SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for system-group-audit-3.1.1-Virt.150400.170.2.x86_64.rpm :

* Mon Aug 05 2024 Thorsten Kukuk - Remove rcaudit symlink [jsc#PED-266]
* Mon Jul 03 2023 Paolo Stivanin - Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
* Thu May 04 2023 Frederic Crozat - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS.
* Mon Feb 20 2023 Paolo Stivanin - Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
* Tue Dec 27 2022 Ludwig Nussel - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Thu Dec 15 2022 Enzo Matsumiya - Enable build for ARM (32-bit)- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don\'t allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don\'t treat as an error (3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules (3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Mon Apr 11 2022 Jan Engelhardt - Drop buildrequire on C++ compiler.- Modernize specfile constructs.
* Sat Mar 26 2022 Stephan Kulow - Fix buildrequire for openldap2-devel - audit doesn\'t require the (outdated) C++ binding, but the C headers that happen to be pulled in by buildrequiring the C++ devel package
* Fri Mar 25 2022 Enzo Matsumiya - Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
* add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch- Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517)
* add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Wed Mar 23 2022 Dirk Müller - add audit-userspace-517-compat.patch
* Mon Nov 29 2021 Fabian Vogt - Use %autosetup- Don\'t include sample rules as %doc, they\'re already installed as normal files- Fix create-augenrules-service.patch:
* auditd.service needs to require augenrules.service, not the other way around- Fix documentation for enable-stop-rules.patch
* Sun Nov 07 2021 Callum Farmer - Update to version 3.0.6:
* fixes a segfault on some SELINUX_ERR records
* makes IPX packet interpretation dependent on the ipx header file existing
* adds b32/b64 support to ausyscall
* adds support for armv8l
* fixes auditctl list of syscalls on PPC
* auditd.service now restarts auditd under some conditions
* Fri Oct 15 2021 Callum Farmer - Add CONFIG parameter to %sysusers_generate_pre
* Wed Oct 13 2021 Enzo Matsumiya - Create separate service for augenrules (bsc#1191614, bsc#1181400)
* add create-augenrules-service.patch Remove ReadWritePaths=/etc/audit from auditd.service, also removes augenrules call from ExecStartPost. Create augenrules.service with the ReadWritePaths directive above. This makes /etc/audit only accessible by augenrules.service and let auditd.service (and daemon) to be sandboxed again.- Update audit-secondary.spec to accomodate the new service file.
* Mon Sep 20 2021 Enzo Matsumiya - Fix hardened auditd.service (bsc#1181400)
* add fix-hardened-service.patch Make /etc/audit read-write from the service. Remove PrivateDevices=true to expose /dev/
* to auditd.service.- Enable stop rules for audit.service (cf. bsc#1190227)
* add enable-stop-rules.patch
* Thu Sep 16 2021 Enzo Matsumiya - Change default log_format from ENRICHED to RAW (bsc#1190500):
* add change-default-log_format.patch (SUSE-specific patch)- Update to version 3.0.5:
* In auditd, flush uid/gid caches when user/group added/deleted/modified
* Fixed various issues when dealing with corrupted logs
* In auditd, check if log_file is valid before closing handle- Include fixed from 3.0.4:
* Apply performance speedups to auparse library
* Optimize rule loading in auditctl
* Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
* Update syscall table to the 5.14 kernel
* Fixed various issues when dealing with corrupted logs
* Mon Aug 16 2021 Marcus Meissner - harden_auditd.service.patch: automatic hardening applied to systemd services
* Fri Jul 30 2021 Enzo Matsumiya - Update to version 3.0.3:
* Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
* Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
* Change auparse_feed_has_data in auparse to include incomplete events
* Auditd, stop linking against -lrt
* Add ProtectHome and RestrictRealtime to auditd.service
* In auditd, read up to 3 netlink packets in a row
* In auditd, do not validate path to plugin unless active
* In auparse, only emit config errors when AUPARSE_DEBUG env variable exists- use https source urls
* Mon Jun 14 2021 Enzo Matsumiya - Adjust audit.spec and audit-secondary.spec to support new version- Include fix for libev
* add libev-werror.patch- Update to version 3.0.2- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)- Optionally interpret auid in auditctl -l- Update some syscall argument interpretations- In auditd, do not allow spaces in the hostname name format- Big documentation cleanup (MIZUTA Takeshi)- Update syscall table to the 5.12 kernel- Update the auparse normalizer for new event types- Fix compiler warnings in ids subsystem- Block a couple signals from flush & reconfigure threads- In auditd, don\'t wait on flush thread when exiting- Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1- Update syscall table to the 5.11 kernel- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)- Only enable periodic timers when listening on the network- Upgrade libev to 4.33- Add auparse_new_buffer function to auparse library- Use the select libev backend unless aggregating events- Add sudoers to some base audit rules- Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0- Generate checkpoint file even when no results are returned (Burn Alting)- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)- Convert auparse_test to run with python3 (Tomáš Chvátal)- Drop support for prelude- Adjust backlog_wait_time in rules to the kernel default (#1482848)- Remove ids key syntax checking of rules in auditctl- Use SIGCONT to dump auditd internal state (#1504251)- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)- Fix parsing of uid & success for ausearch- Add support for not equal operator in audit by executable (Ondrej Mosnacek)- Hide lru symbols in auparse- Add systemd process protections- Fix aureport summary time range reporting- Allow unlimited retries on startup for remote logging- Add queue_depth to remote logging stats and increase default queue_depth size- Fix segfault on shutdown- Merge auditd and audispd code- Close on execute init_pipe fd (#1587995)- Breakout audisp syslog plugin to be standalone program- Create a common internal library to reduce code- Move all audispd config files under /etc/audit/- Move audispd.conf settings into auditd.conf- Add queue depth statistics to internal state dump report- Add network statistics to internal state dump report- SIGUSR now also restarts queue processing if its suspended- Update lookup tables for the 4.18 kernel- Add auparse_normalizer support for SOFTWARE_UPDATE event- Add 30-ospp-v42.rules to meet new Common Criteria requirements- Deprecate enable_krb and replace with transport config opt for remote logging- Mark netlabel events as simple events so that get processed quicker- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)- In aureport, fix segfault in file report- Add auparse_normalizer support for labeled networking events- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)- In ausearch/auparse, event aging is off by a second- In ausearch/auparse, correct event ordering to process oldest first- Migrate auparse python test to python3- auparse_reset was not clearing everything it should- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events- In ausearch/report, lightly parse selinux portion of USER_AVC events- Add bpf syscall command argument interpretation to auparse- In ausearch/report, limit record size when malformed- Port af_unix plugin to libev- In auditd, fix extract_type function for network originating events- In auditd, calculate right size and location for network originating events- Make legacy script wait for auditd to terminate (#1643567)- Treat all network originating events as VER2 so dispatcher doesn\'t format it- If an event has a node name make it VER2 so dispatcher doesnt format it- In audisp-remote do an initial connection attempt (#1625156)- In auditd, allow expression of space left as a percentage (#1650670)- On PPC64LE systems, only allow 64 bit rules (#1462178)- Make some parts of auditd state report optional based on config- Update to libev-4.25- Fix ausearch when checkpointing a single file (Burn Alting)- Fix scripting in 31-privileged.rules wrt filecap (#1662516)- In ausearch, do not checkpt if stdin is input source- In libev, remove __cold__ attribute for functions to allow proper hardening- Add tests to configure.ac for openldap support- Make systemd support files use /run rather than /var/run (Christian Hesse)- Fix minor memory leak in auditd kerberos credentials code- Allow exclude and user filter by executable name (Ondrej Mosnacek)- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test- In ausearch/report fix --end to use midnight time instead of now (#1671338)- Add substitue functions for strndupa & rawmemchr- Fix memleak in auparse caused by corrected event ordering- Fix legacy reload script to reload audit rules when daemon is reloaded- Support for unescaping in trusted messages (Dmitry Voronin)- In auditd, use standard template for DEAMON events (Richard Guy Briggs)- In aureport, fix segfault for malformed USER_CMD events- Add exe field to audit_log_user_command in libaudit- In auditctl support filter on socket address families (Richard Guy Briggs)- Deprecate support for Alpha & IA64 processors- If space_left_action is rotate, allow it every time (#1718444)- In auparse, drop standalone EOE events- Add milliseconds column for ausearch extra time csv format- Fix aureport first event reporting when no start given- In audisp-remote, add new config item for startup connection errors- Remove dependency on chkconfig- Install rules to /usr/share/audit/sample-rules/- Split up ospp rules to make SCAP scanning easier (#1746018)- In audisp-syslog, support interpreting records (#1497279)- Audit USER events now sends msg as name value pair- Add support for AUDIT_BPF event- Auditd should not process AUDIT_REPLACE events- Update syscall tables to the 5.5 kernel- Improve personality interpretation by using PERS_MASK- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup- Change auparse python bindings to shared object (Issue #121)- Add error messages for watch permissions- If audit rules file doesn\'t exist log error message instead of info message- Revise error message for unmatched options in auditctl- In audisp-remote, fixup remote endpoint disappearin in ascii format- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)- In auditctl, add support for sending a signal to auditd- Removes audit-fno-common.patch: fixed in upstream- Removes audit-python3.patch: fixed in upstream
* Mon Feb 01 2021 Dominique Leuenberger - Do not explicitly provide group(audit) in system-users-audit: this is automatically handled by rpm/providers.
* Thu Jan 28 2021 Enzo Matsumiya - Create new \"audit\" group for read access to logs (bsc#1178154)
* add change-default-log_group.patch
* update audit-secondary.spec
* Wed Dec 02 2020 Alexander Bergmann - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
* Fri Oct 16 2020 Ludwig Nussel - prepare usrmerge (boo#1029961)
* Mon Jan 13 2020 Tony Jones - Update to version 2.8.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
* Add auparse_normalizer support for SOFTWARE_UPDATE event
* Mark netlabel events as simple events so that get processed quicker
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
* Update lookup tables for the 4.18 kernel
* In aureport, fix segfault in file report
* Add auparse_normalizer support for labeled networking events
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
* Event aging is off by a second
* In ausearch/auparse, correct event ordering to process oldest first
* auparse_reset was not clearing everything it should
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
* In ausearch/report, lightly parse selinux portion of USER_AVC events
* In ausearch/report, limit record size when malformed
* In auditd, fix extract_type function for network originating events
* In auditd, calculate right size and location for network originating events
* Treat all network originating events as VER2 so dispatcher doesn\'t format it
* In audisp-remote do an initial connection attempt (#1625156)
* In auditd, allow expression of space left as a percentage (#1650670)
* On PPC64LE systems, only allow 64 bit rules (#1462178)
* Make some parts of auditd state report optional based on config
* Fix ausearch when checkpointing a single file (Burn Alting)
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
* In ausearch, do not checkpt if stdin is input source
* In libev, remove __cold__ attribute for functions to allow proper hardening
* Add tests to configure.ac for openldap support
* Make systemd support files use /run rather than /var/run (Christian Hesse)
* Fix minor memory leak in auditd kerberos credentials code
* Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
* In ausearch/report fix --end to use midnight time instead of now (#1671338)- Fix build errors when using gcc-10 no-common default (bsc#1160384) New patch: audit-fno-common.patch- Refresh audit-allow-manual-stop.patch
* Thu Mar 21 2019 Jan Engelhardt - Reduce scriptlets\' hard dependency on systemd.
* Sat Jun 23 2018 antoine.belvireAATTopensuse.org- Update to version 2.8.4:
* Generate checkpoint file even when not results are returned (Burn Alting).
* Fix log file creation when file logging is disabled entirely (Vlad Glagolev).
* Use SIGCONT to dump auditd internal state (rh#1504251).
* Fix parsing of virtual timestamp fields in ausearch_expression (rh#1515903).
* Fix parsing of uid & success for ausearch.
* Hide lru symbols in auparse.
* Fix aureport summary time range reporting.
* Allow unlimited retries on startup for remote logging.
* Add queue_depth to remote logging stats and increase default queue_depth size.
* Sun Jun 17 2018 antoine.belvireAATTopensuse.org- Update to version 2.8.3:
* Correct msg function name in lru debug code.
* Fix a segfault in auditd when dns resolution isn\'t available.
* Make a reload legacy service for auditd.
* In auparse python bindings, expose some new types that were missing.
* In normalizer, pickup subject kind for user_login events.
* Fix interpretation of unknown ioctcmds (rh#1540507).
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, & RESP_ORIGIN_BLOCK_TIMED events.
* In auparse_normalize for USER_LOGIN events, map acct for subj_kind.
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events (rh#1534748).
* Do not rotate auditd logs when num_logs < 2 (brozs).
* Tue Apr 03 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Fri Mar 16 2018 tonyjAATTsuse.com- Change openldap dependency to client only (bsc#1085003)- Resolve issue with previous change if both Python2 and Python3 are present, tests were failing as python2 bindings are preferred in this case.
* Thu Feb 22 2018 meissnerAATTsuse.com- reverted -j1 force ppc specific only
* Wed Feb 07 2018 tchvatalAATTsuse.com- Add patch to fix test run without python2 interpreter:
* audit-python3.patch- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
* Tue Feb 06 2018 normandAATTlinux.vnet.ibm.com- force -j1 for PowerPC make check to avoid build failure (lookup_test.o: file not recognized: File truncated)
* Wed Jan 17 2018 tchvatalAATTsuse.com- Add conditions around python plugins to allow us to conditionalize them in enviroment without python2
* Thu Nov 09 2017 mpluskalAATTsuse.com- Rename python binding packages to match current python packaging standards- Update python build dependencies to resolve future split of python2/3
* Sat Nov 04 2017 aavindraaAATTgmail.com- Update to version 2.8.1. See audit.spec (libaudit1) for upstream changelog- Remove audit-implicit-writev.patch (fixed upstream across 2 commits)
* 3b30db20ad983274989ce9a522120c3c225436b3
* 07132c22314e9abbe64d1031fd8734243285bb3f- Cleanup with spec-cleaner
* Fri Aug 18 2017 dimstarAATTopensuse.org- Add audit-implicit-writev.patch: include sys/uio.h to ensure readv and writev are declared.
* Mon Jul 24 2017 jengelhAATTinai.de- Rectify RPM groups, diversify descriptions.- Remove mentions of static libraries because they are not built.
* Tue Jul 18 2017 tonyjAATTsuse.com- Update to version 2.7.7. See audit.spec (libaudit1) for upstream changelog Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking service (bsc#1042781). Add config: audit-stop.rules Refresh patch: audit-allow-manual-stop.patch Refresh patch: audit-no-gss.patch
* Fri Apr 01 2016 tchvatalAATTsuse.com- Version update to 2.5. See audit.spec (libaudit1) for upstream changelog- Cleanup with spec-cleaner- Sort out bit /sbin /usr/sbin/ installation- Install the rules as documentation- Remove needless %py_requires from python subpkgs
* Fri Aug 21 2015 tonyjAATTsuse.com- Update to version 2.4.4. See audit.spec (libaudit1) for upstream changelog- Add python3 bindings for libaudit and libauparse- Remove patch \'audit-no_m4_dir.patch\' (added Fri Apr 26 11:14:39 UTC 2013 by mmeisterAATTsuse.com) No idea what earlier \'automake\' build error this was trying to fix but it broke the handling of \"--without-libcap-ng\". Anyways, no build error occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
  
ICM