- Version update to 2.5. See audit.spec (libaudit1) for upstream
changelog
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
* audit-allow-manual-stop.patch
* audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
-C parameter of make
- Install m4 file to the devel package
OBS-URL: https://build.opensuse.org/request/show/382986
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=82
Changelog 2.4.1
- Make python3 support easier
- Add support for ppc64le (Tony Jones)
- Add some translations for a1 of ioctl system calls
- Add command & virtualization reports to aureport
- Update aureport config report for new events
- Add account modification summary report to aureport
- Add GRP_MGMT and GRP_CHAUTHTOK event types
- Correct aureport account change reports
- Add integrity event report to aureport
- Add config change summary report to aureport
- Adjust some syslogging level settings in audispd
- Improve parsing performance in everything
- When ausearch outputs a line, use the previously parsed values (Burn Alting)
- Improve searching and interpreting groups in events
- Fully interpret the proctitle field in auparse
- Correct libaudit and auditctl support for kernel features
- Add support for backlog_time_wait setting via auditctl
- Update syscall tables for the 3.18 kernel
- Ignore DNS failure for email validation in auditd (#1138674)
- Allow rotate as action for space_left and disk_full in auditd.conf
- Correct login summary report of aureport
- Auditctl syscalls can be comma separated list now
- Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=74
- Eliminate build cycles. audit.spec now builds only libs/devel.
Remainder (including daemon) built from audit-secondary.spec
- Add patch 'audit-fix-implicit-defn.patch' to fix implicit definition
warning.
- remove libcap-ng too from audit.spec as it's only needed for plugins
(and libcap-ng itself needs python to build bindings)
- Eliminate build cycles. audit.spec now builds only libs/devel.
Remainder (including daemon) built from audit-secondary.spec
OBS-URL: https://build.opensuse.org/request/show/181250
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=65
configure.ac to fix build with new automake
buildrequired and the lack of those requires causes a broken
configure script after autoreconf add pkgconfig(libcap-ng)
to both audit and audit-secondary, cap-ng is actually only
use in the latter.
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=50
- Buildrequires cap-ng library
- --with-libcap-ng=yes has no effect if libcap-ng is not
buildrequired and the lack of those requires causes a broken
configure script after autoreconf add pkgconfig(libcap-ng)
to both audit and audit-secondary, cap-ng is actually only
use in the latter.
- Version 2.2.3
- Code cleanups
- In spec file, don't own lib64/audit
- Update man pages
- Aureport no longer reads auditd.conf when stdin is used
- Don't let systemd kill auditd if auditctl errors out
- Update syscall table for 3.7 and 3.8 kernels
- Add interpretation for setns and unshare syscalls
- Code cleanup (Tyler Hicks)
- Documentation cleanups (Laurent Bigonville)
- Add dirfd interpretation to the *at functions
- Add termination signal to clone flags interpretation
- Update stig.rules
- In auditctl, when listing rules don't print numeric value of dir fields
- Add support for rng resource type in auvirt
- Fix aulast bad login output (#922508)
- In ausearch, allow negative numbers for session and auid searches
- In audisp-remote, if disk_full_action is stop then stop sending (#908977) (forwarded request 161029 from elvigia)
OBS-URL: https://build.opensuse.org/request/show/161113
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=63
- Buildrequires cap-ng library
- --with-libcap-ng=yes has no effect if libcap-ng is not
buildrequired and the lack of those requires causes a broken
configure script after autoreconf add pkgconfig(libcap-ng)
to both audit and audit-secondary, cap-ng is actually only
use in the latter.
- Version 2.2.3
- Code cleanups
- In spec file, don't own lib64/audit
- Update man pages
- Aureport no longer reads auditd.conf when stdin is used
- Don't let systemd kill auditd if auditctl errors out
- Update syscall table for 3.7 and 3.8 kernels
- Add interpretation for setns and unshare syscalls
- Code cleanup (Tyler Hicks)
- Documentation cleanups (Laurent Bigonville)
- Add dirfd interpretation to the *at functions
- Add termination signal to clone flags interpretation
- Update stig.rules
- In auditctl, when listing rules don't print numeric value of dir fields
- Add support for rng resource type in auvirt
- Fix aulast bad login output (#922508)
- In ausearch, allow negative numbers for session and auid searches
- In audisp-remote, if disk_full_action is stop then stop sending (#908977)
OBS-URL: https://build.opensuse.org/request/show/161029
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=47
** Please send to 12.3 because starting the audit daemon is broken with systemd ****
- remove old tarball and update -secondary spec
- Audit 2.2.2 , the purpose of this update is too add compatibility
with systemd for 12.3
- In auditd, tcp_max_per_addr was allowing 1 more connection than specified
- In ausearch, fix matching of object records
- Auditctl was returning -1 when listing rules filtered on a key field
- Add interpretations for CAP_BLOCK_SUSPEND and CAP_COMPROMISE_KERNEL
- Add armv5tejl, armv5tel, armv6l and armv7l machine types (Nathaniel Husted)
- Updates for the 3.6 kernel
- Add auparse_feed_has_data function to libauparse
- Update audisp-prelude to use auparse_feed_has_data
- Add support to conditionally build auditd network listener (Tyler Hicks)
- In auditd, reset a flag after receiving USR1 signal info when rotating logs
- Add optional systemd init script support
- Add support for SECCOMP event type
- Don't interpret aN_len field in EXECVE records (#869555)
- In audisp-remote, do better job of draining queue
- Fix capability parsing in ausearch/auparse
- Interpret BPRM_FCAPS capability fields
- Add ANOM_LINK event type (forwarded request 150497 from elvigia)
OBS-URL: https://build.opensuse.org/request/show/150561
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=61
** Please send to 12.3 because starting the audit daemon is broken with systemd ****
- remove old tarball and update -secondary spec
- Audit 2.2.2 , the purpose of this update is too add compatibility
with systemd for 12.3
- In auditd, tcp_max_per_addr was allowing 1 more connection than specified
- In ausearch, fix matching of object records
- Auditctl was returning -1 when listing rules filtered on a key field
- Add interpretations for CAP_BLOCK_SUSPEND and CAP_COMPROMISE_KERNEL
- Add armv5tejl, armv5tel, armv6l and armv7l machine types (Nathaniel Husted)
- Updates for the 3.6 kernel
- Add auparse_feed_has_data function to libauparse
- Update audisp-prelude to use auparse_feed_has_data
- Add support to conditionally build auditd network listener (Tyler Hicks)
- In auditd, reset a flag after receiving USR1 signal info when rotating logs
- Add optional systemd init script support
- Add support for SECCOMP event type
- Don't interpret aN_len field in EXECVE records (#869555)
- In audisp-remote, do better job of draining queue
- Fix capability parsing in ausearch/auparse
- Interpret BPRM_FCAPS capability fields
- Add ANOM_LINK event type
OBS-URL: https://build.opensuse.org/request/show/150497
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=43
- Update to version 2.2.1, see audit's changes
- update to 2.2.1, upstream changelog:
2.2.1
- Add more interpretations in auparse for syscall parameters
- Add some interpretations to ausearch for syscall parameters
- In ausearch/report and auparse, allocate extra space for node names
- Update syscall tables for the 3.3.0 kernel
- Update libev to 4.0.4
- Reduce the size of some applications
- In auditctl, check usage against euid rather than uid
2.2
- Correct all rules for clock_settime
- Fix possible segfault in auparse library
- Handle malformed socket addresses better
- Improve performance in audit_log_user_message()
- Improve performance in writing to the log file in auditd
- Syscall update for accept4 and recvmmsg
- Update autrace resource usage mode syscall list
- Improved sample rules for recent syscalls
- Add some debug info to audisp-remote startup and shutdown
- Make compiling with Python optional
- In auditd, if disk_error_action is ignore, don't syslog anything
- Fix some memory leaks
- If audispd is stopping, don't restart children
- Add support in auditctl for shell escaped filenames (Alexander)
- Add search support for virt events (Marcelo Cerri)
- Update interpretation tables
- Sync auparse's auditd config parser with auditd's parser (forwarded request 137972 from coolo)
OBS-URL: https://build.opensuse.org/request/show/137974
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=58
- Update to version 2.2.1, see audit's changes
- update to 2.2.1, upstream changelog:
2.2.1
- Add more interpretations in auparse for syscall parameters
- Add some interpretations to ausearch for syscall parameters
- In ausearch/report and auparse, allocate extra space for node names
- Update syscall tables for the 3.3.0 kernel
- Update libev to 4.0.4
- Reduce the size of some applications
- In auditctl, check usage against euid rather than uid
2.2
- Correct all rules for clock_settime
- Fix possible segfault in auparse library
- Handle malformed socket addresses better
- Improve performance in audit_log_user_message()
- Improve performance in writing to the log file in auditd
- Syscall update for accept4 and recvmmsg
- Update autrace resource usage mode syscall list
- Improved sample rules for recent syscalls
- Add some debug info to audisp-remote startup and shutdown
- Make compiling with Python optional
- In auditd, if disk_error_action is ignore, don't syslog anything
- Fix some memory leaks
- If audispd is stopping, don't restart children
- Add support in auditctl for shell escaped filenames (Alexander)
- Add search support for virt events (Marcelo Cerri)
- Update interpretation tables
- Sync auparse's auditd config parser with auditd's parser
OBS-URL: https://build.opensuse.org/request/show/137972
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=39
