diff --git a/audit-1.7.13.tar.bz2 b/audit-1.7.13.tar.bz2 new file mode 100644 index 0000000..e4f21e8 --- /dev/null +++ b/audit-1.7.13.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:053ebd92c6b8c1dac67f6cde59073798eb365c97bb73281b18b09b1b8bee5682 +size 905282 diff --git a/audit-1.7.7.tar.bz2 b/audit-1.7.7.tar.bz2 deleted file mode 100644 index 3c4327b..0000000 --- a/audit-1.7.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bd635c98f200d0b436e69fb2cb074386dd9f557ca7e2479e1de0cb0f7b2eea6d -size 934496 diff --git a/audit-445353-1.patch b/audit-445353-1.patch deleted file mode 100644 index 5ac5421..0000000 --- a/audit-445353-1.patch +++ /dev/null @@ -1,117 +0,0 @@ - docs/ausearch.8 | 3 +++ - src/ausearch-options.c | 9 ++++++++- - src/ausearch-options.h | 1 + - src/ausearch.c | 10 ++++++---- - 4 files changed, 18 insertions(+), 5 deletions(-) - ---- audit-1.7.7/docs/ausearch.8 -+++ audit-1.7.7/docs/ausearch.8 -@@ -54,6 +54,9 @@ - .BR \-k ,\ \-\-key \ \fIkey-string\fP - Search for an event based on the given \fIkey string\fP. - .TP -+.BR \-l ,\ \-\-line-buffered -+Flush output on every line. Most useful when stdout is connected to a pipe and the default block buffering strategy is undesirable. May impose a performance penalty. -+.TP - .BR \-m ,\ \-\-message \ \fImessage-type\fP\ |\ \fIcomma-sep-message-type-list\fP - Search for an event matching the given \fImessage type\fP. You may also enter a \fIcomma separated list of message types\fP. There is an \fBALL\fP message type that doesn't exist in the actual logs. It allows you to get all messages in the system. The list of valid messages types is long. The program will display the list whenever no message type is passed with this parameter. The message type can be either text or numeric. If you enter a list, there can be only commas and no spaces separating the list. - .TP ---- audit-1.7.7/src/ausearch-options.c -+++ audit-1.7.7/src/ausearch-options.c -@@ -50,6 +50,7 @@ - int event_ua = 0, event_ga = 0, event_se = 0; - int just_one = 0; - int event_session_id = -1; -+int line_buffered = 0; - const char *event_key = NULL; - const char *event_node = NULL; - const char *event_filename = NULL; -@@ -71,7 +72,7 @@ - S_HOSTNAME, S_INTERP, S_INFILE, S_MESSAGE_TYPE, S_PID, S_SYSCALL, S_OSUCCESS, - S_TIME_END, S_TIME_START, S_TERMINAL, S_ALL_UID, S_EFF_UID, S_UID, S_LOGINID, - S_VERSION, S_EXACT_MATCH, S_EXECUTABLE, S_CONTEXT, S_SUBJECT, S_OBJECT, --S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION }; -+S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION, S_LINEBUFFERED }; - - static struct nv_pair optiontab[] = { - { S_EVENT, "-a" }, -@@ -98,6 +99,8 @@ - { S_JUST_ONE, "--just-one" }, - { S_KEY, "-k" }, - { S_KEY, "--key" }, -+ { S_LINEBUFFERED, "-l" }, -+ { S_LINEBUFFERED, "--line-buffered" }, - { S_MESSAGE_TYPE, "-m" }, - { S_MESSAGE_TYPE, "--message" }, - { S_NODE, "-n" }, -@@ -169,6 +172,7 @@ - "\t--input-logs\t\t\tUse the logs even if stdin is a pipe\n" - "\t--just-one\t\t\tEmit just one event\n" - "\t-k,--key \t\tsearch based on key field\n" -+ "\t-l, --line-buffered\t\tFlush output on every line\n" - "\t-m,--message \tsearch based on message type\n" - "\t-n,--node \t\tsearch based on machine's name\n" - "\t-o,--object search based on context of object\n" -@@ -954,6 +958,9 @@ - c++; - } - break; -+ case S_LINEBUFFERED: -+ line_buffered = 1; -+ break; - default: - fprintf(stderr, "%s is an unsupported option\n", - vars[c]); ---- audit-1.7.7/src/ausearch-options.h -+++ audit-1.7.7/src/ausearch-options.h -@@ -36,6 +36,7 @@ - extern const char *event_object; - extern int event_se; - extern int just_one; -+extern int line_buffered; - extern pid_t event_ppid; - extern int event_session_id; - ---- audit-1.7.7/src/ausearch.c -+++ audit-1.7.7/src/ausearch.c -@@ -43,7 +43,6 @@ - - static FILE *log_fd = NULL; - static int found = 0; --static int pipe_mode = 0; - static int process_logs(void); - static int process_log_fd(void); - static int process_stdin(void); -@@ -58,11 +57,12 @@ - extern int match(llist *l); - extern void output_record(llist *l); - --static int input_is_pipe(void) -+static int is_pipe(int fd) - { - struct stat st; -+ int pipe_mode = 0; - -- if (fstat(0, &st) == 0) { -+ if (fstat(fd, &st) == 0) { - if (S_ISFIFO(st.st_mode)) - pipe_mode = 1; - } -@@ -92,7 +92,7 @@ - rc = process_file(user_file); - else if (force_logs) - rc = process_logs(); -- else if (input_is_pipe()) -+ else if (is_pipe(0)) - rc = process_stdin(); - else - rc = process_logs(); -@@ -190,6 +190,8 @@ - list_clear(&entries); - break; - } -+ if (line_buffered) -+ fflush(stdout); - } - list_clear(&entries); - } while (ret == 0); diff --git a/audit-445353-2.patch b/audit-445353-2.patch deleted file mode 100644 index 76c4411..0000000 --- a/audit-445353-2.patch +++ /dev/null @@ -1,88 +0,0 @@ ---- - ausearch.c | 31 +++++++++++++++++++++++++++---- - 1 file changed, 27 insertions(+), 4 deletions(-) - -Index: trunk/src/ausearch.c -=================================================================== ---- audit-1.7.7/src/ausearch.c.orig 2008-11-26 22:39:25.736364000 +0100 -+++ audit-1.7.7/src/ausearch.c 2008-11-27 00:21:32.801448000 +0100 -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - #include "libaudit.h" - #include "auditd-config.h" - #include "ausearch-options.h" -@@ -43,6 +44,8 @@ - - static FILE *log_fd = NULL; - static int found = 0; -+static int input_is_pipe = 0; -+static int timeout_interval = 5; /* timeout in seconds */ - static int process_logs(void); - static int process_log_fd(void); - static int process_stdin(void); -@@ -200,9 +203,19 @@ - return 0; - } - -+static void alarm_handler(int signal) -+{ -+ /* will interrupt current syscall */ -+} -+ - static int process_stdin(void) - { - log_fd = stdin; -+ input_is_pipe=1; -+ -+ if (signal(SIGALRM, alarm_handler) == SIG_ERR || -+ siginterrupt(SIGALRM, 1) == -1) -+ return -1; - - return process_log_fd(); - } -@@ -236,6 +249,7 @@ - char *rc; - char *buff = NULL; - int first_time = 1; -+ int timer_running = 0; - - while (1) { - if (saved_buff) { -@@ -248,11 +262,20 @@ - if (!buff) - return -1; - } -- // FIXME: In pipe mode, if there is a waiting buffer -- // and 5 seconds has elapsed, go ahead and process -- // the buffer - nothings coming that's related. -+ -+ if (input_is_pipe && !first_time) { -+ timer_running = 1; -+ alarm(timeout_interval); -+ } -+ - rc = fgets_unlocked(buff, MAX_AUDIT_MESSAGE_LENGTH, - log_fd); -+ -+ if (timer_running) { -+ /* timer may have fired but thats ok */ -+ timer_running = 0; -+ alarm(0); -+ } - } - if (rc) { - lnode n; -@@ -282,7 +305,9 @@ - } - } else { - free(buff); -- if (feof(log_fd)) -+ if (ferror(log_fd) && errno == EINTR) -+ return 0; -+ else if (feof(log_fd)) - return 1; - else - return -1; diff --git a/audit-no_python.patch b/audit-no_python.patch index de3b541..6a3ed4d 100644 --- a/audit-no_python.patch +++ b/audit-no_python.patch @@ -17,12 +17,12 @@ there you have it. m4_include([src/libev/libev.m4]) libev_LIBS="$LIBS" @@ -195,7 +195,8 @@ - AC_SUBST(LIBWRAP_LIBS) - AC_SUBST(libev_LIBS) + AC_SUBST(LIBPRELUDE_CFLAGS) + AC_SUBST(LIBPRELUDE_LDFLAGS) --AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) +-AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) +# SuSE: remove swig/Makefile + bindings/Makefile + bindings/python/Makefile -+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) ++AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) echo . echo " diff --git a/audit-no_sca.patch b/audit-no_sca.patch index 1e32752..295cabf 100644 --- a/audit-no_sca.patch +++ b/audit-no_sca.patch @@ -7,12 +7,12 @@ Disable system-config-audit. A Yast equivalent would be useful though. --- audit-1.7.7/configure.ac.orig 2008-09-23 00:59:29.976782000 +0200 +++ audit-1.7.7/configure.ac 2008-09-23 01:19:31.984128000 +0200 @@ -195,7 +195,6 @@ - AC_SUBST(LIBWRAP_LIBS) - AC_SUBST(libev_LIBS) + AC_SUBST(LIBPRELUDE_CFLAGS) + AC_SUBST(LIBPRELUDE_LDFLAGS) -AC_CONFIG_SUBDIRS([system-config-audit]) - AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) - + AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) + echo . --- audit-1.7.7/Makefile.am.orig 2008-09-23 01:20:05.010072000 +0200 +++ audit-1.7.7/Makefile.am 2008-09-23 01:20:10.039036000 +0200 diff --git a/audit-secondary.changes b/audit-secondary.changes index b61b381..86632de 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 11 17:19:50 CEST 2009 - tonyj@suse.de + +- Update from 1.7.7 to 1.7.13 (see audit.changes for upstream change + history) + ------------------------------------------------------------------- Fri Sep 26 23:27:36 CEST 2008 - tonyj@suse.de diff --git a/audit-secondary.spec b/audit-secondary.spec index 30d86d3..ede4aac 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -1,5 +1,5 @@ # -# spec file for package audit-secondary (Version 1.7.7) +# spec file for package audit-secondary (Version 1.7.13) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -25,8 +25,8 @@ BuildRequires: audit audit-devel gcc-c++ openldap2-devel pkg-config python-deve Summary: Python Bindings for libaudit License: GPL v2 or later Group: System/Monitoring -Version: 1.7.7 -Release: 6 +Version: 1.7.13 +Release: 1 Url: http://people.redhat.com/sgrubb/audit/ Source0: audit-%{version}.tar.bz2 Patch0: audit-no_sca.patch @@ -92,9 +92,6 @@ autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" ./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor -pushd src/mt - make libaudit.h -popd make %install @@ -150,6 +147,9 @@ rm -rf $RPM_BUILD_ROOT %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %changelog +* Mon May 11 2009 tonyj@suse.de +- Update from 1.7.7 to 1.7.13 (see audit.changes for upstream change + history) * Fri Sep 26 2008 tonyj@suse.de - Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change history) diff --git a/audit.changes b/audit.changes index 028520e..f0f3695 100644 --- a/audit.changes +++ b/audit.changes @@ -1,4 +1,85 @@ ------------------------------------------------------------------- +Mon May 11 17:20:28 CEST 2009 - tonyj@suse.de + +- Update from 1.7.7 to 1.7.13. +- Redhat changelog for 1.7.8 - 1.7.13 follows: + * Tue Apr 21 2009 Steve Grubb 1.7.13-1 + - Disable libev asserts unless --with-debug passed to configure + - Handle kernel 2.6.29's audit = 0 boot parameter better + - Install audit.py file in arch specific python directory (Dan Walsh) + - Fix problem with negative uids in audit rules on 32 bit systems + - When file type is unknown, output octal for mode field (Miloslav Trmač) + - Update tty keystroke interpretations (Miloslav Trmač) + + * Tue Feb 24 2009 Steve Grubb 1.7.12-1 + - Add definitions for crypto events + - Fix regression where msgtype couldn't be used as a range in audit rules + - In libaudit, extend time spent checking reply + - In acct events, prefer id over acct if given + - In aulast, try id and acct in USER_LOGIN events + - When in immutable mode, have auditctl tell user instead of sending rules + - Add option to sysconfig to disable audit system on auditd stop + - Add tcp_wrappers config option to auditd + - Aulastlog can now take input from stdin + - Update libaudit python bindings to throw exceptions on error + - Adjust formatting of TTY data in libauparse to be like ausearch/report + - Add more key mappings to TTY interpretations + - Add internal queue to audisp-remote + - Fix failure action code to allow executables in audisp-remote (Chu Li) + - Fix memory leak when NOLOG log_format option given to auditd + - Quieten some of the reconnect text being sent to syslog in audisp-remote + - Apply some libev fixups to auditd + - Cleanup shutdown sequence of auditd + - Allow auditd log rotation via SIGUSR1 when NOLOG log format option given + + * Sat Jan 10 2009 Steve Grubb 1.7.11-1 + - Don't error out in auditd when calling setsid + - Reformat a couple auditd error messages (Oden Eriksson) + - If log rotate fails, leave the old log writable + - Fixed bug in setting up auditd event loop when listening + - Warn if on biarch machine and auditctl rules show a syscall mismatch + - Audisp-remote was not parsing some config options correctly + - In auparse, check for single key in addition to virtual keys + - When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients + - Created reconnect option to remote ending setting of audisp-remote + + * Sat Dec 13 2008 Steve Grubb 1.7.10-1 + - Fix ausearch and aureport to handle out of order events + - Add line-buffer option to ausearch & timeout pipe input (Tony Jones) + - Add support in ausearch/report for tty data + - In audisp-remote, allow the keyword "any" for local_port + - Tighten parsing for -m and -w options in auditctl + - Add session query hint for aulast proof + - Fix audisp-remote to tolerate krb5 config options when not supported + - Created new aureport option for tty keystroke report + - audispd should detect backup config files and not use them + - When checking for ack in netlink interface, retry on EAGAIN a few times + - In aureport, fix mods report to show acct acted upon + + * Wed Nov 05 2008 Steve Grubb 1.7.9-1 + - Fix uninitialized variable in aureport causing segfault + - Quieten down the gssapi not supported messages + - Fix bug interpretting i386 logs on x86_64 machines + - If kernel is in immutable mode, auditd should not send enable command + - Fix ausearch/report recent and now time keyword lookups + - Created aulast program + - prelude plugin should pull auid for login alert from 2nd uid field + - Add system boot, shutdown, and run level change events + - Add max_restarts to audispd.conf to limit times a plugin is restarted + - Expand session detection in ausearch + + * Wed Oct 22 2008 Steve Grubb 1.7.8-1 + - Interpret TTY audit data in auparse (Miloslav Trmač) + - Extract terminal from USER_AVC events for ausearch/report (Peng Haitao) + - Add USER_AVCs to aureport's avc reporting (Peng Haitao) + - Short circuit hostname resolution in libaudit if host is empty + - If log_group and user are not root, don't check dispatcher perms + - Fix a bug when executing "ausearch -te today PM" + - Add --exit search option to ausearch + - Fix parsing config file when kerberos is disabled + +------------------------------------------------------------------- + Tue Apr 14 14:52:39 CEST 2009 - dmueller@suse.de - refresh patches diff --git a/audit.spec b/audit.spec index 340a3f0..ce64ccb 100644 --- a/audit.spec +++ b/audit.spec @@ -1,5 +1,5 @@ # -# spec file for package audit (Version 1.7.7) +# spec file for package audit (Version 1.7.13) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -21,8 +21,8 @@ Name: audit BuildRequires: gcc-c++ tcpd-devel Summary: User Space Tools for 2.6 Kernel Auditing -Version: 1.7.7 -Release: 6 +Version: 1.7.13 +Release: 1 License: GPL v2 or later Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ @@ -33,8 +33,6 @@ Patch0: audit-no_sca.patch Patch1: audit-no_python.patch Patch2: audit-no_plugins.patch Patch3: audit-no-gss.patch -Patch4: audit-445353-1.patch -Patch5: audit-445353-2.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-libs = %{version}-%{release} PreReq: %insserv_prereq %fillup_prereq @@ -93,17 +91,13 @@ Authors: %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" +# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch ./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor --with-libwrap -pushd src/mt - make libaudit.h -popd make %install @@ -192,6 +186,7 @@ fi %attr(644,root,root) %{_mandir}/man8/aureport.8.gz %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz %attr(644,root,root) %{_mandir}/man8/autrace.8.gz +%attr(644,root,root) %{_mandir}/man8/aulast.8.gz %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz @@ -203,7 +198,8 @@ fi %attr(750,root,root) /sbin/rcauditd %attr(750,root,root) /sbin/autrace %attr(750,root,root) /sbin/audispd -%attr(750,root,root) /usr/bin/aulastlog +%attr(755,root,root) /usr/bin/aulast +%attr(755,root,root) /usr/bin/aulastlog %attr(755,root,root) /usr/bin/ausyscall %attr(755,root,root) /sbin/aureport /etc/init.d/auditd @@ -223,6 +219,78 @@ fi %attr(755,root,root) /usr/bin/ausyscall %changelog +* Mon May 11 2009 tonyj@suse.de +- Update from 1.7.7 to 1.7.13. +- Redhat changelog for 1.7.8 - 1.7.13 follows: + * Tue Apr 21 2009 Steve Grubb 1.7.13-1 + - Disable libev asserts unless --with-debug passed to configure + - Handle kernel 2.6.29's audit = 0 boot parameter better + - Install audit.py file in arch specific python directory (Dan Walsh) + - Fix problem with negative uids in audit rules on 32 bit systems + - When file type is unknown, output octal for mode field (Miloslav Trmač) + - Update tty keystroke interpretations (Miloslav Trmač) + * Tue Feb 24 2009 Steve Grubb 1.7.12-1 + - Add definitions for crypto events + - Fix regression where msgtype couldn't be used as a range in audit rules + - In libaudit, extend time spent checking reply + - In acct events, prefer id over acct if given + - In aulast, try id and acct in USER_LOGIN events + - When in immutable mode, have auditctl tell user instead of sending rules + - Add option to sysconfig to disable audit system on auditd stop + - Add tcp_wrappers config option to auditd + - Aulastlog can now take input from stdin + - Update libaudit python bindings to throw exceptions on error + - Adjust formatting of TTY data in libauparse to be like ausearch/report + - Add more key mappings to TTY interpretations + - Add internal queue to audisp-remote + - Fix failure action code to allow executables in audisp-remote (Chu Li) + - Fix memory leak when NOLOG log_format option given to auditd + - Quieten some of the reconnect text being sent to syslog in audisp-remote + - Apply some libev fixups to auditd + - Cleanup shutdown sequence of auditd + - Allow auditd log rotation via SIGUSR1 when NOLOG log format option given + * Sat Jan 10 2009 Steve Grubb 1.7.11-1 + - Don't error out in auditd when calling setsid + - Reformat a couple auditd error messages (Oden Eriksson) + - If log rotate fails, leave the old log writable + - Fixed bug in setting up auditd event loop when listening + - Warn if on biarch machine and auditctl rules show a syscall mismatch + - Audisp-remote was not parsing some config options correctly + - In auparse, check for single key in addition to virtual keys + - When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients + - Created reconnect option to remote ending setting of audisp-remote + * Sat Dec 13 2008 Steve Grubb 1.7.10-1 + - Fix ausearch and aureport to handle out of order events + - Add line-buffer option to ausearch & timeout pipe input (Tony Jones) + - Add support in ausearch/report for tty data + - In audisp-remote, allow the keyword "any" for local_port + - Tighten parsing for -m and -w options in auditctl + - Add session query hint for aulast proof + - Fix audisp-remote to tolerate krb5 config options when not supported + - Created new aureport option for tty keystroke report + - audispd should detect backup config files and not use them + - When checking for ack in netlink interface, retry on EAGAIN a few times + - In aureport, fix mods report to show acct acted upon + * Wed Nov 05 2008 Steve Grubb 1.7.9-1 + - Fix uninitialized variable in aureport causing segfault + - Quieten down the gssapi not supported messages + - Fix bug interpretting i386 logs on x86_64 machines + - If kernel is in immutable mode, auditd should not send enable command + - Fix ausearch/report recent and now time keyword lookups + - Created aulast program + - prelude plugin should pull auid for login alert from 2nd uid field + - Add system boot, shutdown, and run level change events + - Add max_restarts to audispd.conf to limit times a plugin is restarted + - Expand session detection in ausearch + * Wed Oct 22 2008 Steve Grubb 1.7.8-1 + - Interpret TTY audit data in auparse (Miloslav Trmač) + - Extract terminal from USER_AVC events for ausearch/report (Peng Haitao) + - Add USER_AVCs to aureport's avc reporting (Peng Haitao) + - Short circuit hostname resolution in libaudit if host is empty + - If log_group and user are not root, don't check dispatcher perms + - Fix a bug when executing "ausearch -te today PM" + - Add --exit search option to ausearch + - Fix parsing config file when kerberos is disabled * Tue Apr 14 2009 dmueller@suse.de - refresh patches * Wed Dec 10 2008 olh@suse.de