---|
329 | - Update to s-c-audit 0.4.3 |
---|
330 | |
---|
331 | * Mon Aug 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6-1 |
---|
332 | - Update Licence tags |
---|
333 | - Adding perm field should not set syscall added flag in auditctl |
---|
334 | - Fix segfault when aureport -if option is used |
---|
335 | - Fix auditctl to better check keys on rule lines |
---|
336 | - Add support for audit by TTY and other new event types |
---|
337 | - Auditd config option for group permission of audit logs |
---|
338 | - Swig messed up a variable in ppc's python bindings causing crashes. (#251327) |
---|
339 | - New audit event dispatcher |
---|
340 | - Update syscall tables for 2.6.23 kernel |
---|
341 | |
---|
342 | * Wed Jul 25 2007 Steve Grubb <sgrubb@redhat.com> 1.5.6-1 |
---|
343 | - Fix potential buffer overflow in print clone flags of auparse |
---|
344 | - Fix python traceback parsing watches without perm statement (Miloslav Trmac) |
---|
345 | - Update auditctl to handle legacy kernels when putting a watch on a dir |
---|
346 | - Fix acct interpretation in auparse |
---|
347 | |
---|
348 | * Tue Jul 17 2007 Miloslav Trmač <mitr@redhat.com> - 1.5.5-5 |
---|
349 | - Fix a double free when auditd receives SIGHUP |
---|
350 | - Move the system-config-audit menu entry to the Administration menu |
---|
351 | |
---|
352 | * Tue Jul 10 2007 Steve Grubb <sgrubb@redhat.com> 1.5.5-1 |
---|
353 | - Add system-config-audit (Miloslav Trmac) |
---|
354 | - Correct bug in audit_make_equivalent function (Al Viro) |
---|
355 | |
---|
356 | * Tue Jun 26 2007 Steve Grubb <sgrubb@redhat.com> 1.5.4-1 |
---|
357 | - Add feed interface to auparse library (John Dennis) |
---|
358 | - Apply patch to libauparse for unresolved symbols (#241178) |
---|
359 | - Apply patch to add line numbers for file events in libauparse (John Dennis) |
---|
360 | - Change seresults to seresult in libauparse (John Dennis) |
---|
361 | - Add unit32_t definition to swig (#244210) |
---|
362 | - Add support for directory auditing |
---|
363 | - Update acct field to be escaped |
---|
364 | |
---|
365 | * Tue May 01 2007 Steve Grubb <sgrubb@redhat.com> 1.5.3-1 |
---|
366 | - Change buffer size to prevent truncation of DAEMON events with large labels |
---|
367 | - Fix memory leaks in auparse (John Dennis) |
---|
368 | - Update syscall tables for 2.6.21 kernel |
---|
369 | - Update capp & lspp rules |
---|
370 | - New python bindings for libauparse (John Dennis) |
---|
371 | |
---|
372 | * Wed Apr 04 2007 Steve Grubb <sgrubb@redhat.com> 1.5.2-1 |
---|
373 | - New event dispatcher (James Antill) |
---|
374 | - Apply patches fixing man pages and Makefile.am (Philipp Hahn) |
---|
375 | - Apply patch correcting python libs permissions (Philipp Hahn) |
---|
376 | - Fix auditd segfault on reload |
---|
377 | - Fix bug in auparse library for file pointers and descriptors |
---|
378 | - Extract subject information out of daemon events for ausearch |
---|
379 | |
---|
380 | * Thu Mar 29 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-2 |
---|
381 | - Remove requires kernel-headers for python-libs |
---|
382 | - Apply patch to prevent segfaults on auditd reload |
---|
383 | |
---|
384 | * Tue Mar 20 2007 Steve Grubb <sgrubb@redhat.com> 1.5.1-1 |
---|
385 | - Updated autrace to monitor *at syscalls |
---|
386 | - Add support in libaudit for AUDIT_BIT_TEST(^) and AUDIT_MASK_TEST (&) |
---|
387 | - Finish reworking auditd config parser |
---|
388 | - In auparse, interpret open, fcntl, and clone flags |
---|
389 | - In auparse, when interpreting execve record types, run args through unencode |
---|
390 | - Add support for OBJ_PID message type |
---|
391 | - Event dispatcher updates |
---|
392 | |
---|
393 | * Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-2 |
---|
394 | - rebuild |
---|
395 | |
---|
396 | * Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-1 |
---|
397 | - NEW audit dispatcher program & plugin framework |
---|
398 | - Correct hidden variables in libauparse |
---|
399 | - Added NISPOM sample rules |
---|
400 | - Verify accessibility of files passed in auparse_init |
---|
401 | - Fix bug in parser library interpreting socketcalls |
---|
402 | - Add support for stdio FILE pointer in auparse_init |
---|
403 | - Adjust init script to allow anyone to status auditd (#230626) |
---|
404 | |
---|
405 | * Tue Feb 20 2007 Steve Grubb <sgrubb@redhat.com> 1.4.2-1 |
---|
406 | - Add man pages |
---|
407 | - Reduce text relocations in parser library |
---|
408 | - Add -n option to auditd for no fork |
---|
409 | - Add exec option to space_left, admin_space_left, disk_full, |
---|
410 | and disk_error - eg EXEC /usr/local/script |
---|
411 | |
---|
412 | * Fri Feb 16 2007 Steve Grubb <sgrubb@redhat.com> 1.4.1-1 |
---|
413 | - updated audit_rule_fieldpair_data to handle perm correctly (#226780) |
---|
414 | - Finished search options for audit parsing library |
---|
415 | - Fix ausearch -se to work correctly |
---|
416 | - Fix auditd init script for /usr on netdev (#228528) |
---|
417 | - Parse avc seperms better when there are more than one |
---|
418 | |
---|
419 | * Sun Feb 04 2007 Steve Grubb <sgrubb@redhat.com> 1.4-1 |
---|
420 | - New report about authentication attempts |
---|
421 | - Updates for python 2.5 |
---|
422 | - update autrace to have resource usage mode |
---|
423 | - update auditctl to support immutable config |
---|
424 | - added audit_log_user_command function to libaudit api |
---|
425 | - interpret capabilities |
---|
426 | - added audit event parsing library |
---|
427 | - updates for 2.6.20 kernel |
---|
428 | |
---|
429 | * Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-2 |
---|
430 | - Make more adjustments for python 2.5 |
---|
431 | |
---|
432 | * Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-1 |
---|
433 | - Fix a couple parsing problems (#217952) |
---|
434 | - Add tgkill to S390* syscall tables (#218484) |
---|
435 | - Fix error messages in ausearch/aureport |
---|
436 | |
---|
437 | * Wed Dec 6 2006 Jeremy Katz <katzj@redhat.com> - 1.3-4 |
---|
438 | - rebuild against python 2.5 |
---|
439 | |
---|
440 | * Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-3 |
---|
441 | - Fix timestamp for libaudit.conf (#218053) |
---|
442 | |
---|
443 | * Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-2 |
---|
444 | - Fix minor parsing problem and add new msg types |
---|
445 | |
---|
446 | * Tue Nov 28 2006 Steve Grubb <sgrubb@redhat.com> 1.3-1 |
---|
447 | - ausearch & aureport implement uid/gid caching |
---|
448 | - In ausearch & aureport, extract addr when hostname is unknown |
---|
449 | - In ausearch & aureport, test audit log presence O_RDONLY |
---|
450 | - New ausearch/aureport time keywords: recent, this-week, this-month, this-year |
---|
451 | - Added --add & --delete option to aureport |
---|
452 | - Update res parsing in config change events |
---|
453 | - Increase the size on audit daemon buffers |
---|
454 | - Parse avc_path records in ausearch/aureport |
---|
455 | - ausearch has new output mode, raw, for extracting events |
---|
456 | - ausearch/aureport can now read stdin |
---|
457 | - Rework AVC processing in ausearch/aureport |
---|
458 | - Added long options to ausearch and aureport |
---|
459 | |
---|
460 | * Tue Oct 24 2006 Steve Grubb <sgrubb@redhat.com> 1.2.9-1 |
---|
461 | - In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834) |
---|
462 | - Fix some defines in libaudit.h |
---|
463 | - Some auditd config strings were not initialized in aureport (#211443) |
---|
464 | - Updated man pages |
---|
465 | - Add Netlabel event types to libaudit |
---|
466 | - Update aureports to current audit event types |
---|
467 | - Update autrace a little |
---|
468 | - Deprecated all the old audit_rule functions from public API |
---|
469 | - Drop auparse library for the moment |
---|
470 | |
---|
471 | * Fri Sep 29 2006 Steve Grubb <sgrubb@redhat.com> 1.2.8-1 |
---|
472 | - Add dist tag and bump version (#208532) |
---|
473 | - Make internal auditd buffers bigger for context info |
---|
474 | - Correct address resolving of hostname in logging functions |
---|
475 | - Do not allow multiple msgtypes in same audit rule in auditctl (#207666) |
---|
476 | - Only =, != operators for arch & inode fields in auditctl (#206427) |
---|
477 | - Updated audit message type table |
---|
478 | - Remove watches from aureport since FS_WATCH is deprecated |
---|
479 | - Add audit_log_avc back temporarily (#208152) |
---|
480 | |
---|