|
|
cb9ea2d |
Summary: User space tools for 2.6 kernel auditing
|
|
cvsdist |
2c6ba58 |
Name: audit
|
|
|
f3a9437 |
Version: 1.5
|
|
|
7ea7611 |
Release: 1%{?dist}
|
|
cvsdist |
2c6ba58 |
License: GPL
|
|
|
654a5c9 |
Group: System Environment/Daemons
|
|
|
c5201dc |
URL: http://people.redhat.com/sgrubb/audit/
|
|
cvsdist |
2c6ba58 |
Source0: %{name}-%{version}.tar.gz
|
|
|
adb0e1b |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
56bff5d |
BuildRequires: libtool swig python-devel pkgconfig
|
|
|
c02ad9a |
BuildRequires: kernel-headers >= 2.6.18
|
|
|
8fd9fa2 |
BuildRequires: automake >= 1.9
|
|
|
8fd9fa2 |
BuildRequires: autoconf >= 2.59
|
|
|
75f4803 |
Requires: %{name}-libs = %{version}-%{release}
|
|
|
c5201dc |
Requires: chkconfig
|
|
|
979da90 |
Prereq: coreutils
|
|
cvsdist |
2c6ba58 |
|
|
cvsdist |
2c6ba58 |
%description
|
|
cvsdist |
2c6ba58 |
The audit package contains the user space utilities for
|
|
|
f553a5a |
storing and searching the audit records generate by
|
|
cvsdist |
2c6ba58 |
the audit subsystem in the Linux 2.6 kernel.
|
|
cvsdist |
2c6ba58 |
|
|
|
75f4803 |
%package libs
|
|
|
75f4803 |
Summary: Dynamic library for libaudit
|
|
|
c5201dc |
License: LGPL
|
|
|
c5201dc |
Group: Development/Libraries
|
|
|
c5201dc |
|
|
|
75f4803 |
%description libs
|
|
|
75f4803 |
The audit-libs package contains the dynamic libraries needed for
|
|
|
75f4803 |
applications to use the audit framework.
|
|
|
75f4803 |
|
|
|
75f4803 |
%package libs-devel
|
|
|
75f4803 |
Summary: Header files and static library for libaudit
|
|
|
75f4803 |
License: LGPL
|
|
|
75f4803 |
Group: Development/Libraries
|
|
|
75f4803 |
Requires: %{name}-libs = %{version}-%{release}
|
|
|
c02ad9a |
Requires: kernel-headers >= 2.6.18
|
|
|
75f4803 |
|
|
|
75f4803 |
%description libs-devel
|
|
|
75f4803 |
The audit-libs-devel package contains the static libraries and header
|
|
|
75f4803 |
files needed for developing applications that need to use the audit
|
|
|
75f4803 |
framework libraries.
|
|
|
c5201dc |
|
|
|
9fb9401 |
%package libs-python
|
|
|
9fb9401 |
Summary: Python bindings for libaudit
|
|
|
9fb9401 |
License: LGPL
|
|
|
9fb9401 |
Group: Development/Libraries
|
|
|
9fb9401 |
Requires: %{name}-libs = %{version}-%{release}
|
|
|
c02ad9a |
Requires: kernel-headers >= 2.6.18
|
|
|
9fb9401 |
|
|
|
9fb9401 |
%description libs-python
|
|
|
9fb9401 |
The audit-libs-python package contains the bindings so that libaudit
|
|
|
cfd7264 |
and libauparse can be used by python.
|
|
|
9fb9401 |
|
|
|
dbe1b83 |
%package audispd-plugins
|
|
|
dbe1b83 |
Summary: Default plugins for the audit dispatcher
|
|
|
dbe1b83 |
License: LGPL
|
|
|
dbe1b83 |
Group: System Environment/Daemons
|
|
|
dbe1b83 |
|
|
|
dbe1b83 |
%description audispd-plugins
|
|
|
dbe1b83 |
The audispd-plugins package contains plugins for the audit dispatcher.
|
|
|
dbe1b83 |
|
|
cvsdist |
2c6ba58 |
%prep
|
|
cvsdist |
2c6ba58 |
%setup -q
|
|
cvsdist |
2c6ba58 |
|
|
cvsdist |
2c6ba58 |
%build
|
|
|
654a5c9 |
autoreconf -fv --install
|
|
|
9fb9401 |
%configure --sbindir=/sbin --libdir=/%{_lib}
|
|
|
d57251a |
make
|
|
cvsdist |
2c6ba58 |
|
|
cvsdist |
2c6ba58 |
%install
|
|
cvsdist |
2c6ba58 |
rm -rf $RPM_BUILD_ROOT
|
|
|
f3a9437 |
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audisp.d,rc.d/init.d}}
|
|
|
654a5c9 |
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8
|
|
|
57646a8 |
mkdir -p $RPM_BUILD_ROOT/%{_lib}
|
|
|
965e81b |
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
|
|
|
d1e22d7 |
mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit
|
|
|
654a5c9 |
make DESTDIR=$RPM_BUILD_ROOT install
|
|
cvsdist |
2c6ba58 |
|
|
|
c5201dc |
mkdir -p $RPM_BUILD_ROOT/%{_libdir}
|
|
|
aad9312 |
# This winds up in the wrong place when libtool is involved
|
|
|
19531ff |
mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir}
|
|
|
7ea7611 |
mv $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
|
|
|
21c8b70 |
curdir=`pwd`
|
|
|
21c8b70 |
cd $RPM_BUILD_ROOT/%{_libdir}
|
|
|
f9356bf |
LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*\``
|
|
|
f9356bf |
ln -s ../../%{_lib}/$LIBNAME libaudit.so
|
|
|
7ea7611 |
LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*\``
|
|
|
7ea7611 |
ln -s ../../%{_lib}/$LIBNAME libauparse.so
|
|
|
21c8b70 |
cd $curdir
|
|
|
64cb266 |
# Remove these items so they don't get picked up.
|
|
|
64cb266 |
rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so
|
|
|
7ea7611 |
rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so
|
|
|
64cb266 |
rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.la
|
|
|
7ea7611 |
rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.la
|
|
|
cb7d8f4 |
rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.a
|
|
|
cb7d8f4 |
rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.la
|
|
|
7ea7611 |
rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.a
|
|
|
7ea7611 |
rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.la
|
|
|
21c8b70 |
|
|
|
0b8b4aa |
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
|
|
0b8b4aa |
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
|
|
0b8b4aa |
|
|
cvsdist |
2c6ba58 |
%clean
|
|
cvsdist |
2c6ba58 |
rm -rf $RPM_BUILD_ROOT
|
|
cvsdist |
2c6ba58 |
|
|
|
7a408f5 |
%post libs -p /sbin/ldconfig
|
|
|
75f4803 |
|
|
|
c5201dc |
%post
|
|
|
7c06330 |
/sbin/chkconfig --add auditd
|
|
|
ca188de |
if [ -f /etc/auditd.conf ]; then
|
|
|
ca188de |
mv /etc/auditd.conf /etc/audit/auditd.conf
|
|
|
ca188de |
fi
|
|
|
ca188de |
if [ -f /etc/audit.rules ]; then
|
|
|
ca188de |
mv /etc/audit.rules /etc/audit/audit.rules
|
|
|
ca188de |
fi
|
|
|
cb9ea2d |
if [ -f /etc/audit/auditd.conf ]; then
|
|
|
cb9ea2d |
tmp=`mktemp /etc/audit/auditd-post.XXXXXX`
|
|
|
cb9ea2d |
if [ -n $tmp ]; then
|
|
|
cb9ea2d |
sed 's|#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \
|
|
|
cb9ea2d |
cat $tmp > /etc/audit/auditd.conf
|
|
|
cb9ea2d |
rm -f $tmp
|
|
|
cb9ea2d |
fi
|
|
|
cb9ea2d |
fi
|
|
|
c5201dc |
|
|
|
c5201dc |
%preun
|
|
|
1be66fe |
if [ $1 -eq 0 ]; then
|
|
|
c5201dc |
/sbin/service auditd stop > /dev/null 2>&1
|
|
|
c5201dc |
/sbin/chkconfig --del auditd
|
|
|
c5201dc |
fi
|
|
|
c5201dc |
|
|
|
75f4803 |
%postun libs
|
|
|
75f4803 |
/sbin/ldconfig 2>/dev/null
|
|
|
75f4803 |
|
|
|
c5201dc |
%postun
|
|
|
c5201dc |
if [ $1 -ge 1 ]; then
|
|
|
ec62b1c |
/sbin/service auditd condrestart > /dev/null 2>&1 || :
|
|
|
c5201dc |
fi
|
|
|
c5201dc |
|
|
|
75f4803 |
%files libs
|
|
|
75f4803 |
%defattr(-,root,root)
|
|
|
19531ff |
%attr(755,root,root) /%{_lib}/libaudit.*
|
|
|
7ea7611 |
%attr(755,root,root) /%{_lib}/libauparse.*
|
|
|
ca97ebc |
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
|
|
|
75f4803 |
|
|
|
75f4803 |
%files libs-devel
|
|
|
c5201dc |
%defattr(-,root,root)
|
|
|
21c8b70 |
%{_libdir}/libaudit.a
|
|
|
7ea7611 |
%{_libdir}/libauparse.a
|
|
|
21c8b70 |
%{_libdir}/libaudit.so
|
|
|
7ea7611 |
%{_libdir}/libauparse.so
|
|
|
c5201dc |
%{_includedir}/libaudit.h
|
|
|
7ea7611 |
%{_includedir}/auparse.h
|
|
|
7ea7611 |
%{_includedir}/auparse-defs.h
|
|
|
72b1292 |
%{_mandir}/man3/*
|
|
|
c5201dc |
|
|
|
9fb9401 |
%files libs-python
|
|
|
9fb9401 |
%defattr(-,root,root)
|
|
|
25f2ae9 |
%attr(750,root,root) /sbin/audispd
|
|
|
1dbd164 |
%{_libdir}/python?.?/site-packages/_audit.so
|
|
|
7ea7611 |
%{_libdir}/python?.?/site-packages/_auparse.so
|
|
|
1dbd164 |
/usr/lib/python?.?/site-packages/audit.py*
|
|
|
7ea7611 |
/usr/lib/python?.?/site-packages/auparse.py*
|
|
|
dbe1b83 |
|
|
|
dbe1b83 |
%files audispd-plugins
|
|
|
dbe1b83 |
%defattr(-,root,root)
|
|
|
dbe1b83 |
%{_libexecdir}/*
|
|
|
9fb9401 |
|
|
cvsdist |
2c6ba58 |
%files
|
|
cvsdist |
2c6ba58 |
%defattr(-,root,root,-)
|
|
|
dbe1b83 |
%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron
|
|
|
654a5c9 |
%attr(0644,root,root) %{_mandir}/man8/*
|
|
|
dbe1b83 |
%attr(0644,root,root) %{_mandir}/man5/*
|
|
|
f553a5a |
%attr(750,root,root) /sbin/auditctl
|
|
|
f553a5a |
%attr(750,root,root) /sbin/auditd
|
|
|
1dbd164 |
%attr(755,root,root) /sbin/ausearch
|
|
|
1dbd164 |
%attr(755,root,root) /sbin/aureport
|
|
|
7a408f5 |
%attr(750,root,root) /sbin/autrace
|
|
|
654a5c9 |
%attr(755,root,root) /etc/rc.d/init.d/auditd
|
|
|
d1e22d7 |
%attr(750,root,root) %{_var}/log/audit
|
|
|
835c196 |
%attr(750,root,root) %dir /etc/audit
|
|
|
dbe1b83 |
%attr(750,root,root) %dir /etc/audispd
|
|
|
dbe1b83 |
%attr(750,root,root) %dir /etc/audispd/plugins.d
|
|
|
dbe1b83 |
%attr(750,root,root) %dir /etc/audispd/policies.d
|
|
|
965e81b |
%attr(750,root,root) %dir %{_libdir}/audit
|
|
|
ca188de |
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
|
|
|
ca188de |
%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
|
|
|
654a5c9 |
%config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd
|
|
|
dbe1b83 |
%config(noreplace) %attr(640,root,root) /etc/audispd/audispd.conf
|
|
|
dbe1b83 |
%doc %attr(640,root,root) /etc/audispd/plugins.d/README-CONF_PLUGINS_D
|
|
|
dbe1b83 |
%doc %attr(640,root,root) /etc/audispd/policies.d/README-CONF_POLICIES_D
|
|
cvsdist |
2c6ba58 |
|
|
cvsdist |
2c6ba58 |
%changelog
|
|
|
dbe1b83 |
* Fri Mar 2 2007 Steve Grubb <sgrubb@redhat.com> 1.5-1
|
|
|
f3a9437 |
- NEW audit dispatcher program & plugin framework
|
|
|
dbe1b83 |
- Correct hidden variables in libauparse
|
|
|
dbe1b83 |
- Added NISPOM sample rules
|
|
|
dbe1b83 |
- Verify accessibility of files passed in auparse_init
|
|
|
dbe1b83 |
- Fix bug in parser library interpreting socketcalls
|
|
|
dbe1b83 |
- Add support for stdio FILE pointer in auparse_init
|
|
|
dbe1b83 |
- Adjust init script to allow anyone to status auditd (#230626)
|
|
|
f3a9437 |
|
|
|
cfd7264 |
* Tue Feb 20 2007 Steve Grubb <sgrubb@redhat.com> 1.4.2-1
|
|
|
cfd7264 |
- Add man pages
|
|
|
cfd7264 |
- Reduce text relocations in parser library
|
|
|
cfd7264 |
- Add -n option to auditd for no fork
|
|
|
cfd7264 |
- Add exec option to space_left, admin_space_left, disk_full,
|
|
|
cfd7264 |
and disk_error - eg EXEC /usr/local/script
|
|
|
cfd7264 |
|
|
|
adb0e1b |
* Fri Feb 16 2007 Steve Grubb <sgrubb@redhat.com> 1.4.1-1
|
|
|
adb0e1b |
- updated audit_rule_fieldpair_data to handle perm correctly (#226780)
|
|
|
adb0e1b |
- Finished search options for audit parsing library
|
|
|
adb0e1b |
- Fix ausearch -se to work correctly
|
|
|
adb0e1b |
- Fix auditd init script for /usr on netdev (#228528)
|
|
|
adb0e1b |
- Parse avc seperms better when there are more than one
|
|
|
adb0e1b |
|
|
|
7ea7611 |
* Sun Feb 04 2007 Steve Grubb <sgrubb@redhat.com> 1.4-1
|
|
|
7ea7611 |
- New report about authentication attempts
|
|
|
7ea7611 |
- Updates for python 2.5
|
|
|
7ea7611 |
- update autrace to have resource usage mode
|
|
|
7ea7611 |
- update auditctl to support immutable config
|
|
|
7ea7611 |
- added audit_log_user_command function to libaudit api
|
|
|
7ea7611 |
- interpret capabilities
|
|
|
7ea7611 |
- added audit event parsing library
|
|
|
7ea7611 |
- updates for 2.6.20 kernel
|
|
|
7ea7611 |
|
|
|
e85f917 |
* Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-2
|
|
|
22f12f8 |
- Make more adjustments for python 2.5
|
|
|
e85f917 |
|
|
|
9323477 |
* Sun Dec 10 2006 Steve Grubb <sgrubb@redhat.com> 1.3.1-1
|
|
|
9323477 |
- Fix a couple parsing problems (#217952)
|
|
|
9323477 |
- Add tgkill to S390* syscall tables (#218484)
|
|
|
9323477 |
- Fix error messages in ausearch/aureport
|
|
|
9323477 |
|
|
|
cb7d8f4 |
* Wed Dec 6 2006 Jeremy Katz <katzj@redhat.com> - 1.3-4
|
|
|
cb7d8f4 |
- rebuild against python 2.5
|
|
|
cb7d8f4 |
|
|
|
0b8b4aa |
* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-3
|
|
|
0b8b4aa |
- Fix timestamp for libaudit.conf (#218053)
|
|
|
0b8b4aa |
|
|
|
cbb5ded |
* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-2
|
|
|
cbb5ded |
- Fix minor parsing problem and add new msg types
|
|
|
cbb5ded |
|
|
|
b7fc0db |
* Tue Nov 28 2006 Steve Grubb <sgrubb@redhat.com> 1.3-1
|
|
|
b7fc0db |
- ausearch & aureport implement uid/gid caching
|
|
|
b7fc0db |
- In ausearch & aureport, extract addr when hostname is unknown
|
|
|
b7fc0db |
- In ausearch & aureport, test audit log presence O_RDONLY
|
|
|
b7fc0db |
- New ausearch/aureport time keywords: recent, this-week, this-month, this-year
|
|
|
b7fc0db |
- Added --add & --delete option to aureport
|
|
|
b7fc0db |
- Update res parsing in config change events
|
|
|
b7fc0db |
- Increase the size on audit daemon buffers
|
|
|
b7fc0db |
- Parse avc_path records in ausearch/aureport
|
|
|
b7fc0db |
- ausearch has new output mode, raw, for extracting events
|
|
|
b7fc0db |
- ausearch/aureport can now read stdin
|
|
|
b7fc0db |
- Rework AVC processing in ausearch/aureport
|
|
|
b7fc0db |
- Added long options to ausearch and aureport
|
|
|
b7fc0db |
|
|
|
81b2186 |
* Tue Oct 24 2006 Steve Grubb <sgrubb@redhat.com> 1.2.9-1
|
|
|
81b2186 |
- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834)
|
|
|
81b2186 |
- Fix some defines in libaudit.h
|
|
|
81b2186 |
- Some auditd config strings were not initialized in aureport (#211443)
|
|
|
81b2186 |
- Updated man pages
|
|
|
81b2186 |
- Add Netlabel event types to libaudit
|
|
|
81b2186 |
- Update aureports to current audit event types
|
|
|
81b2186 |
- Update autrace a little
|
|
|
81b2186 |
- Deprecated all the old audit_rule functions from public API
|
|
|
81b2186 |
- Drop auparse library for the moment
|
|
|
81b2186 |
|
|
|
c02ad9a |
* Fri Sep 29 2006 Steve Grubb <sgrubb@redhat.com> 1.2.8-1
|
|
|
c02ad9a |
- Add dist tag and bump version (#208532)
|
|
|
c02ad9a |
- Make internal auditd buffers bigger for context info
|
|
|
c02ad9a |
- Correct address resolving of hostname in logging functions
|
|
|
c02ad9a |
- Do not allow multiple msgtypes in same audit rule in auditctl (#207666)
|
|
|
c02ad9a |
- Only =, != operators for arch & inode fields in auditctl (#206427)
|
|
|
c02ad9a |
- Updated audit message type table
|
|
|
c02ad9a |
- Remove watches from aureport since FS_WATCH is deprecated
|
|
|
c02ad9a |
- Add audit_log_avc back temporarily (#208152)
|
|
|
c02ad9a |
|
|
|
c02ad9a |
* Mon Sep 18 2006 Steve Grubb <sgrubb@redhat.com> 1.2.7-2
|
|
|
82a277c |
- Fix logging messages to use addr if passed.
|
|
|
82a277c |
- Apply patches from Tony Jones correcting no kernel support messages
|
|
|
82a277c |
- Updated syscall tables for 2.6.18 kernel
|
|
|
82a277c |
- Remove deprecated functions: audit_log, audit_log_avc, audit_log_if_enabled
|
|
|
82a277c |
- Disallow syscall auditing on exclude list
|
|
|
82a277c |
- Improve time handling in ausearch and aureport (#191394)
|
|
|
82a277c |
- Attempt to reconstruct full path from relative for searching
|
|
|
82a277c |
|
|
|
3292510 |
* Wed Aug 30 2006 Steve Grubb <sgrubb@redhat.com> 1.2.6-3
|
|
|
3292510 |
- Rename audit event socket
|
|
|
3292510 |
|
|
|
8b804cd |
* Mon Aug 28 2006 Steve Grubb <sgrubb@redhat.com> 1.2.6-2
|
|
|
8b804cd |
- Another minor update to auditctl -p option
|
|
|
8b804cd |
|
|
|
3dec9bc |
* Sat Aug 26 2006 Steve Grubb <sgrubb@redhat.com> 1.2.6-1
|
|
|
3dec9bc |
- Apply updates to dispatcher
|
|
|
3dec9bc |
- Fix a couple bugs regarding MLS labels
|
|
|
3dec9bc |
- Resurrect -p option
|
|
|
3dec9bc |
- Tighten rules with exclude filter
|
|
|
3dec9bc |
- Fix parsing issue which lead to segfault in some cases
|
|
|
3dec9bc |
- Fix option parsing to ignore malformed lines
|
|
|
3dec9bc |
|
|
|
50c84f0 |
* Fri Aug 18 2006 Jesse Keating <jkeating@redhat.com> - 1.2.5-8
|
|
|
50c84f0 |
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
|
|
|
50c84f0 |
(#203001)
|
|
|
50c84f0 |
|
|
|
e4fd4c2 |
* Wed Aug 8 2006 Dan Walsh <dwalsh@redhat.com> 1.2.5-7
|
|
|
e4fd4c2 |
- Remove debug lines from dispatcher
|
|
|
e4fd4c2 |
|
|
|
46837eb |
* Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 1.2.5-6
|
|
|
46837eb |
- Change audisp to use a named pipe
|
|
|
46837eb |
|
|
|
965e81b |
* Fri Jul 21 2006 Dan Walsh <dwalsh@redhat.com> 1.2.5-5
|
|
|
965e81b |
- Fix dispatcher to handle sigchld
|
|
|
965e81b |
- Fix library location for 64 bit
|
|
|
979da90 |
- Add Prereq
|
|
|
965e81b |
|
|
|
cb2a383 |
* Fri Jul 21 2006 Dan Walsh <dwalsh@redhat.com> 1.2.5-4
|
|
|
cb2a383 |
- Eliminate avc package from audisp
|
|
|
cb2a383 |
|
|
|
61d4080 |
* Wed Jul 19 2006 Dan Walsh <dwalsh@redhat.com> 1.2.5-3
|
|
|
61d4080 |
- More fixes for setroubleshoot to handle failing plugin
|
|
|
61d4080 |
|
|
|
25f2ae9 |
* Fri Jul 14 2006 Dan Walsh <dwalsh@redhat.com> 1.2.5-2
|
|
|
25f2ae9 |
- Fixes for setroubleshoot
|
|
|
25f2ae9 |
|
|
|
cb9ea2d |
* Thu Jul 13 2006 Steve Grubb <sgrubb@redhat.com> 1.2.5-1
|
|
|
cb9ea2d |
- Switch out dispatcher
|
|
|
cb9ea2d |
- Fix bug upgrading rule types
|
|
|
cb9ea2d |
|
|
|
bcf52d7 |
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.2.4-1.1
|
|
|
bcf52d7 |
- rebuild
|
|
|
bcf52d7 |
|
|
|
ca97ebc |
* Fri Jun 30 2006 Steve Grubb <sgrubb@redhat.com> 1.2.4-1
|
|
|
ca97ebc |
- Add support for the new filter key
|
|
|
ca97ebc |
- Update syscall tables for 2.6.17
|
|
|
ca97ebc |
- Add audit failure query function
|
|
|
ca97ebc |
- Switch out gethostbyname call with getaddrinfo
|
|
|
ca97ebc |
- Add audit by obj capability for 2.6.18 kernel
|
|
|
ca97ebc |
- Ausearch & aureport now fail if no args to -te
|
|
|
ca97ebc |
- New auditd.conf option to choose blocking/non-blocking dispatcher comm
|
|
|
ca97ebc |
- Ausearch improved search by label
|
|
|
ca97ebc |
|
|
|
d658739 |
* Fri May 25 2006 Steve Grubb <sgrubb@redhat.com> 1.2.3-1
|
|
|
d658739 |
- Apply patch to ensure watches only associate with exit filter
|
|
|
d658739 |
- Apply patch to correctly show new operators when new listing format is used
|
|
|
d658739 |
- Apply patch to pull kernel's audit.h into python bindings
|
|
|
d658739 |
- Collect signal sender's context
|
|
|
d658739 |
|
|
|
db346ef |
* Tue May 16 2006 David Woodhouse <dwmw2@redhat.com> 1.2.2-2
|
|
|
db346ef |
- Require kernel-headers, not glibc-kernheaders. Again.
|
|
|
db346ef |
|
|
|
ca188de |
* Fri May 12 2006 Steve Grubb <sgrubb@redhat.com> 1.2.2-1
|
|
|
ca188de |
- Updates for new glibc-kernheaders
|
|
|
ca188de |
- Change auditctl to collect list of rules then delete them on -D
|
|
|
ca188de |
- Update capp.rules and lspp.rules to comment out rules for the possible list
|
|
|
ca188de |
- Add new message types
|
|
|
ca188de |
- Support sigusr1 sender identity of newer kernels
|
|
|
ca188de |
- Add support for ppid in auditctl and ausearch
|
|
|
ca188de |
- fix auditctl to trim the '/' from watches
|
|
|
ca188de |
- Move audit daemon config files to /etc/audit for better SE Linux protection
|
|
|
ca188de |
|
|
|
1fe1de1 |
* Wed Apr 25 2006 David Woodhouse <dwmw2@redhat.com> 1.2.1-2
|
|
|
1fe1de1 |
- Require kernel-headers, not glibc-kernheaders
|
|
|
994c362 |
- Fix redefinition of audit_rule_data with new kernel headers
|
|
|
994c362 |
- Remove abuse of __KERNEL__ in lookup_table.c
|
|
|
1fe1de1 |
|
|
|
948327f |
* Sun Apr 16 2006 Steve Grubb <sgrubb@redhat.com> 1.2.1-1
|
|
|
948327f |
- New message type for trusted apps
|
|
|
948327f |
- Add new keywords today, yesterday, now for ausearch and aureport
|
|
|
948327f |
- Make audit_log_user_avc_message really send to syslog on error
|
|
|
948327f |
- Updated syscall tables in auditctl
|
|
|
948327f |
- Deprecated the 'possible' action for syscall rules in auditctl
|
|
|
948327f |
- Update watch code to use file syscalls instead of 'all' in auditctl
|
|
|
948327f |
|
|
|
69c5a16 |
* Fri Apr 7 2006 Steve Grubb <sgrubb@redhat.com> 1.2-1
|
|
|
69c5a16 |
- Add support for new file system auditing kernel subsystem
|
|
|
69c5a16 |
|
|
|
42d612f |
* Thu Apr 6 2006 Steve Grubb <sgrubb@redhat.com> 1.1.6-1
|
|
|
42d612f |
- New message types
|
|
|
42d612f |
- Support new rule format found in 2.6.17 and later kernels
|
|
|
42d612f |
- Add support for audit by role, clearance, type, sensitivity
|
|
|
42d612f |
|
|
|
7f66efe |
* Wed Mar 6 2006 Steve Grubb <sgrubb@redhat.com> 1.1.5-1
|
|
|
7f66efe |
- Changed audit_log_semanage_message to take new params
|
|
|
7f66efe |
- In aureport, add class between syscall and permission in avc report
|
|
|
7f66efe |
- Fix bug where fsync is called in debug mode
|
|
|
7f66efe |
- Add optional support for tty in SYSCALL records for ausearch/aureport
|
|
|
7f66efe |
- Reinstate legacy rule operator support
|
|
|
7f66efe |
- Add man pages
|
|
|
7f66efe |
- Auditd ignore most signals
|
|
|
7f66efe |
|
|
|
d658739 |
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.1.4-5.1
|
|
|
d658739 |
- bump again for double-long bug on ppc(64)
|
|
|
d658739 |
|
|
|
d658739 |
* Fri Feb 10 2006 Steve Grubb <sgrubb@redhat.com> 1.1.4-5
|
|
|
d658739 |
- Change audit_log_semanage_message to check strlen as well as NULL.
|
|
|
d658739 |
|
|
|
d658739 |
* Thu Feb 9 2006 Steve Grubb <sgrubb@redhat.com> 1.1.4-3
|
|
|
d658739 |
- Change audit_log_semanage_message to take new params.
|
|
|
d658739 |
|
|
|
4a74d3a |
* Wed Feb 8 2006 Steve Grubb <sgrubb@redhat.com> 1.1.4-1
|
|
|
4a74d3a |
- Fix bug in autrace where it didn't run on kernels without file watch support
|
|
|
4a74d3a |
- Add syslog message to auditd saying what program was started for dispatcher
|
|
|
4a74d3a |
- Remove audit_send_user from public api
|
|
|
4a74d3a |
- Fix bug in USER_LOGIN messages where ausearch does not translate
|
|
|
4a74d3a |
msg='uid=500: into acct name (#178102).
|
|
|
4a74d3a |
- Change comm with dispatcher to socketpair from pipe
|
|
|
4a74d3a |
- Change auditd to use custom daemonize to avoid race in init scripts
|
|
|
4a74d3a |
- Update error message when deleting a rule that doesn't exist (#176239)
|
|
|
4a74d3a |
- Call shutdown_dispatcher when auditd stops
|
|
|
4a74d3a |
- Add new logging function audit_log_semanage_message
|
|
|
4a74d3a |
|
|
|
d658739 |
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.1.3-1.1
|
|
|
d658739 |
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
d658739 |
|
|
|
22affea |
* Thu Jan 5 2006 Steve Grubb <sgrubb@redhat.com> 1.1.3-1
|
|
|
22affea |
- Add timestamp to daemon_config messages (#174865)
|
|
|
4a74d3a |
- Add error checking of year for aureport & ausearch
|
|
|
22affea |
- Treat af_unix sockets as files for searching and reporting
|
|
|
22affea |
- Update capp & lspp rules to combine syscalls for higher performance
|
|
|
22affea |
- Adjusted the chkconfig line for auditd to start a little earlier
|
|
|
22affea |
- Added skeleton program to docs for people to write their own dispatcher with
|
|
|
22affea |
- Apply patch from Ulrich Drepper that optimizes resource utilization
|
|
|
22affea |
- Change ausearch and aureport to unlocked IO
|
|
|
176c798 |
|
|
|
8d49e27 |
* Thu Dec 5 2005 Steve Grubb <sgrubb@redhat.com> 1.1.2-1
|
|
|
8d49e27 |
- Add more message types
|
|
|
8d49e27 |
|
|
|
9fb9401 |
* Wed Nov 30 2005 Steve Grubb <sgrubb@redhat.com> 1.1.1-1
|
|
|
9fb9401 |
- Add support for alpha processors
|
|
|
9fb9401 |
- Update the audisp code
|
|
|
9fb9401 |
- Add locale code in ausearch and aureport
|
|
|
9fb9401 |
- Add new rule operator patch
|
|
|
9fb9401 |
- Add exclude filter patch
|
|
|
9fb9401 |
- Cleanup make files
|
|
|
9fb9401 |
- Add python bindings
|
|
|
9fb9401 |
|
|
|
ef69199 |
* Wed Nov 9 2005 Steve Grubb <sgrubb@redhat.com> 1.1-1
|
|
|
ef69199 |
- Add initial version of audisp. Just a placeholder at this point
|
|
|
ef69199 |
- Remove -t from auditctl
|
|
|
ef69199 |
|
|
|
c170a26 |
* Mon Nov 7 2005 Steve Grubb <sgrubb@redhat.com> 1.0.12-1
|
|
|
c170a26 |
- Add 2 more summary reports
|
|
|
c170a26 |
- Add 2 more message types
|
|
|
c170a26 |
|