Changelog for
libaudit1-2.8.1-3.30.x86_64.rpm :
* Sat Nov 04 2017 aavindraaAATTgmail.com- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
* many features added to auparse_normalize
* cli option added to auditd and audispd for setting config dir
* in auditd, restore the umask after creating a log file
* option added to auditd for skipping email verification- Full changelog: http://people.redhat.com/sgrubb/audit/ChangeLog
* Mon Jul 24 2017 jengelhAATTinai.de- Rectify RPM groups, diversify descriptions.- Remove mentions of static libraries because they are not built.
* Tue Jul 18 2017 tonyjAATTsuse.com- Update to version 2.7.7 release Changelog: https://people.redhat.com/sgrubb/audit/ChangeLog
* Sat Apr 02 2016 tchvatalAATTsuse.com- Create folder for the m4 file from previous commit to avoid install failure
* Fri Apr 01 2016 tchvatalAATTsuse.com- Version update to 2.5 release- Refresh two patches and README to contain SUSE and not SuSE
* audit-allow-manual-stop.patch
* audit-plugins-path.patch- Cleanup with spec-cleaner and do not use subshells but rather use - C parameter of make- Install m4 file to the devel package
* Wed Dec 02 2015 p.drouandAATTgmail.com- Do not depend on insserv nor fillup; the package provides neither sysconfig nor sysvinit files
* Fri Aug 21 2015 tonyjAATTsuse.com- Update to version 2.4.4 (bsc#941922, CVE-2015-5186)- Remove patch \'audit-no_m4_dir.patch\' (added Fri Apr 26 11:14:39 UTC 2013 by mmeisterAATTsuse.com) No idea what earlier \'automake\' build error this was trying to fix but it broke the handling of \"--without-libcap-ng\". Anyways, no build error occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build- Require pkgconfig for build Changelog 2.4.4 - Fix linked list correctness in ausearch/report - Add more cross compile fixups (Clayton Shotwell) - Update auparse python bindings - Update libev to 4.20 - Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling Changelog 2.4.3 - Add python3 support for libaudit - Cleanup automake warnings - Add AuParser_search_add_timestamp_item_ex to python bindings - Add AuParser_get_type_name to python bindings - Correct processing of obj_gid in auditctl (Aleksander Zdyb) - Make plugin config file parsing more robust for long lines (#1235457) - Make auditctl status print lost field as unsigned number - Add interpretation mode for auditctl -s - Add python3 support to auparse library - Make --enable-zos-remote a build time configuration option (Clayton Shotwell) - Updates for cross compiling (Clayton Shotwell) - Add MAC_CHECK audit event type - Add libauparse pkgconfig file (Aleksander Zdyb) Changelog 2.4.2 - Ausearch should parse exe field in SECCOMP events - Improve output for short mode interpretations in auparse - Add CRYPTO_IKE_SA and CRYPTO_IPSEC_SA events - If auditctl is reading rules from a file, send messages to syslog (#1144252) - Correct lookup of ppc64le when determining machine type - Increase time buffer for wide character numbers in ausearch/report (#1200314) - In aureport, add USER_TTY events to tty report - In audispd, limit reporting of queue full messages (#1203810) - In auditctl, don\'t segfault when invalid options passed (#1206516) - In autrace, remove some older unimplemented syscalls for aarch64 (#1185892) - In auditctl, correct lookup of aarch64 in arch field (#1186313) - Update lookup tables for 4.1 kernel
* Mon Nov 24 2014 mqAATTsuse.cz- Update to version 2.4.1 Changelog 2.4.1 - Make python3 support easier - Add support for ppc64le (Tony Jones) - Add some translations for a1 of ioctl system calls - Add command & virtualization reports to aureport - Update aureport config report for new events - Add account modification summary report to aureport - Add GRP_MGMT and GRP_CHAUTHTOK event types - Correct aureport account change reports - Add integrity event report to aureport - Add config change summary report to aureport - Adjust some syslogging level settings in audispd - Improve parsing performance in everything - When ausearch outputs a line, use the previously parsed values (Burn Alting) - Improve searching and interpreting groups in events - Fully interpret the proctitle field in auparse - Correct libaudit and auditctl support for kernel features - Add support for backlog_time_wait setting via auditctl - Update syscall tables for the 3.18 kernel - Ignore DNS failure for email validation in auditd (#1138674) - Allow rotate as action for space_left and disk_full in auditd.conf - Correct login summary report of aureport - Auditctl syscalls can be comma separated list now - Update rules for new subsystems and capabilities- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
* Tue Sep 02 2014 tonyjAATTsuse.com- Update to version 2.4 Changelog 2.4 - Optionally parse loginuids, (e)uids, & (e)gids in ausearch/report - In auvirt, anomaly events don\'t have uuid (#1111448) - Fix category handling in various records (#1120286) - Fix ausearch handling of session id on 32 bit systems - Set systemd startup to wait until systemd-tmpfiles-setup.service (#1097314) - Interpret a0 of socketcall and ipccall syscalls - Add pkgconfig file for libaudit - Add go language bindings for limited use of libaudit - Fix ausearch handling of exit code on 32 bit systems - Fix bug in aureport string linked list handling - Document week-ago time setting in ausearch/report man page - Update tables for 3.16 kernel - In aulast, on bad logins only record user_login proof and use it - Add libaudit API for kernel features - If audit=0 on kernel cmnd line, skip systemd activation (Cristian RodrÃguez) - Add checkpoint --start option to ausearch (Burn Alting) - Fix arch matching in ausearch - Add --loginuid-immutable option to auditctl - Fix memory leak in auditd when log_format is set to NOLOG - Update auditctl to display features in the status command - Add ausearch_add_timestamp_item_ex() to auparse Changelog 2.3.7 - Limit number of options in a rule in libaudit - Auditctl cannot load rule with lots of syscalls (#1089713) - In ausearch, fix checkpointing when inode is reused by new log (Burn Alting) - Add PROCTITLE and FEATURE_CHANGE event types
* Tue Sep 02 2014 tonyjAATTsuse.com- Add support for ppc64le (bnc#891861) New patch: audit-add-ppc64le-mach-support.patch
* Tue Apr 15 2014 tonyjAATTsuse.com- Update to version 2.3.6 Changelog 2.3.6 - Add an option to auditctl to interpret a0 - a3 of syscall rules when listing - Improve ARM and AARCH64 support (AKASHI Takahiro) - Add ausearch --checkpoint feature (Burn Alting) - Add --arch option to ausearch - Improve too long config line in audispd, auditd, and auparse (#1071580) - Fix aulast to accept the new AUDIT_LOGIN record format - Remove clear_config symbol in auparse Changelog 2.3.5 - In CRYPTO_KEY_USER events, do not interpret the \'fp\' field - Change formatting of rules listing in auditctl to look like audit.rules - Change auditctl to do all netlink comm and then print rules - Add a debug option to ausearch to find skipped events - Parse subject, auid, and ses in LOGIN events (3.14 kernel changed format) - In auditd, when shifting logs, ignore the num_logs setting (#950158) - Allow passing a directory as the input file for ausearch/report (LC Bruzenak) - Interpret syscall fields in SECCOMP events - Increase a couple buffers to handle longer input Changelog 2.3.4 - Parse path in CONFIG_CHANGE events - In audisp-remote, fix retry logic for temporary network failures - In auparse, add get_type_name function - Add --no-config command option to aureport - Fix interpretting MCS seliunx contexts in ausearch (#970675) - In auparse, classify selinux contexts as MAC_LABEL field type - In ausearch/report parse vm-ctx and img-ctx as selinux labels - Update translation tables for the 3.14 kernel
* Tue Feb 04 2014 tonyjAATTsuse.com- Update to version 2.3.3 Changelog 2.3.3 - Documentation updates - Add AUDIT_USER_MAC_CONFIG_CHANGE event for MAC policy changes - Update interpreting scheduler policy names - Update automake files to automake-1.13.4 - Remove CAP_COMPROMISE_KERNEL interpretation - Parse name field in AVC\'s (#1049916) - Add missing typedef for auparse_type_t enumeration (#1053424) - Fix parsing encoded filenames in records - Parse SECCOMP events
* Tue Nov 26 2013 tonyjAATTsuse.com- Update to version 2.3.2 Changelog 2.3.2 - Put RefuseManualStop in the right systemd section (#969345) - Add legacy restart scripts for systemd support - Add more syscall argument interpretations - Add \'unset\' keyword for uid & gid values in auditctl - In ausearch, parse obj in IPC records - In ausearch, parse subj in DAEMON_ROTATE records - Fix interpretation of MQ_OPEN and MQ_NOTIFY events - In auditd, restart dispatcher on SIGHUP if it had previously exited - In audispd, exit when no active plugins are detected on reconfigure - In audispd, clear signal mask set by libev so that SIGHUP works again - In audispd, track binary plugins and restart if binary was updated - In audispd, make sure we send signals to the correct process - In auditd, clear signal mask when spawning any child process - In audispd, make builtin plugins respond to SIGHUP - In auparse, interpret mode flags of open syscall if O_CREAT is passed - In audisp-remote, don\'t make address lookup always a permanent failure - In audisp-remote, remove EOE events more efficiently - In auditd, log the reason when email account is not valid - In audisp-remote, change default remote_ending action to reconnect - Add support for Aarch64 processors Changelog 2.3.1 - Rearrange auditd setting enabled and pid to avoid a race (#910568) - Interpret the ocomm field from OBJ_PID records - Fix missing \'then\' statement in sysvinit script - Switch ausearch to use libauparse for interpretting fields - In libauparse, interpret prctl arg0, sched_setscheduler arg1 - In auparse, check source_list isn\'t NULL when opening next file (Liequan Che) - In libauparse, interpret send
* flags argument - In libauparse, interpret level and name options for set/getsockopt - In ausearch/report, don\'t flush events until last file (Burn Alting) - Don\'t use systemctl to stop the audit daemon Changelog 2.3 - The clone(2) man page is really clone(3), fix interpretation of clone syscall - Add systemd support for reload (#901533) - Allow -F msgtype on the user filter - Add legacy support for resuming logging under systemd (#830780) - Add legacy support for rotating logs under systemd (#916611) - In auditd, collect SIGUSR2 info for DAEMON_RESUME events - Updated man pages - Update libev to 4.15 - Update syscall tables for 3.9 kernel - Interpret MQ_OPEN events - Add augenrules support (Burn Alting) - Consume less stack sending audit events
* Fri Jun 28 2013 cooloAATTsuse.com- remove libcap-ng too from audit.spec as it\'s only needed for plugins (and libcap-ng itself needs python to build bindings)
* Thu Jun 27 2013 tonyjAATTsuse.com- Eliminate build cycles. audit.spec now builds only libs/devel. Remainder (including daemon) built from audit-secondary.spec
* Fri Apr 26 2013 mmeisterAATTsuse.com- audit-no_m4_dir.patch: Removed AC_CONFIG_MACRO_DIR([m4]) from configure.ac to fix build with new automake
* Mon Mar 25 2013 crrodriguezAATTopensuse.org- --with-libcap-ng=yes has no effect if libcap-ng is not buildrequired and the lack of those requires causes a broken configure script after autoreconf add pkgconfig(libcap-ng) to both audit and audit-secondary, cap-ng is actually only use in the latter.
* Mon Mar 25 2013 crrodriguezAATTopensuse.org- Version 2.2.3- Code cleanups- In spec file, don\'t own lib64/audit- Update man pages- Aureport no longer reads auditd.conf when stdin is used- Don\'t let systemd kill auditd if auditctl errors out- Update syscall table for 3.7 and 3.8 kernels- Add interpretation for setns and unshare syscalls- Code cleanup (Tyler Hicks)- Documentation cleanups (Laurent Bigonville)- Add dirfd interpretation to the
*at functions- Add termination signal to clone flags interpretation- Update stig.rules- In auditctl, when listing rules don\'t print numeric value of dir fields- Add support for rng resource type in auvirt- Fix aulast bad login output (#922508)- In ausearch, allow negative numbers for session and auid searches- In audisp-remote, if disk_full_action is stop then stop sending (#908977)
* Fri Mar 22 2013 crrodriguezAATTopensuse.org- remove sysvinit scripts.
* Wed Jan 30 2013 crrodriguezAATTopensuse.org- remove old tarball and update -secondary spec
* Wed Jan 30 2013 crrodriguezAATTopensuse.org- Audit 2.2.2 , the purpose of this update is too add compatibility with systemd for 12.3- In auditd, tcp_max_per_addr was allowing 1 more connection than specified- In ausearch, fix matching of object records- Auditctl was returning -1 when listing rules filtered on a key field- Add interpretations for CAP_BLOCK_SUSPEND and CAP_COMPROMISE_KERNEL- Add armv5tejl, armv5tel, armv6l and armv7l machine types (Nathaniel Husted)- Updates for the 3.6 kernel- Add auparse_feed_has_data function to libauparse- Update audisp-prelude to use auparse_feed_has_data- Add support to conditionally build auditd network listener (Tyler Hicks)- In auditd, reset a flag after receiving USR1 signal info when rotating logs- Add optional systemd init script support- Add support for SECCOMP event type- Don\'t interpret aN_len field in EXECVE records (#869555)- In audisp-remote, do better job of draining queue- Fix capability parsing in ausearch/auparse- Interpret BPRM_FCAPS capability fields- Add ANOM_LINK event type
* Tue Jan 22 2013 jengelhAATTinai.de- Executing autoreconf requires autoconf
* Fri Oct 12 2012 cooloAATTsuse.com- update to 2.2.1, upstream changelog: 2.2.1 - Add more interpretations in auparse for syscall parameters - Add some interpretations to ausearch for syscall parameters - In ausearch/report and auparse, allocate extra space for node names - Update syscall tables for the 3.3.0 kernel - Update libev to 4.0.4 - Reduce the size of some applications - In auditctl, check usage against euid rather than uid 2.2 - Correct all rules for clock_settime - Fix possible segfault in auparse library - Handle malformed socket addresses better - Improve performance in audit_log_user_message() - Improve performance in writing to the log file in auditd - Syscall update for accept4 and recvmmsg - Update autrace resource usage mode syscall list - Improved sample rules for recent syscalls - Add some debug info to audisp-remote startup and shutdown - Make compiling with Python optional - In auditd, if disk_error_action is ignore, don\'t syslog anything - Fix some memory leaks - If audispd is stopping, don\'t restart children - Add support in auditctl for shell escaped filenames (Alexander) - Add search support for virt events (Marcelo Cerri) - Update interpretation tables - Sync auparse\'s auditd config parser with auditd\'s parser - In ausearch, also use cwd fields in file name searchs - In ausearch, parse cwd in USER_CMD events - In ausearch, correct parsing of uid in user space events - In ausearch, update parsing of integrity events - Apply some text cleanups from Debian (Russell Coker) - In auditd, relax some permission checks for external apps - Add ROLE_MODIFY event type - In auditctl, new -c option to continue through bad rules but with failed exit - Add auvirt program to do special reporting on virt events (Marcelo Cerri) - Add interfield comparison support to auditctl (Peter Moody) - Update auparse type intepretation for apparmor (Marcelo Cerri) - Increase tcp_max_per_addr maximum to 1024.- remove audit-no_python.patch, there is a configure switch for that now- remove prereq on sysvinit
* Tue Feb 28 2012 tonyjAATTsuse.com- Update to version 2.1.3, upstream changelog: - 2.1.3 - Fix parsing of EXECVE records to not escape argc field - If auditd\'s disk is full, send the right reason to client (#715315) - Add CAP_WAKE_ALARM to interpretations - Some updates to audisp-remote\'s remote-fgets function (Mirek Trmac) - Add detection of TTY events to audisp-prelude (Matteo Sessa) - Updated syscall tables for the 3.0 kernel - Update linker flags for better relro support - Make default size of logs bigger (#727310) - Extract obj from NETFILTER_PKT events - Disable 2 kerberos config options in audisp-remote.conf - 2.1.2 - In ausearch/report, fix a segfault caused by MAC_POLICY_LOAD records - In ausearch/report, add and update parsers - In auditd, cleanup DAEMON_ACCEPT and DAEMON_CLOSE addr fields - In ausearch/report, parse addr field of DAEMON_ACCEPT & DAEMON_CLOSE records - In auditd, move startup success to after events are registered - If auditd shutsdown due to failed tcp init, write a DAEMON_ABORT event - Update auditd to avoid the oom killer in new kernels (Andreas Jaeger) - Parse and interpret NETFILTER_PKT events correctly - Return error if auditctl -l fails (#709345) - In audisp-remote, replace glibc\'s fgets with custom implementation
* Fri Sep 30 2011 cooloAATTsuse.com- add libtool as buildrequire to make the spec file more reliable
* Sat Sep 17 2011 jengelhAATTmedozas.de- Remove redundant tags/sections from specfile- Add audit-devel to baselibs
* Wed May 11 2011 meissnerAATTsuse.de- Adjust license of libaudit and libauparse to be LGPLv2.1 or later.
* Wed Apr 27 2011 tonyjAATTnovell.com- Update to version 2.1.1, upstream changelog: - 2.1.1 - When ausearch is interpretting, output \"as is\" if no = is found - Correct socket setup in remote logging - Adjusted a couple default settings for remote logging and init script - Audispd was not marking restarted plugins as active - Audisp-remote should keep a capability if local_port < 1024 - When audispd restarts plugin, send event in its preferred format - In audisp-remote, make all I/O asynchronous - In audisp-remote, add sigusr1 handler to dump internal state - Fix autrace to use correct syscalls on s390 and s390x systems - Add shutdown syscall to remote logging teardowns - Correct autrace rule for 32 bits systems 2.1 - Update auditctl man page for new field on user filter - Fix crash in aulast when auid is foreign to the system - Code cleanups - Add store and forward model to audispd-remote (Mirek Trmac) - Free memory on failed startups in audisp-prelude - Fix memory leak in aureport - Fix parsing state problem in libauparse - Improve the robustness of libaudit field encoding functions - Update capability tables - In auditd, make failure action config checking consistent - In auditd, check that NULL is not being passed to safe_exec - In audisp-remote, overflow_action wasn\'t suspending if that action was chosen - Update interpretations for virt events - Improve remote logging warning and error messages - Add interpretations for netfilter events 2.0.6 - ausearch/report performance improvements - Synchronize all sample syscall rules to use action,list - If program name provided to audit_log_acct_message, escape it - Fix man page for the audit_encode_nv_string function (#647131) - If value is NULL, don\'t segfault (#647128) - Fix simple event parsing to not assume session id can\'t be last (Peng Haitao) - Add support for new mmap audit event type - Add ability for audispd syslog plugin to choose facility local0-7 (#593340) - Fix autrace to use correct syscalls on i386 systems (Peng Haitao) - On startup and reconfig, check for excess logs and unlink them - Add a couple missing parser debug messages - Fix error output resolving numeric address and update man page - Add netfilter event types - Fix spelling error in audit.rules man page (#667845) - Improve warning in auditctl regarding immutable mode (#654883) - Update syscall tables for the 2.6.37 kernel - In ausearch, allow searching for auid -1 - Add queue overflow_action to audisp-remote to control queue overflows - Update sample rules for new syscalls and packages
* Mon Feb 21 2011 ajAATTsuse.de- Fix value of oom_score_adj.
* Tue Dec 07 2010 cooloAATTnovell.com- prereq init script syslog
* Sun Nov 07 2010 cristian.rodriguezAATTopensuse.org- use full RELRO.
* Tue Sep 28 2010 tonyjAATTnovell.com- Update to version 2.0.5 (drop: audit-as_needed.patch)- Update README-BEFORE-ADDING-PATCHES- Upstream 2.0.5 changelog: - Make auparse handle empty AUSOURCE_FILE_ARRAY correctly (Miloslav Trmač) - On i386, audit rules do not work on inode\'s with a large number (#554553) - Fix displaying of inode values to be unsigned integers when listing rules - Correct Makefile install of audispd (Jason Tang) - Syscall table updates for 2.6.34 kernel - Add definitions for service start and stop - Fix handling of ignore errors in auditctl - Fix gssapi support to build with new linker options - Add virtualization event types - Update aureport program help and man pages to show all options
* Tue Sep 28 2010 ajAATTsuse.de- Annotate patch audit-oom_score_adj.
* Mon Sep 27 2010 ajAATTsuse.de- Use /proc/
/oom_score_adj if available.
* Mon Jun 28 2010 jengelhAATTmedozas.de- use %_smp_mflags
* Fri Jun 25 2010 tonyjAATTnovell.com- Minor changes to README-BEFORE-ADDING-PATCHES file.- Add this file as %source in spec
* Fri Jun 25 2010 dmuellerAATTsuse.de- obsolete -XXbit package
* Tue May 04 2010 tonyjAATTsuse.de- Update to version 2.0.4. This is a major version update, libaudit.so has changed version. There is no backward compatibility. audit-libs has been split into libaudit1 and libauparse0.- Redhat changelog for 2.0 - 2.0.4 follows:
* 2.0.4 - Make alpha processor support optional - Add support for the arm eabi processor - add a compatible regexp processing capability to auparse (Miloslav Trmač) - Fix regression in parsing user space originating records in aureport - Add tcp_max_per_addr option in auditd.conf to limit concurrent connections - Rearrange shutdown of auditd to allow DAEMON_END event more time
* 2.0.3 - In auditd, tell libev to stop processing a connection when idle timeout - In auditd, tell libev to stop processing a connection when shutting down - Interpret CAPSET records in ausearch/auparse
* 2.0.2 - If audisp-remote plugin has a queue at exit, use non-zero exit code - Fix autrace to use the exit filter - In audisp-remote, add a sigchld handler - In auditd, check for duplicate remote connections before accepting - Remove trailing \':\' if any are at the end of acct fields in ausearch - Update remote logging code to do better sanity check of data - Fix audisp-prelude to prefer files if multiple path records are encountered - Add libaudit.conf man page - In auditd, disconnect idle clients
* 2.0.1 - Aulast now reads daemon_start events for the kernel version of reboot - Clarify the man pages for ausearch/report regarding locale and date formats - Fix getloginuid for python bindings - Disable the audispd af_unix plugin by default - Add a couple new init script actions for LSB 3.2 - In audisp-remote plugin, timeout network reads (#514090) - Make some error logging in audisp-remote plugin more prominent - Add audit.rules man page - Interpret the session field in audit events
* 2.0 - Remove system-config-audit - Get rid of () from userspace originating events - Removed old syscall rules API - not needed since 2.6.16 - Remove all use of the old rule structs from API - Fix uninitialized variable in auditd log rotation - Add libcap-ng support for audispd plugins - Removed ancient defines that are part of kernel 2.6.29 headers - Bump soname number for libaudit - In auditctl, deprecate the entry filter and move rules to exit filter - Parse integrity audit records in ausearch/report (Mimi Zohar) - Updated syscall table for 2.6.31 kernel - Remove support for the legacy negate syscall rule operator - In auditd reset syslog warnings if disk space becomes available
* Sun Dec 13 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0
* Mon Sep 28 2009 crrodriguezAATTsuse.de- do not package static libraries- fix -devel package dependencies
* Sat Jun 20 2009 cmorve69AATTyahoo.es- fixed build with --as-needed
* Fri Jun 19 2009 cooloAATTnovell.com- disable as-needed for this package as it fails to build with it
* Mon May 11 2009 tonyjAATTsuse.de- Update from 1.7.7 to 1.7.13.- Redhat changelog for 1.7.8 - 1.7.13 follows:
* Tue Apr 21 2009 Steve Grubb 1.7.13-1 - Disable libev asserts unless --with-debug passed to configure - Handle kernel 2.6.29\'s audit = 0 boot parameter better - Install audit.py file in arch specific python directory (Dan Walsh) - Fix problem with negative uids in audit rules on 32 bit systems - When file type is unknown, output octal for mode field (Miloslav Trmač) - Update tty keystroke interpretations (Miloslav Trmač)
* Tue Feb 24 2009 Steve Grubb 1.7.12-1 - Add definitions for crypto events - Fix regression where msgtype couldn\'t be used as a range in audit rules - In libaudit, extend time spent checking reply - In acct events, prefer id over acct if given - In aulast, try id and acct in USER_LOGIN events - When in immutable mode, have auditctl tell user instead of sending rules - Add option to sysconfig to disable audit system on auditd stop - Add tcp_wrappers config option to auditd - Aulastlog can now take input from stdin - Update libaudit python bindings to throw exceptions on error - Adjust formatting of TTY data in libauparse to be like ausearch/report - Add more key mappings to TTY interpretations - Add internal queue to audisp-remote - Fix failure action code to allow executables in audisp-remote (Chu Li) - Fix memory leak when NOLOG log_format option given to auditd - Quieten some of the reconnect text being sent to syslog in audisp-remote - Apply some libev fixups to auditd - Cleanup shutdown sequence of auditd - Allow auditd log rotation via SIGUSR1 when NOLOG log format option given
* Sat Jan 10 2009 Steve Grubb 1.7.11-1 - Don\'t error out in auditd when calling setsid - Reformat a couple auditd error messages (Oden Eriksson) - If log rotate fails, leave the old log writable - Fixed bug in setting up auditd event loop when listening - Warn if on biarch machine and auditctl rules show a syscall mismatch - Audisp-remote was not parsing some config options correctly - In auparse, check for single key in addition to virtual keys - When auditd shuts down, send AUDIT_RMW_TYPE_ENDING messages to clients - Created reconnect option to remote ending setting of audisp-remote
* Sat Dec 13 2008 Steve Grubb 1.7.10-1 - Fix ausearch and aureport to handle out of order events - Add line-buffer option to ausearch & timeout pipe input (Tony Jones) - Add support in ausearch/report for tty data - In audisp-remote, allow the keyword \"any\" for local_port - Tighten parsing for -m and -w options in auditctl - Add session query hint for aulast proof - Fix audisp-remote to tolerate krb5 config options when not supported - Created new aureport option for tty keystroke report - audispd should detect backup config files and not use them - When checking for ack in netlink interface, retry on EAGAIN a few times - In aureport, fix mods report to show acct acted upon
* Wed Nov 05 2008 Steve Grubb 1.7.9-1 - Fix uninitialized variable in aureport causing segfault - Quieten down the gssapi not supported messages - Fix bug interpretting i386 logs on x86_64 machines - If kernel is in immutable mode, auditd should not send enable command - Fix ausearch/report recent and now time keyword lookups - Created aulast program - prelude plugin should pull auid for login alert from 2nd uid field - Add system boot, shutdown, and run level change events - Add max_restarts to audispd.conf to limit times a plugin is restarted - Expand session detection in ausearch
* Wed Oct 22 2008 Steve Grubb 1.7.8-1 - Interpret TTY audit data in auparse (Miloslav Trmač) - Extract terminal from USER_AVC events for ausearch/report (Peng Haitao) - Add USER_AVCs to aureport\'s avc reporting (Peng Haitao) - Short circuit hostname resolution in libaudit if host is empty - If log_group and user are not root, don\'t check dispatcher perms - Fix a bug when executing \"ausearch -te today PM\" - Add --exit search option to ausearch - Fix parsing config file when kerberos is disabled
* Tue Apr 14 2009 dmuellerAATTsuse.de- refresh patches