SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for audit-debuginfo-1.0.16-4.el4.x86_64.rpm :
Tue Jan 20 23:00:00 2009 Steve Grubb 1.0.16-4.EL4
Resolves: #468105 su - fails intermittently during batch job

Fri Apr 11 00:00:00 2008 Steve Grubb 1.0.16-3.EL4
Resolves: #402941 ausearch segfaults using -k and watch doesn\'t have a key
Resolves: #325561 num_logs is needed for keep_logs to work in /etc/auditd.conf
Resolves: #251639 auditd resume logging on SIGUSR2
- Update time handling for ausearch and aureport to add more keywords

Thu Nov 1 23:00:00 2007 Steve Grubb 1.0.15-4.EL4
resolves: #353241 ausearch needed update for escaped acct fields

Mon Mar 5 23:00:00 2007 Steve Grubb 1.0.15-3.EL4
- Fix parsing filterkeys in fs_watch records

Wed Jan 24 23:00:00 2007 Steve Grubb 1.0.15-2.EL4
- Patch auditd.conf with dispatcher used in RHEL5 to make upgrade easier

Tue Nov 14 23:00:00 2006 Steve Grubb 1.0.15-1.EL4
- Correct address resolving of hostname in logging functions
- Fix logging messages to use addr if passed
- Add TRUSTED_APP message type
- Fix netlink errno return
- Auditd ignore most signals
- Add audit dispatcher interface to auditd
- In auditd if num_logs is zero, don\'t rotate on SIGUSR1 (#208834)
- Cleanup file descriptor handling in auditd
- Improve time handling in ausearch and aureport (#191394)
- Attempt to reconstruct full path from relative for searching
- Ausearch & aureport now fail if no args to -te
- In aureport, add class between syscall and permission in avc report
- Fix bug where fsync is called in debug mode
- Add optional support for tty in SYSCALL records for ausearch/aureport
- ausearch & aureport implement uid/gid caching
- In ausearch & aureport, extract addr when hostname is unknown
- In ausearch & aureport, test audit log presence O_RDONLY
- Updated man pages (#213328, #213330)

Wed Apr 19 00:00:00 2006 Steve Grubb 1.0.14-1.EL4
- Change auditd to use custom daemonize to avoid race in init scripts
- Update error message when deleting a rule that doesn\'t exist (#176239)
- Fix bug in autrace where it didn\'t run on kernels without file watch support
- Add timestamp to daemon_config messages (#174865)
- Add error checking of year for aureport & ausearch
- Treat af_unix sockets as files for searching and reporting
- Update capp rules to combine syscalls for higher performance
- Apply patch from Ulrich Drepper that optimizes resource utilization
- Change ausearch and aureport to unlocked IO
- Add more message types

Fri Nov 18 23:00:00 2005 Steve Grubb 1.0.12-1.EL4
- Step up to new version
- Add locale patch - ausearch & aureport
- Add c++ patch - libaudit.h
- Add fixup patch - auditd email error handler correction

Fri Nov 18 23:00:00 2005 Steve Grubb 1.0.4-1
- Step up to new version
- Add patch to correct problem with receiving watch lists (#172574)

Sat Sep 17 00:00:00 2005 Steve Grubb 1.0.3-6
- Revert last set of changes
- Make initscript not enabled by default

Fri Sep 2 00:00:00 2005 Steve Grubb 1.0.3-5
- Make rate & backlog 32 bit unsigned int in auditctl
- In auditctl, if -F arch is given with -t option, don\'t require list

Wed Aug 31 00:00:00 2005 Steve Grubb 1.0.3-4
- if old kernel don\'t send user message with new type

Thu Aug 25 00:00:00 2005 Steve Grubb 1.0.3-3
- move the audit-version-test to the libs package

Thu Aug 25 00:00:00 2005 Steve Grubb 1.0.3-2
- adjust audit-version-test to split the EL off the release

Tue Aug 23 00:00:00 2005 Steve Grubb 1.0.3-1
- adjust file perms of newly created log file in auditd
- fix 2 memory leaks and an out of bounds access in auditd
- fix case where auditd was closing netlink descriptor too early
- fix watch rules not to take field arguments in auditctl
- fix bug where inode, devmajor, devminor, exit, and success fields in auditctl rules were not getting the correct value stored

Sun Aug 21 00:00:00 2005 Steve Grubb 1.0.1-2.EL4
- don\'t start auditd on old ia64 kernels
- don\'t allow auditd or auditctl to enable audit on old ia64 kernels

Thu Aug 4 00:00:00 2005 Steve Grubb 1.0.1-1.EL4
- Add check for fields that cannot be used with syscall entry in auditctl
- Make auditctl not tolerate duplicate rule and watches
- Remove uid check in ausearch

Thu Aug 4 00:00:00 2005 Steve Grubb 1.0-2.EL4
- Increase buffer size in ausearch.

Wed Aug 3 00:00:00 2005 Steve Grubb 1.0-1.EL4
- Update sample CAPP config
- Remove warning for trimming file path in auditctl
- Make auditctl tolerate duplicate rule and watches
- auditd has new option so it doesn\'t overwrite log files
- Fixed bug in autrace that was reporting bad descriptor

Sat Jul 30 00:00:00 2005 Steve Grubb 0.9.20-1.EL4
- Fix ausearch to handle missing audit log better
- Fix auditctl blank line handling
- Trim trailing \'/\' from file system watches in auditctl
- Catch cases where parameter was passed without option being given to auditctl
- Add CAPP sample configuration

Tue Jul 19 00:00:00 2005 Steve Grubb 0.9.19-2.EL4
- Fixed dangling symlink

Fri Jul 15 00:00:00 2005 Steve Grubb 0.9.19-1.EL4
- ausearch remove debug code

Fri Jul 15 00:00:00 2005 Steve Grubb 0.9.18-1.EL4
- auditd message formatter use MAX_AUDIT_MESSAGE_LENGTH to prevent clipping

Wed Jul 13 00:00:00 2005 Steve Grubb 0.9.17-1.EL4
- Fix ausearch buffers to hold long filenames
- Make a0 long long for 64 bit kernels & 32 bit ausearch

Fri Jul 8 00:00:00 2005 Steve Grubb 0.9.16-1.EL4
- Adjust umask
- Adjust length of strings for file system watches to not include NUL
- Remove extra error message from audit_send

Sat Jun 25 00:00:00 2005 Steve Grubb 0.9.15-1.EL4
- Update log rotation handling to be more robust

Sat Jun 25 00:00:00 2005 Steve Grubb 0.9.14-1.EL4
- make auditctl -s work again
- make AUDITD_CLEAN_STOP test in init scripts case insensitive

Fri Jun 24 00:00:00 2005 Steve Grubb 0.9.13-1.EL4
- Remove /lib/libaudit.so & .la from audit-libs package
- In auditctl, if syscall not given, default to all

Thu Jun 23 00:00:00 2005 Steve Grubb 0.9.12-1.EL4
- Add some syslog messages for a couple exits
- Add some unlinks of the pid file in a couple error exits
- Make some options of auditctl not expect a reply
- Update support for user and watch filter lists

Wed Jun 22 00:00:00 2005 Steve Grubb 0.9.11-1.EL4
- Change packet draining to nonblocking
- Interpret id field in ausearch
- Add error message if not able to create log
- Ignore netlink acks when asking for rule & watch list

Tue Jun 21 00:00:00 2005 Steve Grubb 0.9.10-1.EL4
- Make sure the bad packet is drained when retrying user messages
- Add support for new user and watch filter lists
- Interpret flags field in ausearch

Mon Jun 20 00:00:00 2005 Steve Grubb 0.9.9-1.EL4
- Fix user messages for people with older kernels

Sat Jun 18 00:00:00 2005 Steve Grubb 0.9.8-1.EL4
- Added support for FS_INODE and USYS_CONFIG records
- More cleanup of user space message functions

Fri Jun 17 00:00:00 2005 Steve Grubb 0.9.7-1
- fixed bug in send_user_message which errored on pam logins
- Change nanosleeps over to select loops
- Change the \'e\' option to auditctl -p to \'x\'

Fri Jun 17 00:00:00 2005 Steve Grubb 0.9.6-1
- fix bug in incremental flush where is wrongly reported an error
- ausearch should not do uid check for -if option
- adjust ipc interpretation to not use ipc.h

Wed Jun 15 00:00:00 2005 Steve Grubb 0.9.5-1
- interpret socketcall & ipc based on a0 in ausearch
- change call sequence to make user space messages faster
- update return val for auditctl

Sun Jun 12 00:00:00 2005 Steve Grubb 0.9.4-1
- Rule and watch insert no longer automatically dumps list
- auditctl rules can now use auid instead of loginuid
- Add sighup support for daemon reconfiguration
- Move some functions into private.h

Fri Jun 10 00:00:00 2005 Steve Grubb 0.9.3-1
- Change filename handling to use linked list in ausearch
- Add man pages for audit_setloginuid & audit_getloginuid
- Fix problem where you couldn\'t set rule on unset loginuid\'s
- Adjust memory management for sighup needs
- Fix problem where netlink timeout counter wasn\'t being reset

Fri Jun 3 00:00:00 2005 Steve Grubb 0.9.2-1
- Step up to new glibc-kernheaders

Fri Jun 3 00:00:00 2005 Steve Grubb 0.9.1-1
- AUDITD_CLEAN_STOP config option in /etc/sysconfig/auditd
- When unknown, show raw record in ausearch.
- Add CWD message type support

Thu May 26 00:00:00 2005 Steve Grubb 0.9-1
- Translate numeric info to human readable for ausearch output
- add \'-if\' option to ausearch to select input file
- add \'-c\' option to ausearch to allow searching by comm field
- init script now deletes all rules when daemon stops
- Make auditctl display perms correctly in watch listings
- Make auditctl -D remove all watches

Sat May 21 00:00:00 2005 Steve Grubb 0.8.2-1
- Update documentation
- Handle user space audit events in more uniform way
- Update all parsers for more robustness with new kernel changes
- Create quiet mode for error messages
- Make rotated logs readonly

Wed May 18 00:00:00 2005 Steve Grubb 0.8.1-1
- Fix code to \"or\" uid & gid checks for ausearch -ua & -ga
- Change msg() to audit_msg() to avoid conflicts
- Parse socket messages for hostname in ausearch

Fri May 13 00:00:00 2005 Steve Grubb 0.8-1
- ausearch fix bugs related to -f & -x
- Parse messages using new types
- Properly unescape filenames
- Update interface for sending userspace messages to use more types

Mon May 9 00:00:00 2005 Steve Grubb 0.7.4-1
- Make sure ausearch ts & te obey DST.
- Code cleanups to make file system watches work correctly

Wed May 4 00:00:00 2005 Steve Grubb 0.7.3-1
- Add code to get watch list to auditctl
- Get -f & -hn working in ausearch
- Added search by terminal, exe, and syscall to ausearch program
- Added -w parameter to match whole word in ausearch

Thu Apr 28 00:00:00 2005 Steve Grubb 0.7.2-1
- Allow ausearch uid & gid to be non-numeric (root, wheel, etc)
- Fix problems with changing run level
- Added new code for logging shutdown reason credentials
- Update DAEMON messages to use better timestamp

Mon Apr 25 00:00:00 2005 Steve Grubb 0.7.1-1
- Make sure time calc is done using localtime
- Raise rlimits for file size & cpu usage
- Added new disk_error_action config item to auditd.conf
- Rework memory management of event buffer
- Handled all errors in event logging thread

Sun Apr 24 00:00:00 2005 Steve Grubb 0.7-1
- In auditctl -l, loop until all rules are printed
- Update autrace not to run if rules are currently loaded
- Added code to switch to single user mode when disk is full
- Added the ausearch program

Thu Apr 21 00:00:00 2005 Steve Grubb 0.6.12-1
- Fixed bug where elf type wasn\'t being set when given numerically
- Added autrace program (similar to strace)
- Fixed bug when logs = 2 and ROTATE is the action, only 1 log resulted

Tue Apr 19 00:00:00 2005 Steve Grubb 0.6.11-1
- Check log file size on start up
- Added priority_boost config item
- Reworked arch support
- Reworked how run level is changed
- Make allowances for ECONNREFUSED

Sat Apr 2 00:00:00 2005 Steve Grubb 0.6.10-1
- Code cleanups
- Support the arch field for auditctl
- Add version to auditctl
- Documentation updates
- Moved default location of the audit log to /var/log/audit

Thu Mar 17 23:00:00 2005 Steve Grubb 0.6.9-1
- Added patch for filesystem watch
- Added version information to audit start message
- Change netlink code to use ack in order to get error notification

Thu Mar 10 23:00:00 2005 Steve Grubb 0.6.8-1
- removed the pam_loginuid library - its going to pam

Wed Mar 9 23:00:00 2005 Steve Grubb 0.6.7-1
- Fixed bug setting loginuid
- Added num_logs to configure number of logs when rotating
- Added code for rotating logs

Tue Mar 8 23:00:00 2005 Steve Grubb 0.6.6-1
- Fix audit_set_pid to try to read a reply, but its non-fatal if no reply.
- Remove the read status during init
- Change to using pthreads sync mechanism for stopping system
- Worker thread should ignore all signals
- Change main loop to use select for inbound event handling
- Gave pam_loginuid a \"failok\" option for testing

Thu Mar 3 23:00:00 2005 Steve Grubb 0.6.5-1
- Lots of code cleanups
- Added write_pid function to auditd
- Added audit_log to libaudit
- Don\'t check file length in foreground mode of auditd
- Added
*if_enabled functions to send messages only if audit system is enabled
- If syscall name is unknown when printing rules, use the syscall number
- Rework the build system to produce singly threaded public libraries
- Create a multithreaded version of libaudit for the audit daemon\'s use

Wed Feb 23 23:00:00 2005 Steve Grubb 0.6.4-1
- Rename pam_audit to pam_loginuid to reflect what it does
- Fix bug in detecting space left on partition
- Fix bug in handling of suspended logging

Wed Feb 23 23:00:00 2005 David Woodhouse 0.6.3-3
- Include stdint.h in libaudit.h and require new glibc-kernheaders

Sun Feb 20 23:00:00 2005 Steve Grubb 0.6.3-2
- Another lib64 correction

Sun Feb 20 23:00:00 2005 Steve Grubb 0.6.3-1
- Change pam install from /lib/security to /lib64/security
- Change pam_audit to write loginuid to /proc/pid/loginuid
- Add pam_session_close handle
- Update to newest kernel headers

Fri Feb 11 23:00:00 2005 Steve Grubb 0.6.2-1
- New version
- Add R option to auditctl to allow reading rules from file.
- Do not allow task creation list to have syscall auditing
- Add D option to allow deleting all rules with 1 command
- Added pam_audit man page & sample.rules
- Mod initscript to call auditctl to load rules at start-up
- Write message to log file for daemon start up
- Write message that daemon is shutting down
- Modify auditd shutdown to wait until logger thread is finished
- Add sample rule file to docs

Sat Jan 8 23:00:00 2005 Steve Grubb 0.6.1-1
- New version: rework auditctl and its man pages.
- Added admin_space_left config option as last chance before
running out of disk space.

Wed Jan 5 23:00:00 2005 Steve Grubb 0.6-1
- New version
- Split package up to libs, libs-devel, and audit.

Mon Dec 13 23:00:00 2004 Steve Grubb 0.5.6-1
- New version

Fri Dec 10 23:00:00 2004 Steve Grubb 0.5.5-1
- New version

Fri Dec 3 23:00:00 2004 Steve Grubb 0.5.4-1
- New version

Mon Nov 22 23:00:00 2004 Steve Grubb 0.5.3-1
- New version

Mon Nov 15 23:00:00 2004 Steve Grubb 0.5.2-1
- New version

Wed Nov 10 23:00:00 2004 Steve Grubb 0.5.1-1
- Added initscript pieces
- New version

Thu Sep 2 00:00:00 2004 Charlie Bennett (ccbAATTredhat.com) 0.5-1
- Initial build.


  
ICM