--------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2006-1346 2006-11-29 --------------------------------------------------------------------- Product : Fedora Core 6 Name : audit Version : 1.3 Release : 1.fc6 Summary : User space tools for 2.6 kernel auditing Description : The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. --------------------------------------------------------------------- * Tue Nov 28 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.3-1 - ausearch & aureport implement uid/gid caching - In ausearch & aureport, extract addr when hostname is unknown - In ausearch & aureport, test audit log presence O_RDONLY - New ausearch/aureport time keywords: recent, this-week, this-month, this-year - Added --add & --delete option to aureport - Update res parsing in config change events - Increase the size on audit daemon buffers - Parse avc_path records in ausearch/aureport - ausearch has new output mode, raw, for extracting events - ausearch/aureport can now read stdin - Rework AVC processing in ausearch/aureport - Added long options to ausearch and aureport * Tue Oct 24 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.9-1 - In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834) - Fix some defines in libaudit.h - Some auditd config strings were not initialized in aureport (#211443) - Updated man pages - Add Netlabel event types to libaudit - Update aureports to current audit event types - Update autrace a little - Deprecated all the old audit_rule functions from public API - Drop auparse library for the moment * Fri Sep 29 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.8-1 - Add dist tag and bump version (#208532) - Make internal auditd buffers bigger for context info - Correct address resolving of hostname in logging functions - Do not allow multiple msgtypes in same audit rule in auditctl (#207666) - Only =, != operators for arch & inode fields in auditctl (#206427) - Updated audit message type table - Remove watches from aureport since FS_WATCH is deprecated - Add audit_log_avc back temporarily (#208152) * Mon Sep 18 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.7-2 - Fix logging messages to use addr if passed. - Apply patches from Tony Jones correcting no kernel support messages - Updated syscall tables for 2.6.18 kernel - Remove deprecated functions: audit_log, audit_log_avc, audit_log_if_enabled - Disallow syscall auditing on exclude list - Improve time handling in ausearch and aureport (#191394) - Attempt to reconstruct full path from relative for searching * Wed Aug 30 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.6-3 - Rename audit event socket * Mon Aug 28 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.6-2 - Another minor update to auditctl -p option * Sat Aug 26 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.6-1 - Apply updates to dispatcher - Fix a couple bugs regarding MLS labels - Resurrect -p option - Tighten rules with exclude filter - Fix parsing issue which lead to segfault in some cases - Fix option parsing to ignore malformed lines * Fri Aug 18 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.2.5-8 - rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* (#203001) * Tue Aug 8 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 1.2.5-7 - Remove debug lines from dispatcher * Wed Aug 2 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 1.2.5-6 - Change audisp to use a named pipe * Fri Jul 21 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 1.2.5-5 - Fix dispatcher to handle sigchld - Fix library location for 64 bit - Add Prereq * Fri Jul 21 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 1.2.5-4 - Eliminate avc package from audisp * Wed Jul 19 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 1.2.5-3 - More fixes for setroubleshoot to handle failing plugin * Fri Jul 14 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 1.2.5-2 - Fixes for setroubleshoot * Thu Jul 13 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.5-1 - Switch out dispatcher - Fix bug upgrading rule types * Wed Jul 12 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.2.4-1.1 - rebuild * Fri Jun 30 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.4-1 - Add support for the new filter key - Update syscall tables for 2.6.17 - Add audit failure query function - Switch out gethostbyname call with getaddrinfo - Add audit by obj capability for 2.6.18 kernel - Ausearch & aureport now fail if no args to -te - New auditd.conf option to choose blocking/non-blocking dispatcher comm - Ausearch improved search by label * Thu May 25 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.3-1 - Apply patch to ensure watches only associate with exit filter - Apply patch to correctly show new operators when new listing format is used - Apply patch to pull kernel's audit.h into python bindings - Collect signal sender's context * Tue May 16 2006 David Woodhouse <dwmw2@xxxxxxxxxx> 1.2.2-2 - Require kernel-headers, not glibc-kernheaders. Again. * Fri May 12 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.2-1 - Updates for new glibc-kernheaders - Change auditctl to collect list of rules then delete them on -D - Update capp.rules and lspp.rules to comment out rules for the possible list - Add new message types - Support sigusr1 sender identity of newer kernels - Add support for ppid in auditctl and ausearch - fix auditctl to trim the '/' from watches - Move audit daemon config files to /etc/audit for better SE Linux protection * Tue Apr 25 2006 David Woodhouse <dwmw2@xxxxxxxxxx> 1.2.1-2 - Require kernel-headers, not glibc-kernheaders - Fix redefinition of audit_rule_data with new kernel headers - Remove abuse of __KERNEL__ in lookup_table.c * Sun Apr 16 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2.1-1 - New message type for trusted apps - Add new keywords today, yesterday, now for ausearch and aureport - Make audit_log_user_avc_message really send to syslog on error - Updated syscall tables in auditctl - Deprecated the 'possible' action for syscall rules in auditctl - Update watch code to use file syscalls instead of 'all' in auditctl * Fri Apr 7 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.2-1 - Add support for new file system auditing kernel subsystem * Thu Apr 6 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.6-1 - New message types - Support new rule format found in 2.6.17 and later kernels - Add support for audit by role, clearance, type, sensitivity * Mon Mar 6 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.5-1 - Changed audit_log_semanage_message to take new params - In aureport, add class between syscall and permission in avc report - Fix bug where fsync is called in debug mode - Add optional support for tty in SYSCALL records for ausearch/aureport - Reinstate legacy rule operator support - Add man pages - Auditd ignore most signals * Fri Feb 10 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.1.4-5.1 - bump again for double-long bug on ppc(64) * Fri Feb 10 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.4-5 - Change audit_log_semanage_message to check strlen as well as NULL. * Thu Feb 9 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.4-3 - Change audit_log_semanage_message to take new params. * Wed Feb 8 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.4-1 - Fix bug in autrace where it didn't run on kernels without file watch support - Add syslog message to auditd saying what program was started for dispatcher - Remove audit_send_user from public api - Fix bug in USER_LOGIN messages where ausearch does not translate msg='uid=500: into acct name (#178102). - Change comm with dispatcher to socketpair from pipe - Change auditd to use custom daemonize to avoid race in init scripts - Update error message when deleting a rule that doesn't exist (#176239) - Call shutdown_dispatcher when auditd stops - Add new logging function audit_log_semanage_message * Tue Feb 7 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.1.3-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Thu Jan 5 2006 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.3-1 - Add timestamp to daemon_config messages (#174865) - Add error checking of year for aureport & ausearch - Treat af_unix sockets as files for searching and reporting - Update capp & lspp rules to combine syscalls for higher performance - Adjusted the chkconfig line for auditd to start a little earlier - Added skeleton program to docs for people to write their own dispatcher with - Apply patch from Ulrich Drepper that optimizes resource utilization - Change ausearch and aureport to unlocked IO * Mon Dec 5 2005 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.2-1 - Add more message types * Wed Nov 30 2005 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1.1-1 - Add support for alpha processors - Update the audisp code - Add locale code in ausearch and aureport - Add new rule operator patch - Add exclude filter patch - Cleanup make files - Add python bindings * Wed Nov 9 2005 Steve Grubb <sgrubb@xxxxxxxxxx> 1.1-1 - Add initial version of audisp. Just a placeholder at this point - Remove -t from auditctl * Mon Nov 7 2005 Steve Grubb <sgrubb@xxxxxxxxxx> 1.0.12-1 - Add 2 more summary reports - Add 2 more message types --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ e76be5e86746c39c42dd9f2bca51e10c45cb6f04 SRPMS/audit-1.3-1.fc6.src.rpm e76be5e86746c39c42dd9f2bca51e10c45cb6f04 noarch/audit-1.3-1.fc6.src.rpm 41cf4f4ddcd159352a3fe03c57fb3d9fcd9848db ppc/debug/audit-debuginfo-1.3-1.fc6.ppc.rpm 655ea89adb155604538cb6889ff8094a46c12a9c ppc/audit-libs-python-1.3-1.fc6.ppc.rpm 835f02ded95e5b6dd9cf85345bebed43896027f1 ppc/audit-libs-1.3-1.fc6.ppc.rpm 341b61fe930e85afae4626d716a5e8820c16f6d5 ppc/audit-1.3-1.fc6.ppc.rpm 5cd2d7fbf242b9005602f6c9def3a4db41f3e552 ppc/audit-libs-devel-1.3-1.fc6.ppc.rpm 00b369c33d51603c01fbec72f11b424d11979d69 x86_64/audit-1.3-1.fc6.x86_64.rpm e3a917c9b1bdf02ac5420ffa8bb1fec93562d027 x86_64/audit-libs-python-1.3-1.fc6.x86_64.rpm 38bd4bf01b7d79e7ff50001f105dc8b0369b8138 x86_64/debug/audit-debuginfo-1.3-1.fc6.x86_64.rpm fac5fe661bcf151503ba48fff1b2b63a0ae165c7 x86_64/audit-libs-1.3-1.fc6.x86_64.rpm 81a41fb625da544770111cfe59cdcb170e5a6549 x86_64/audit-libs-devel-1.3-1.fc6.x86_64.rpm 9b158323cb395d754221a319947f357d08bc88b3 i386/audit-libs-python-1.3-1.fc6.i386.rpm eb9eef547b1c2845f4f7d047c58dbc97291324bf i386/debug/audit-debuginfo-1.3-1.fc6.i386.rpm a51e0c744276f6b557d0c95b77a8b8775eabd498 i386/audit-libs-1.3-1.fc6.i386.rpm eb54886a426e3dbc455029d7a8efb318ca43a187 i386/audit-1.3-1.fc6.i386.rpm cf4c995af8155039cfe3c06ae86927f564836ba3 i386/audit-libs-devel-1.3-1.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list