* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
* Add auparse_normalizer support for SOFTWARE_UPDATE event
* Mark netlabel events as simple events so that get processed quicker
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
* Update lookup tables for the 4.18 kernel
* In aureport, fix segfault in file report
* Add auparse_normalizer support for labeled networking events
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
* Event aging is off by a second
* In ausearch/auparse, correct event ordering to process oldest first
* auparse_reset was not clearing everything it should
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
* In ausearch/report, lightly parse selinux portion of USER_AVC events
* In ausearch/report, limit record size when malformed
* In auditd, fix extract_type function for network originating events
* In auditd, calculate right size and location for network originating events
* Treat all network originating events as VER2 so dispatcher doesn't format it
* In audisp-remote do an initial connection attempt (#1625156)
* In auditd, allow expression of space left as a percentage (#1650670)
* On PPC64LE systems, only allow 64 bit rules (#1462178)
* Make some parts of auditd state report optional based on config
* Fix ausearch when checkpointing a single file (Burn Alting)
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
* In ausearch, do not checkpt if stdin is input source
* In libev, remove __cold__ attribute for functions to allow proper hardening
* Add tests to configure.ac for openldap support
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=108
- Update to version 2.8.4:
* Generate checkpoint file even when not results are returned
(Burn Alting).
* Fix log file creation when file logging is disabled entirely
(Vlad Glagolev).
* Use SIGCONT to dump auditd internal state (rh#1504251).
* Fix parsing of virtual timestamp fields in ausearch_expression
(rh#1515903).
* Fix parsing of uid & success for ausearch.
* Hide lru symbols in auparse.
* Fix aureport summary time range reporting.
* Allow unlimited retries on startup for remote logging.
* Add queue_depth to remote logging stats and increase default
queue_depth size.
- Update to version 2.8.3:
* Correct msg function name in lru debug code.
* Fix a segfault in auditd when dns resolution isn't available.
* Make a reload legacy service for auditd.
* In auparse python bindings, expose some new types that were
missing.
* In normalizer, pickup subject kind for user_login events.
* Fix interpretation of unknown ioctcmds (rh#1540507).
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
RESP_ORIGIN_BLOCK_TIMED events.
* In auparse_normalize for USER_LOGIN events, map acct for
subj_kind.
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events
(rh#1534748).
* Do not rotate auditd logs when num_logs < 2 (brozs).
- Update to version 2.8.4:
* Generate checkpoint file even when not results are returned
(Burn Alting).
* Fix log file creation when file logging is disabled entirely
(Vlad Glagolev).
* Use SIGCONT to dump auditd internal state (rh#1504251).
* Fix parsing of virtual timestamp fields in ausearch_expression
(rh#1515903).
* Fix parsing of uid & success for ausearch.
* Hide lru symbols in auparse.
* Fix aureport summary time range reporting.
* Allow unlimited retries on startup for remote logging.
* Add queue_depth to remote logging stats and increase default
queue_depth size.
- Update to version 2.8.3:
* Correct msg function name in lru debug code.
* Fix a segfault in auditd when dns resolution isn't available.
* Make a reload legacy service for auditd.
* In auparse python bindings, expose some new types that were
missing.
* In normalizer, pickup subject kind for user_login events.
* Fix interpretation of unknown ioctcmds (rh#1540507).
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
RESP_ORIGIN_BLOCK_TIMED events.
* In auparse_normalize for USER_LOGIN events, map acct for
subj_kind.
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events
(rh#1534748).
* Do not rotate auditd logs when num_logs < 2 (brozs).
OBS-URL: https://build.opensuse.org/request/show/618655
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=102
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
OBS-URL: https://build.opensuse.org/request/show/580988
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=98
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
changelog
- Remove audit-implicit-writev.patch (fixed upstream across 2
commits)
* 3b30db20ad983274989ce9a522120c3c225436b3
* 07132c22314e9abbe64d1031fd8734243285bb3f
- Cleanup with spec-cleaner
- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
* many features added to auparse_normalize
* cli option added to auditd and audispd for setting config dir
* in auditd, restore the umask after creating a log file
* option added to auditd for skipping email verification
- Full changelog: http://people.redhat.com/sgrubb/audit/ChangeLog
OBS-URL: https://build.opensuse.org/request/show/539420
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=91
- Version update to 2.5. See audit.spec (libaudit1) for upstream
changelog
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
* audit-allow-manual-stop.patch
* audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
-C parameter of make
- Install m4 file to the devel package
OBS-URL: https://build.opensuse.org/request/show/382986
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=82
Changelog 2.4.1
- Make python3 support easier
- Add support for ppc64le (Tony Jones)
- Add some translations for a1 of ioctl system calls
- Add command & virtualization reports to aureport
- Update aureport config report for new events
- Add account modification summary report to aureport
- Add GRP_MGMT and GRP_CHAUTHTOK event types
- Correct aureport account change reports
- Add integrity event report to aureport
- Add config change summary report to aureport
- Adjust some syslogging level settings in audispd
- Improve parsing performance in everything
- When ausearch outputs a line, use the previously parsed values (Burn Alting)
- Improve searching and interpreting groups in events
- Fully interpret the proctitle field in auparse
- Correct libaudit and auditctl support for kernel features
- Add support for backlog_time_wait setting via auditctl
- Update syscall tables for the 3.18 kernel
- Ignore DNS failure for email validation in auditd (#1138674)
- Allow rotate as action for space_left and disk_full in auditd.conf
- Correct login summary report of aureport
- Auditctl syscalls can be comma separated list now
- Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=74
