From 52a4831e16f9a3f9fd0ef74bd8e73f1f32e1b160 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sep 28 2009 19:55:04 +0000 Subject: - New upstream release --- diff --git a/.cvsignore b/.cvsignore index c51f029..30e39af 100644 --- a/.cvsignore +++ b/.cvsignore @@ -101,3 +101,4 @@ audit-1.7.12.tar.gz audit-1.7.13.tar.gz audit-2.0.tar.gz audit-1.8.tar.gz +audit-2.0.1.tar.gz diff --git a/audit.spec b/audit.spec index b37c5ce..e01aef9 100644 --- a/audit.spec +++ b/audit.spec @@ -2,8 +2,8 @@ Summary: User space tools for 2.6 kernel auditing Name: audit -Version: 2.0 -Release: 3%{?dist} +Version: 2.0.1 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ @@ -172,6 +172,7 @@ fi %attr(644,root,root) %{_mandir}/man8/aulast.8.gz %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz +%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz @@ -181,8 +182,8 @@ fi %attr(755,root,root) /sbin/aureport %attr(750,root,root) /sbin/autrace %attr(750,root,root) /sbin/audispd -%attr(750,root,root) %{_bindir}/aulast -%attr(750,root,root) %{_bindir}/aulastlog +%attr(755,root,root) %{_bindir}/aulast +%attr(755,root,root) %{_bindir}/aulastlog %attr(755,root,root) %{_bindir}/ausyscall %attr(755,root,root) /etc/rc.d/init.d/auditd %attr(750,root,root) %{_var}/log/audit @@ -216,6 +217,9 @@ fi %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %changelog +* Mon Sep 28 2009 Steve Grubb 2.0.1-1 +- New upstream release + * Fri Aug 21 2009 Steve Grubb 2.0-3 - New upstream release @@ -357,246 +361,3 @@ fi - Fix buffer overflow in audit_log_user_command - Add basic remote logging plugin - only sends & no flow control - Update ausearch with interpret fixes from auparse - -* Sun Mar 09 2008 Steve Grubb 1.6.9-1 -- Apply hidden attribute cleanup patch (Miloslav Trmac) -- Apply auparse expression interface patch (Miloslav Trmac) -- Fix potential memleak in audit event dispatcher -- Update system-config-audit to version 0.4.6 (Miloslav Trmac) -- audisp-prelude alerts now controlled by config file -- Updated syscall table for 2.6.25 kernel -- Apply patch correcting acct field being misencoded (Miloslav Trmac) -- Added watched account login detection for prelude plugin - -* Thu Feb 14 2008 Steve Grubb 1.6.8-1 -- Update for gcc 4.3 -- Cleanup descriptors in audispd before running plugin -- Fix 'recent' keyword for aureport/search -- Fix SE Linux policy for zos_remote plugin -- Add event type for group password authentication attempts -- Couple of updates to the translation tables -- Add detection of failed group authentication to audisp-prelude - -* Thu Jan 31 2008 Steve Grubb 1.6.7-2 -- In ausearch/report, prefer -if to stdin -- In ausearch/report, add new command line option --input-logs (#428860) -- Updated audisp-prelude based on feedback from prelude-devel -- Added prelude alert for promiscuous socket being opened -- Added prelude alert for SE Linux policy enforcement changes -- Added prelude alerts for Forbidden Login Locations and Time -- Applied patch to auparse fixing error handling of searching by - interpreted value (Miloslav Trmac) - -* Sat Jan 19 2008 Steve Grubb 1.6.6-1 -- Add prelude IDS plugin for IDMEF alerts -- Add --user option to aulastlog command -- Use desktop-file-install for system-config-audit -- Avoid touching auditd.conf most of the time (#408501) - -* Fri Jan 11 2008 Steve Grubb 1.6.5-3 -- Updates for spec file review -- Adjust permission on selinux policy file - -* Mon Jan 07 2008 Steve Grubb 1.6.5-1 -- Fix config parser to allow either 0640 or 0600 for audit logs (#427062) -- Check for audit log being writable by owner in auditd -- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639) -- Updated CAPP, LSPP, and NISPOM rules for new capabilities -- Added aulastlog utility - -* Sun Dec 30 2007 Steve Grubb 1.6.4-3 -- Allow 0600 file perms for audit logs - -* Sat Dec 29 2007 Steve Grubb 1.6.4-1 -- fchmod of log file was on wrong variable (#426934) -- Allow use of errno strings for exit codes in audit rules - -* Sat Dec 29 2007 Miloslav Trmač - 1.6.3-2 -- Don't fchmod() /dev/null to mode 0400 (#426934) - -* Thu Dec 27 2007 Steve Grubb 1.6.3-1 -- Add kernel release string to DEAMON_START events -- Fix keep_logs when num_logs option disabled (#325561) -- Fix auparse to handle node fields for syscall records -- Update system-config-audit to version 0.4.5 (Miloslav Trmac) -- Add keyword week-ago to aureport & ausearch start/end times -- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440 -- Add RACF zos remote audispd plugin (Klaus Kiwi) -- Add event queue overflow action to audispd - -* Mon Oct 1 2007 Steve Grubb 1.6.2-2 -- Don't retry if the rt queue is full. - -* Tue Sep 25 2007 Steve Grubb 1.6.2-1 -- Add support for searching by posix regular expressions in auparse -- Route DEAMON events into rt interface -- If event pipe is full, try again after doing local logging -- Optionally add node/machine name to records in audit daemon -- Update ausearch/aureport to specify nodes to search on -- Fix segfault interpretting saddr fields in avcs - -* Thu Sep 6 2007 Steve Grubb 1.6.1-2 -- Fix uninitialized variable in auparse (John Dennis) - -* Sun Sep 2 2007 Steve Grubb 1.6.1-1 -- External plugin support in place -- Fix reference counting in auparse python bindings (#263961) -- Moved default af_unix plugin socket to /var/run/audispd_events - -* Wed Aug 29 2007 Steve Grubb 1.6-3 -- Add newline to audispd string formatted events - -* Tue Aug 28 2007 Steve Grubb 1.6-2 -- spec file cleanups -- Update to s-c-audit 0.4.3 - -* Mon Aug 27 2007 Steve Grubb 1.6-1 -- Update Licence tags -- Adding perm field should not set syscall added flag in auditctl -- Fix segfault when aureport -if option is used -- Fix auditctl to better check keys on rule lines -- Add support for audit by TTY and other new event types -- Auditd config option for group permission of audit logs -- Swig messed up a variable in ppc's python bindings causing crashes. (#251327) -- New audit event dispatcher -- Update syscall tables for 2.6.23 kernel - -* Wed Jul 25 2007 Steve Grubb 1.5.6-1 -- Fix potential buffer overflow in print clone flags of auparse -- Fix python traceback parsing watches without perm statement (Miloslav Trmac) -- Update auditctl to handle legacy kernels when putting a watch on a dir -- Fix acct interpretation in auparse - -* Tue Jul 17 2007 Miloslav Trmač - 1.5.5-5 -- Fix a double free when auditd receives SIGHUP -- Move the system-config-audit menu entry to the Administration menu - -* Tue Jul 10 2007 Steve Grubb 1.5.5-1 -- Add system-config-audit (Miloslav Trmac) -- Correct bug in audit_make_equivalent function (Al Viro) - -* Tue Jun 26 2007 Steve Grubb 1.5.4-1 -- Add feed interface to auparse library (John Dennis) -- Apply patch to libauparse for unresolved symbols (#241178) -- Apply patch to add line numbers for file events in libauparse (John Dennis) -- Change seresults to seresult in libauparse (John Dennis) -- Add unit32_t definition to swig (#244210) -- Add support for directory auditing -- Update acct field to be escaped - -* Tue May 01 2007 Steve Grubb 1.5.3-1 -- Change buffer size to prevent truncation of DAEMON events with large labels -- Fix memory leaks in auparse (John Dennis) -- Update syscall tables for 2.6.21 kernel -- Update capp & lspp rules -- New python bindings for libauparse (John Dennis) - -* Thu Apr 04 2007 Steve Grubb 1.5.2-1 -- New event dispatcher (James Antill) -- Apply patches fixing man pages and Makefile.am (Philipp Hahn) -- Apply patch correcting python libs permissions (Philipp Hahn) -- Fix auditd segfault on reload -- Fix bug in auparse library for file pointers and descriptors -- Extract subject information out of daemon events for ausearch - -* Thu Mar 29 2007 Steve Grubb 1.5.1-2 -- Remove requires kernel-headers for python-libs -- Apply patch to prevent segfaults on auditd reload - -* Tue Mar 20 2007 Steve Grubb 1.5.1-1 -- Updated autrace to monitor *at syscalls -- Add support in libaudit for AUDIT_BIT_TEST(^) and AUDIT_MASK_TEST (&) -- Finish reworking auditd config parser -- In auparse, interpret open, fcntl, and clone flags -- In auparse, when interpreting execve record types, run args through unencode -- Add support for OBJ_PID message type -- Event dispatcher updates - -* Fri Mar 2 2007 Steve Grubb 1.5-2 -- rebuild - -* Fri Mar 2 2007 Steve Grubb 1.5-1 -- NEW audit dispatcher program & plugin framework -- Correct hidden variables in libauparse -- Added NISPOM sample rules -- Verify accessibility of files passed in auparse_init -- Fix bug in parser library interpreting socketcalls -- Add support for stdio FILE pointer in auparse_init -- Adjust init script to allow anyone to status auditd (#230626) - -* Tue Feb 20 2007 Steve Grubb 1.4.2-1 -- Add man pages -- Reduce text relocations in parser library -- Add -n option to auditd for no fork -- Add exec option to space_left, admin_space_left, disk_full, - and disk_error - eg EXEC /usr/local/script - -* Fri Feb 16 2007 Steve Grubb 1.4.1-1 -- updated audit_rule_fieldpair_data to handle perm correctly (#226780) -- Finished search options for audit parsing library -- Fix ausearch -se to work correctly -- Fix auditd init script for /usr on netdev (#228528) -- Parse avc seperms better when there are more than one - -* Sun Feb 04 2007 Steve Grubb 1.4-1 -- New report about authentication attempts -- Updates for python 2.5 -- update autrace to have resource usage mode -- update auditctl to support immutable config -- added audit_log_user_command function to libaudit api -- interpret capabilities -- added audit event parsing library -- updates for 2.6.20 kernel - -* Sun Dec 10 2006 Steve Grubb 1.3.1-2 -- Make more adjustments for python 2.5 - -* Sun Dec 10 2006 Steve Grubb 1.3.1-1 -- Fix a couple parsing problems (#217952) -- Add tgkill to S390* syscall tables (#218484) -- Fix error messages in ausearch/aureport - -* Wed Dec 6 2006 Jeremy Katz - 1.3-4 -- rebuild against python 2.5 - -* Thu Nov 30 2006 Steve Grubb 1.3-3 -- Fix timestamp for libaudit.conf (#218053) - -* Thu Nov 30 2006 Steve Grubb 1.3-2 -- Fix minor parsing problem and add new msg types - -* Tue Nov 28 2006 Steve Grubb 1.3-1 -- ausearch & aureport implement uid/gid caching -- In ausearch & aureport, extract addr when hostname is unknown -- In ausearch & aureport, test audit log presence O_RDONLY -- New ausearch/aureport time keywords: recent, this-week, this-month, this-year -- Added --add & --delete option to aureport -- Update res parsing in config change events -- Increase the size on audit daemon buffers -- Parse avc_path records in ausearch/aureport -- ausearch has new output mode, raw, for extracting events -- ausearch/aureport can now read stdin -- Rework AVC processing in ausearch/aureport -- Added long options to ausearch and aureport - -* Tue Oct 24 2006 Steve Grubb 1.2.9-1 -- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834) -- Fix some defines in libaudit.h -- Some auditd config strings were not initialized in aureport (#211443) -- Updated man pages -- Add Netlabel event types to libaudit -- Update aureports to current audit event types -- Update autrace a little -- Deprecated all the old audit_rule functions from public API -- Drop auparse library for the moment - -* Fri Sep 29 2006 Steve Grubb 1.2.8-1 -- Add dist tag and bump version (#208532) -- Make internal auditd buffers bigger for context info -- Correct address resolving of hostname in logging functions -- Do not allow multiple msgtypes in same audit rule in auditctl (#207666) -- Only =, != operators for arch & inode fields in auditctl (#206427) -- Updated audit message type table -- Remove watches from aureport since FS_WATCH is deprecated -- Add audit_log_avc back temporarily (#208152) - diff --git a/sources b/sources index bfa443c..bd4fa41 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d0c064c4646f8fe5c50de789c627f2da audit-2.0.tar.gz +5624f99dc1ce3a62b5e7622f98747ada audit-2.0.1.tar.gz