From 8efb1f0acec6a9db54c29e83f9f98cef535df471 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Mar 30 2008 19:17:17 +0000 Subject: - Handle user space avcs in prelude plugin - Fix watched account login detection for some failed login attempts - Couple fixups in audit logging functions (Miloslav Trmac) - Add support in auditctl for virtual keys - auparse_find_field_next was not iterating correctly, fixed it - Add idmef alerts for access or execution of watched file - Fix buffer overflow in audit_log_user_command - Add basic remote logging plugin - only sends & no flow control - Update ausearch with interpret fixes from auparse --- diff --git a/.cvsignore b/.cvsignore index d3fc870..4022584 100644 --- a/.cvsignore +++ b/.cvsignore @@ -86,3 +86,4 @@ audit-1.6.6.tar.gz audit-1.6.7.tar.gz audit-1.6.8.tar.gz audit-1.6.9.tar.gz +audit-1.7.tar.gz diff --git a/audit.spec b/audit.spec index c84fc8b..ba403ae 100644 --- a/audit.spec +++ b/audit.spec @@ -6,7 +6,7 @@ Summary: User space tools for 2.6 kernel auditing Name: audit -Version: 1.6.9 +Version: 1.7 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons @@ -293,6 +293,11 @@ fi %attr(750,root,root) /sbin/audisp-prelude %attr(644,root,root) %{_mandir}/man5/audisp-prelude.conf.5.gz %attr(644,root,root) %{_mandir}/man8/audisp-prelude.8.gz +%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf +%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf +%attr(750,root,root) /sbin/audisp-remote +%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz +%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %files -n system-config-audit -f system-config-audit.lang %defattr(-,root,root,-) @@ -310,6 +315,17 @@ fi %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server %changelog +* Sun Mar 30 2008 Steve Grubb 1.7-1 +- Handle user space avcs in prelude plugin +- Fix watched account login detection for some failed login attempts +- Couple fixups in audit logging functions (Miloslav Trmac) +- Add support in auditctl for virtual keys +- auparse_find_field_next was not iterating correctly, fixed it +- Add idmef alerts for access or execution of watched file +- Fix buffer overflow in audit_log_user_command +- Add basic remote logging plugin - only sends & no flow control +- Update ausearch with interpret fixes from auparse + * Sun Mar 09 2008 Steve Grubb 1.6.9-1 - Apply hidden attribute cleanup patch (Miloslav Trmac) - Apply auparse expression interface patch (Miloslav Trmac) diff --git a/sources b/sources index 0426153..9f4a9a8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7e055793c057883f39b10d8ba783de98 audit-1.6.9.tar.gz +dba65ff98de50c89d3cc1e1ddc49aa1a audit-1.7.tar.gz