diff --git a/audit-2.6-man.patch b/audit-2.6-man.patch new file mode 100644 index 0000000..27aa90c --- /dev/null +++ b/audit-2.6-man.patch @@ -0,0 +1,18 @@ +diff -ur audit-2.6.orig/docs/auditd.conf.5 audit-2.6/docs/auditd.conf.5 +--- audit-2.6.orig/docs/auditd.conf.5 2016-06-22 14:42:34.000000000 -0400 ++++ audit-2.6/docs/auditd.conf.5 2016-06-22 15:56:24.511250872 -0400 +@@ -24,10 +24,11 @@ + Normally you want this so the default is yes. + .TP + .I log_format +-The log format describes how the information should be stored on disk. There are 2 options: raw and nolog. +-If set to ++The log format describes how the information should be stored on disk. There are 2 options: raw and enriched. The nolog option is deprecated. If set to + .IR RAW , +-the audit records will be stored in a format exactly as the kernel sends it. ++the audit records will be stored in a format exactly as the kernel sends it. The ++.IR ENRICHED ++option will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analized on another system. + The + .I NOLOG + option is now deprecated. If you were setting this format, now you should set diff --git a/audit.spec b/audit.spec index cd5c17e..dc261d9 100644 --- a/audit.spec +++ b/audit.spec @@ -3,12 +3,13 @@ Summary: User space tools for 2.6 kernel auditing Name: audit Version: 2.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt +Patch1: audit-2.6-man.patch BuildRequires: openldap-devel BuildRequires: swig BuildRequires: python-devel @@ -305,7 +306,7 @@ fi %attr(750,root,root) /sbin/audispd-zos-remote %changelog -* Wed Jun 22 2016 Steve Grubb 2.6-1 +* Wed Jun 22 2016 Steve Grubb 2.6-2 - New upstream release * Fri Apr 29 2016 Steve Grubb 2.5.2-1