audit/audit.spec

#
# spec file for package audit (Version 1.7.13)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild


Name:           audit
BuildRequires:  gcc-c++ tcpd-devel
Summary:        User Space Tools for 2.6 Kernel Auditing
Version:        1.7.13
Release:        2
License:        GPL v2 or later
Group:          System/Monitoring
Url:            http://people.redhat.com/sgrubb/audit/
Source0:        %{name}-%{version}.tar.bz2
Source1:        auditd.init
Source2:        auditd.sysconfig
Patch0:         audit-no_sca.patch
Patch1:         audit-no_python.patch
Patch2:         audit-no_plugins.patch
Patch3:         audit-no-gss.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Requires:       %{name}-libs = %{version}-%{release}
PreReq:         %insserv_prereq %fillup_prereq

%description
The audit package contains the user space utilities for storing and
processing the audit records generated by the audit subsystem in the
Linux 2.6 kernel.



Authors:
--------
    Steve Grubb <sgrubb@redhat.com>

%package libs
Summary:        Dynamic library for libaudit
License:        GPL v2 or later
Group:          System/Monitoring
# bug437293
%ifarch ppc64
Obsoletes:      audit-libs-64bit
%endif
#

%description libs
The audit-libs package contains the dynamic libraries needed for
applications to use the audit framework.



Authors:
--------
    Steve Grubb <sgrubb@redhat.com>

%package devel
Summary:        Header files and static library for libaudit
License:        LGPL v2.1 or later
Group:          Development/Libraries/C and C++
Requires:       %{name}-libs = %{version}-%{release}

%description devel
The audit-devel package contains the static libraries and header files
needed for developing applications that need to use the audit framework
libraries.



Authors:
--------
    Steve Grubb <sgrubb@redhat.com>

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1

%build
# This package failed when testing with -Wl,-as-needed being default.  
# So we disable it here, if you want to retest, just delete this comment and the line below.  
export SUSE_ASNEEDED=0  
autoreconf -fi
export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS"
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor --with-libwrap
make

%install
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
mkdir -p $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
make DESTDIR=$RPM_BUILD_ROOT install
mkdir -p $RPM_BUILD_ROOT/%{_includedir}
mkdir -p $RPM_BUILD_ROOT/%{_libdir}
# We manually install this since Makefile doesn't
install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir}
# This winds up in the wrong place when libtool is involved
rm $RPM_BUILD_ROOT/%{_lib}/libaudit.so $RPM_BUILD_ROOT/%{_lib}/libauparse.so
ln -sf /%{_lib}/libaudit.so.0 $RPM_BUILD_ROOT%{_libdir}/libaudit.so
ln -sf /%{_lib}/libauparse.so.0 $RPM_BUILD_ROOT%{_libdir}/libauparse.so
mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir}
rm $RPM_BUILD_ROOT/%{_lib}/libaudit.la $RPM_BUILD_ROOT/%{_lib}/libauparse.la
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd
# delete redhat script, use ours
rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd
rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd
rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d
install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/init.d/auditd
ln -s /etc/init.d/auditd $RPM_BUILD_ROOT/sbin/rcauditd
mkdir -p $RPM_BUILD_ROOT/var/log/audit/
touch $RPM_BUILD_ROOT/var/log/audit/audit.log
# For %ghost below, so that old location files will still be there when
# %post copy runs
touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf

%check
make check

%clean
rm -rf $RPM_BUILD_ROOT

%post libs -p /sbin/ldconfig

%postun libs -p /sbin/ldconfig

%post
%{fillup_and_insserv -yn auditd auditd}
# Save existing audit files if any (from old location)
if [ -f /etc/auditd.conf ]; then
   mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new
   mv /etc/auditd.conf /etc/audit/auditd.conf
fi
if [ -f /etc/audit.rules ]; then
   mv /etc/audit/audit.rules /etc/audit/audit.rules.new
   mv /etc/audit.rules /etc/audit/audit.rules
fi

%preun
%stop_on_removal auditd

%postun
%restart_on_update auditd
%{insserv_cleanup}

%files libs
%defattr(-,root,root)
/%{_lib}/libaudit.*
/%{_lib}/libauparse.*
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf

%files devel
%defattr(-,root,root)
%doc contrib/skeleton.c contrib/plugin
%{_libdir}/libaudit.*
%{_libdir}/libauparse.*
%{_includedir}/libaudit.h
%{_includedir}/auparse.h
%{_includedir}/auparse-defs.h
%{_mandir}/man3/*

%files
%defattr(-,root,root,-)
%doc  README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron
%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(750,root,root) /sbin/auditctl
%attr(750,root,root) /sbin/auditd
%attr(755,root,root) /sbin/ausearch
%attr(750,root,root) /sbin/rcauditd
%attr(750,root,root) /sbin/autrace
%attr(750,root,root) /sbin/audispd
%attr(755,root,root) /usr/bin/aulast
%attr(755,root,root) /usr/bin/aulastlog
%attr(755,root,root) /usr/bin/ausyscall
%attr(755,root,root) /sbin/aureport
/etc/init.d/auditd
%dir %attr(750,root,root) /etc/audit
%attr(750,root,root) %dir /etc/audisp
%attr(750,root,root) %dir /etc/audisp/plugins.d
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
%ghost /etc/auditd.conf
%ghost /etc/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
/var/adm/fillup-templates/sysconfig.auditd
%dir %attr(700,root,root) /var/log/audit
%ghost %config(noreplace) /var/log/audit/audit.log
%attr(755,root,root) /usr/bin/ausyscall

%changelog
* Fri Jun 19 2009 coolo@novell.com
- disable as-needed for this package as it fails to build with it
* Mon May 11 2009 tonyj@suse.de
- Update from 1.7.7 to 1.7.13.
- Redhat changelog for 1.7.8 - 1.7.13 follows:
  * Tue Apr 21 2009 Steve Grubb <sgrubb@redhat.com> 1.7.13-1
  - Disable libev asserts unless --with-debug passed to configure
  - Handle kernel 2.6.29's audit = 0 boot parameter better
  - Install audit.py file in arch specific python directory (Dan Walsh)
  - Fix problem with negative uids in audit rules on 32 bit systems
  - When file type is unknown, output octal for mode field (Miloslav Trmač)
  - Update tty keystroke interpretations (Miloslav Trmač)
  * Tue Feb 24 2009 Steve Grubb <sgrubb@redhat.com> 1.7.12-1
  - Add definitions for crypto events
  - Fix regression where msgtype couldn't be used as a range in audit rules
  - In libaudit, extend time spent checking reply
  - In acct events, prefer id over acct if given
  - In aulast, try id and acct in USER_LOGIN events
  - When in immutable mode, have auditctl tell user instead of sending rules
  - Add option to sysconfig to disable audit system on auditd stop
  - Add tcp_wrappers config option to auditd
  - Aulastlog can now take input from stdin
  - Update libaudit python bindings to throw exceptions on error
  - Adjust formatting of TTY data in libauparse to be like ausearch/report
  - Add more key mappings to TTY interpretations
  - Add internal queue to audisp-remote
  - Fix failure action code to allow executables in audisp-remote (Chu Li)
  - Fix memory leak when NOLOG log_format option given to auditd
  - Quieten some of the reconnect text being sent to syslog in audisp-remote
  - Apply some libev fixups to auditd
  - Cleanup shutdown sequence of auditd
  - Allow auditd log rotation via SIGUSR1 when NOLOG log format option given
  * Sat Jan 10 2009 Steve Grubb <sgrubb@redhat.com> 1.7.11-1
  - Don't error out in auditd when calling setsid
  - Reformat a couple auditd error messages (Oden Eriksson)
  - If log rotate fails, leave the old log writable
  - Fixed bug in setting up auditd event loop when listening
  - Warn if on biarch machine and auditctl rules show a syscall mismatch
  - Audisp-remote was not parsing some config options correctly
  - In auparse, check for single key in addition to virtual keys
  - When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients
  - Created reconnect option to remote ending setting of audisp-remote
  * Sat Dec 13 2008 Steve Grubb <sgrubb@redhat.com> 1.7.10-1
  - Fix ausearch and aureport to handle out of order events
  - Add line-buffer option to ausearch & timeout pipe input (Tony Jones)
  - Add support in ausearch/report for tty data
  - In audisp-remote, allow the keyword "any" for local_port
  - Tighten parsing for -m and -w options in auditctl
  - Add session query hint for aulast proof
  - Fix audisp-remote to tolerate krb5 config options when not supported
  - Created new aureport option for tty keystroke report
  - audispd should detect backup config files and not use them
  - When checking for ack in netlink interface, retry on EAGAIN a few times
  - In aureport, fix mods report to show acct acted upon
  * Wed Nov 05 2008 Steve Grubb <sgrubb@redhat.com> 1.7.9-1
  - Fix uninitialized variable in aureport causing segfault
  - Quieten down the gssapi not supported messages
  - Fix bug interpretting i386 logs on x86_64 machines
  - If kernel is in immutable mode, auditd should not send enable command
  - Fix ausearch/report recent and now time keyword lookups
  - Created aulast program
  - prelude plugin should pull auid for login alert from 2nd uid field
  - Add system boot, shutdown, and run level change events
  - Add max_restarts to audispd.conf to limit times a plugin is restarted
  - Expand session detection in ausearch
  * Wed Oct 22 2008 Steve Grubb <sgrubb@redhat.com> 1.7.8-1
  - Interpret TTY audit data in auparse (Miloslav Trmač)
  - Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
  - Add USER_AVCs to aureport's avc reporting (Peng Haitao)
  - Short circuit hostname resolution in libaudit if host is empty
  - If log_group and user are not root, don't check dispatcher perms
  - Fix a bug when executing "ausearch -te today PM"
  - Add --exit search option to ausearch
  - Fix parsing config file when kerberos is disabled
* Tue Apr 14 2009 dmueller@suse.de
- refresh patches
* Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293)
* Fri Dec 05 2008 tonyj@suse.de
- Revision to previous fix for bnc#445353.
  These should go into SLES11 RC1.
  1) Add --line-buffered option to limit when stdout is flushed (performance).
  2) Testing found a related bug where (if input is a pipe) the last logical
  record would permanently be queued waiting for a subsequent record indicating
  end of the previous.  This subsequent record may never arrive.  Timer is
  now run causing this record to be flushed if no new record arrives within
  timeout.  This fix is upstream also.
* Fri Nov 21 2008 tonyj@suse.de
- Force ausearch to flush stdout if pipe (bnc#445353)
* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Fri Sep 26 2008 tonyj@suse.de
- Update from 1.7.4 to 1.7.7.  GSS support disabled for present
- Redhat changelog for 1.7.5 - 1.7.7 follows:
  * Wed Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.7-1
  - Bug fixes for gss code in remote logging (DJ Delorie)
  - Fix ausearch -i to keep the node field in the output
  - ausyscall now does strstr match on syscall names
  - Makefile cleanup (Philipp Hahn)
  - Add watched syscall support to audisp-prelude
  - Use the right define for tcp_wrappers in auditd
  - Expose encoding API for fields being logged from user space
  * Wed Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.6-1
  - Update event record list and aureport classifications (Yu Zhiguo/Peng Haitao)
  - Add subject to audit daemon events (Chu Li)
  - Fix parsing of acct & exe fields in user records (Peng Haitao)
  - Make client error handling in audisp-remote robust (DJ Delorie)
  - Add tcp_wrappers support for auditd
  - Updated syscall tables for 2.6.27 kernel
  - Add heartbeat exchange to remote logging protocol (DJ Delorie)
  - Audit connect/disconnect of remote clients
  - In ausearch, collect pid from AVC records (Peng Haitao)
  - Add auparse_get_field_type function to describe field's contents
  - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
  * Mon Aug 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.5-1
  - Update system-config-audit to 0.4.8
  - Whole lot of bug fixes - see ChangeLog for details
  - Reimplement auditd main loop using libev
  - Add TCP listener to auditd to receive remote events
* Tue Aug 05 2008 tonyj@suse.de
- Remove audit rules on audit stop (bnc#409093)
* Wed Jun 25 2008 tonyj@suse.de
- Update from 1.7.2 to 1.7.4
- Redhat changelog for 1.7.3 - 1.7.4 follows:
  * Mon May 19 2008 Steve Grubb <sgrubb@redhat.com> 1.7.4-1
  - Fix interpreting of keys in syscall records
  - Interpret audit rule config change list fields
  - Don't error on name=(null) PATH records in ausearch/report
  - Add key report to aureport
  - Fix --end today to be now
  - Added python bindings for auparse_goto_record_num
  - Update system-config-audit to 0.4.7 (Miloslav Trmac)
  - Add support for the filetype field option in auditctl
  - In audispd boost priority after starting children
  * Fri May 09 2008 Steve Grubb <sgrubb@redhat.com> 1.7.3-1
  - Fix path processing in AVC records.
  - auparse_find_field_next() wasn't resetting field ptr going to next record.
  - auparse_find_field() wasn't checking current field before iterating
  - cleanup some string handling in audisp-prelude plugin
  - Update auditctl man page
  - Fix output of keys in ausearch interpretted mode
  - Fix ausearch/report --start now to not be reset to midnight
  - Added auparse_goto_record_num function
  - Prelude plugin now uses auparse_goto_record_num to avoid skipping a record
  - audispd now has a priority boost config option
  - Look for laddr in avcs reported via prelude
  - Detect page 0 mmaps and alert via prelude
- Update from 1.6.8 to 1.7.2
- Complete fix for BNC# 378725
- Redhat changelog for 1.6.9-1.7.2 follows:
  * Wed Apr 09 2008 Steve Grubb <sgrubb@redhat.com> 1.7.2-1
  - gen_table.c now includes IPC defines to avoid glibc-headers wild goose chase
  - ausyscall program added for cross referencing syscall name and number info
  - Add login session ID search capability to ausearch
  * Tue Apr 08 2008 Steve Grubb <sgrubb@redhat.com> 1.7.1-1
  - Remove LSB headers info for init scripts
  - Fix buffer overflow in audit_log_user_command, again (#438840)
  - Fix memory leak in EOE code in auditd (#440075)
  - In auditctl, don't use new operators in legacy rule format
  - Made a couple corrections in alpha & x86_64 syscall tables (Miloslav Trmac)
  - Add example STIG rules file
  - Add string table lookup performance improvement patch (Miloslav Trmac)
  - auparse_find_field_next performance improvement
  * Sun Mar 30 2008 Steve Grubb <sgrubb@redhat.com> 1.7-1
  - Improve input error handling in audispd
  - Improve end of event detection in auparse library
  - Improve handling of abstract namespaces
  - Add test mode for prelude plugin
  - Handle user space avcs in prelude plugin
  - Audit event serial number now recorded in idmef alert
  - Add --just-one option to ausearch
  - Fix watched account login detection for some failed login attempts
  - Couple fixups in audit logging functions (Miloslav Trmac)
  - Add support in auditctl for virtual keys
  - Added new type for user space MAC policy load events
  - auparse_find_field_next was not iterating correctly, fixed it
  - Add idmef alerts for access or execution of watched file
  - Fix buffer overflow in audit_log_user_command
  - Add basic remote logging plugin - only sends & no flow control
  - Update ausearch with interpret fixes from auparse
  * Sun Mar 09 2008 Steve Grubb <sgrubb@redhat.com> 1.6.9-1
  - Apply hidden attribute cleanup patch (Miloslav Trmac)
  - Apply auparse expression interface patch (Miloslav Trmac)
  - Fix potential memleak in audit event dispatcher
  - Change default audispd queue depth to 80
  - Update system-config-audit to version 0.4.6 (Miloslav Trmac)
  - audisp-prelude alerts now controlled by config file
  - Updated syscall table for 2.6.25 kernel
  - Apply patch correcting acct field being misencoded (Miloslav Trmac)
  - Added watched account login detection for prelude plugin
* Wed Apr 23 2008 tonyj@suse.de
- Fix for bnc#378725 VUL-0: audit buffer overflow
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Wed Mar 26 2008 tonyj@suse.de
- Update from 1.6.2 to 1.6.8.
- Move audisp-plugins to new secondary spec (along with existing
  python libs).
- Redhat changelog follows:
  * Thu Feb 14 2008 Steve Grubb <sgrubb@redhat.com> 1.6.8-1
  - Update for gcc 4.3
  - Cleanup descriptors in audispd before running plugin
  - Fix 'recent' keyword for aureport/search
  - Fix SE Linux policy for zos_remote plugin
  - Add event type for group password authentication attempts
  - Couple of updates to the translation tables
  - Add detection of failed group authentication to audisp-prelude
  * Thu Jan 31 2008 Steve Grubb <sgrubb@redhat.com> 1.6.7-1
  - In ausearch/report, prefer -if to stdin
  - In ausearch/report, add new command line option --input-logs (#428860)
  - Updated audisp-prelude based on feedback from prelude-devel
  - Added prelude alert for promiscuous socket being opened
  - Added prelude alert for SE Linux policy enforcement changes
  - Added prelude alerts for Forbidden Login Locations and Time
  - Applied patch to auparse fixing error handling of searching by
  interpreted value (Miloslav Trmac)
  * Sat Jan 19 2008 Steve Grubb <sgrubb@redhat.com> 1.6.6-1
  - Add prelude IDS plugin for IDMEF alerts
  - Add --user option to aulastlog command
  - Use desktop-file-install for system-config-audit
  * Mon Jan 07 2008 Steve Grubb <sgrubb@redhat.com> 1.6.5-1
  - Add more errno strings for exit codes in auditctl
  - Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
  - Check for audit log being writable by owner in auditd
  - If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
  - Updated CAPP, LSPP, and NISPOM rules for new capabilities
  - Added aulastlog utility
  * Sat Dec 29 2007 Steve Grubb <sgrubb@redhat.com> 1.6.4-1
  - fchmod of log file was on wrong variable (#426934)
  - Allow use of errno strings for exit codes in audit rules
  * Thu Dec 27 2007 Steve Grubb <sgrubb@redhat.com> 1.6.3-1
  - Add kernel release string to DEAMON_START events
  - Fix keep_logs when num_logs option disabled (#325561)
  - Fix auparse to handle node fields for syscall records
  - Update system-config-audit to version 0.4.5 (Miloslav Trmac)
  - Add keyword week-ago to aureport & ausearch start/end times
  - Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
  - Add RACF zos remote audispd plugin (Klaus Kiwi)
  - Add event queue overflow action to audispd
* Tue Mar 18 2008 schwab@suse.de
- Use autoreconf.
* Wed Oct 31 2007 tonyj@suse.de
- Incorporate 1 more Redhat fixe post 1.6.2
- Go back to 10.2 behaviour wrt to starting in disabled state.
  This time using patch submitted upstream, fix for #Bug 333739
* Wed Oct 10 2007 tonyj@suse.de
- Upgrade to 1.6.2
  Plus two bugs discovered in Fedora, will be fixed in 1.6.3
* Wed Jul 25 2007 tonyj@suse.de
- Upgrade to 1.5.5
  Correct bug in audit_make_equivalent function (Al Viro)
  Local: add AppArmor audit ID (upstream in 1.5.6)
  don't build RedHat system-config-audit
* Thu Jul 12 2007 tonyj@suse.de
- Upgrade to 1.5.4
  Add feed interface to auparse library (John Dennis)
  Apply patch to libauparse for unresolved symbols (#241178)
  Apply patch to add line numbers for file events in libauparse (John Dennis)
  Change seresults to seresult in libauparse (John Dennis)
  Add unit32_t definition to swig (#244210)
  Add support for directory auditing
  Update acct field to be escaped
- Fix for #280487 "%%ghost /var/log/audit/audit.log will remove the logfile"
* Mon May 07 2007 rguenther@suse.de
- Drop pkg-config BuildRequires introduced by last change.
* Wed May 02 2007 tonyj@suse.de
- Upgrade to 1.5.3.  Drop AUDITD_DISABLE_CONTEXTS from audit sysconfig
* Wed Nov 29 2006 tonyj@suse.de
- Upgrade to 1.2.9 (drop several patches which are now upstream)
- Move to using /etc/audit directory for config files
* Thu Aug 31 2006 tonyj@suse.de
- Upgrade to 1.2.6-1
* Sat Aug 26 2006 olh@suse.de
- do not define __KERNEL__ in userland apps
- remove unused sys/syscall.h include
* Wed Aug 16 2006 cthiel@suse.de
- split audit into audit and audit-libs-python
* Fri May 05 2006 sbeattie@suse.de
- disable syscall audit context creation by default #172154
* Mon Mar 20 2006 meissner@suse.de
- Do not print a misleading errormessage when audit
  is not compiled into the kernel. #152733
* Mon Mar 06 2006 meissner@suse.de
- On kernels without auditing, which report ECONNREFUSED,
  do not output stuff to stderr on startup. #152733
* Sat Feb 25 2006 kukuk@suse.de
- Fix moving of devel libraries, don't install .la file
* Wed Feb 22 2006 meissner@suse.de
- moved libaudit.so symlink to /usr/lib and to -devel package,
  as requested by Thorsten.
* Fri Feb 17 2006 meissner@suse.de
- check sendto() return against -1 (error with errno set).
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Jan 25 2006 ro@suse.de
- fix fillup call since filename != packagename
* Tue Jan 24 2006 ro@suse.de
- do not skip fillup in postinstall
* Mon Jan 23 2006 dreynolds@suse.de
- Modified inssrv macro args to enable on boot
* Wed Jan 18 2006 tonyj@suse.de
- Add support for AppArmor (submitted upstream for 1.1.4)
* Fri Jan 13 2006 meissner@suse.de
- Updated to 1.1.3.
- Moved audispd to /usr/sbin since it uses /usr/lib/libstdc++
- Updated sysconfig snippet.
* Tue Nov 08 2005 meissner@suse.de
- upgraded to 1.0.12.
* Fri Nov 04 2005 kukuk@suse.de
- Update to 1.0.9.
* Wed Oct 12 2005 meissner@suse.de
- upgraded to 1.0.6. ptrdift patch now solved upstream.
* Wed Oct 05 2005 meissner@suse.de
- Upgraded to 1.0.5
* Wed Oct 05 2005 dmueller@suse.de
- add norootforbuild
* Mon Sep 26 2005 meissner@suse.de
- Upgraded to 1.0.4.
	- Make rate & backlog 32 bit unsigned int in auditctl
	- In auditctl, if -F arch is given with -t option, don't require list
	- Update auditd man page
	- Add size check to audit_send
	- Update message for audit_open failure when kernel doesn't support audit
* Tue Aug 23 2005 meissner@suse.de
- Upgraded to 1.0.3 bugfix release:
	- adjust file perms of newly created log file in auditd
	- fix 2 memory leaks and an out of bounds access in auditd
	- fix case where auditd was closing netlink descriptor too early
	- fix watch rules not to take field arguments in auditctl
	- fix bug where inode, devmajor, devminor, exit, and success fields in auditctl
  rules were not getting the correct value stored
* Wed Aug 17 2005 meissner@suse.de
- Added /var/log/audit directory and ghost audit.log #105131
* Wed Aug 10 2005 meissner@suse.de
- Upgraded to 1.0.2
* Thu Aug 04 2005 meissner@suse.de
- Upgraded to 1.0.1.
* Mon Jul 11 2005 meissner@suse.de
- Update to version 0.9.16.
* Tue Jun 21 2005 meissner@suse.de
- Update to version 0.9.10.
* Fri Jun 17 2005 meissner@suse.de
- Update to version 0.9.7.
* Thu Jun 16 2005 kukuk@suse.de
- Update to version 0.9.5
* Tue Jun 14 2005 ro@suse.de
- make it build with current includes
* Tue May 31 2005 meissner@suse.de
- Upgraded to 0.9.
* Fri May 13 2005 meissner@suse.de
- upgraded to 0.6.8
* Tue Apr 19 2005 meissner@suse.de
- Upgraded to 0.6.11.
* Fri Apr 15 2005 pth@suse.de
- Make libaudit.h define pgoff_t by itself.
- Fix a minor warning.
* Wed Mar 30 2005 meissner@suse.de
- Upgraded to 0.6.9.
* Fri Mar 04 2005 meissner@suse.de
- Upgraded to 0.6.5.
* Thu Mar 03 2005 meissner@suse.de
- initial package of auditd for new kernel auditing system.