SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for audit-debuginfo-1.0.16-4.el4_8.1.i386.rpm :

* Mon Jan 18 2010 Steve Grubb 1.0.16-4.EL4_8.1Resolves: #557032 - Problem with filtering based on auidResolves: #557035 - Filtering on large inode number using i386 is broken
* Tue Jan 20 2009 Steve Grubb 1.0.16-4.EL4Resolves: #468105 su - fails intermittently during batch job
* Fri Apr 11 2008 Steve Grubb 1.0.16-3.EL4Resolves: #402941 ausearch segfaults using -k and watch doesn\'t have a keyResolves: #325561 num_logs is needed for keep_logs to work in /etc/auditd.confResolves: #251639 auditd resume logging on SIGUSR2- Update time handling for ausearch and aureport to add more keywords
* Thu Nov 01 2007 Steve Grubb 1.0.15-4.EL4resolves: #353241 ausearch needed update for escaped acct fields
* Mon Mar 05 2007 Steve Grubb 1.0.15-3.EL4- Fix parsing filterkeys in fs_watch records
* Wed Jan 24 2007 Steve Grubb 1.0.15-2.EL4- Patch auditd.conf with dispatcher used in RHEL5 to make upgrade easier
* Tue Nov 14 2006 Steve Grubb 1.0.15-1.EL4- Correct address resolving of hostname in logging functions- Fix logging messages to use addr if passed- Add TRUSTED_APP message type- Fix netlink errno return- Auditd ignore most signals- Add audit dispatcher interface to auditd- In auditd if num_logs is zero, don\'t rotate on SIGUSR1 (#208834)- Cleanup file descriptor handling in auditd- Improve time handling in ausearch and aureport (#191394)- Attempt to reconstruct full path from relative for searching- Ausearch & aureport now fail if no args to -te- In aureport, add class between syscall and permission in avc report- Fix bug where fsync is called in debug mode- Add optional support for tty in SYSCALL records for ausearch/aureport- ausearch & aureport implement uid/gid caching- In ausearch & aureport, extract addr when hostname is unknown- In ausearch & aureport, test audit log presence O_RDONLY- Updated man pages (#213328, #213330)
* Wed Apr 19 2006 Steve Grubb 1.0.14-1.EL4- Change auditd to use custom daemonize to avoid race in init scripts- Update error message when deleting a rule that doesn\'t exist (#176239)- Fix bug in autrace where it didn\'t run on kernels without file watch support- Add timestamp to daemon_config messages (#174865)- Add error checking of year for aureport & ausearch- Treat af_unix sockets as files for searching and reporting- Update capp rules to combine syscalls for higher performance- Apply patch from Ulrich Drepper that optimizes resource utilization- Change ausearch and aureport to unlocked IO- Add more message types
* Fri Nov 18 2005 Steve Grubb 1.0.12-1.EL4- Step up to new version- Add locale patch - ausearch & aureport- Add c++ patch - libaudit.h- Add fixup patch - auditd email error handler correction
* Fri Nov 18 2005 Steve Grubb 1.0.4-1- Step up to new version- Add patch to correct problem with receiving watch lists (#172574)
* Sat Sep 17 2005 Steve Grubb 1.0.3-6- Revert last set of changes- Make initscript not enabled by default
* Fri Sep 02 2005 Steve Grubb 1.0.3-5- Make rate & backlog 32 bit unsigned int in auditctl- In auditctl, if -F arch is given with -t option, don\'t require list
* Wed Aug 31 2005 Steve Grubb 1.0.3-4- if old kernel don\'t send user message with new type
* Thu Aug 25 2005 Steve Grubb 1.0.3-3- move the audit-version-test to the libs package
* Thu Aug 25 2005 Steve Grubb 1.0.3-2- adjust audit-version-test to split the EL off the release
* Tue Aug 23 2005 Steve Grubb 1.0.3-1- adjust file perms of newly created log file in auditd- fix 2 memory leaks and an out of bounds access in auditd- fix case where auditd was closing netlink descriptor too early- fix watch rules not to take field arguments in auditctl- fix bug where inode, devmajor, devminor, exit, and success fields in auditctl rules were not getting the correct value stored
* Sun Aug 21 2005 Steve Grubb 1.0.1-2.EL4- don\'t start auditd on old ia64 kernels- don\'t allow auditd or auditctl to enable audit on old ia64 kernels
* Thu Aug 04 2005 Steve Grubb 1.0.1-1.EL4- Add check for fields that cannot be used with syscall entry in auditctl- Make auditctl not tolerate duplicate rule and watches- Remove uid check in ausearch
* Thu Aug 04 2005 Steve Grubb 1.0-2.EL4- Increase buffer size in ausearch.
* Wed Aug 03 2005 Steve Grubb 1.0-1.EL4- Update sample CAPP config- Remove warning for trimming file path in auditctl- Make auditctl tolerate duplicate rule and watches- auditd has new option so it doesn\'t overwrite log files- Fixed bug in autrace that was reporting bad descriptor
* Sat Jul 30 2005 Steve Grubb 0.9.20-1.EL4- Fix ausearch to handle missing audit log better- Fix auditctl blank line handling- Trim trailing \'/\' from file system watches in auditctl- Catch cases where parameter was passed without option being given to auditctl- Add CAPP sample configuration
* Tue Jul 19 2005 Steve Grubb 0.9.19-2.EL4- Fixed dangling symlink
* Fri Jul 15 2005 Steve Grubb 0.9.19-1.EL4- ausearch remove debug code
* Fri Jul 15 2005 Steve Grubb 0.9.18-1.EL4- auditd message formatter use MAX_AUDIT_MESSAGE_LENGTH to prevent clipping
* Wed Jul 13 2005 Steve Grubb 0.9.17-1.EL4- Fix ausearch buffers to hold long filenames- Make a0 long long for 64 bit kernels & 32 bit ausearch
* Fri Jul 08 2005 Steve Grubb 0.9.16-1.EL4- Adjust umask- Adjust length of strings for file system watches to not include NUL- Remove extra error message from audit_send
* Sat Jun 25 2005 Steve Grubb 0.9.15-1.EL4- Update log rotation handling to be more robust
* Sat Jun 25 2005 Steve Grubb 0.9.14-1.EL4- make auditctl -s work again- make AUDITD_CLEAN_STOP test in init scripts case insensitive
* Fri Jun 24 2005 Steve Grubb 0.9.13-1.EL4- Remove /lib/libaudit.so & .la from audit-libs package- In auditctl, if syscall not given, default to all
* Thu Jun 23 2005 Steve Grubb 0.9.12-1.EL4- Add some syslog messages for a couple exits- Add some unlinks of the pid file in a couple error exits- Make some options of auditctl not expect a reply- Update support for user and watch filter lists
* Wed Jun 22 2005 Steve Grubb 0.9.11-1.EL4- Change packet draining to nonblocking- Interpret id field in ausearch- Add error message if not able to create log- Ignore netlink acks when asking for rule & watch list
* Tue Jun 21 2005 Steve Grubb 0.9.10-1.EL4- Make sure the bad packet is drained when retrying user messages- Add support for new user and watch filter lists- Interpret flags field in ausearch
* Mon Jun 20 2005 Steve Grubb 0.9.9-1.EL4- Fix user messages for people with older kernels
* Sat Jun 18 2005 Steve Grubb 0.9.8-1.EL4- Added support for FS_INODE and USYS_CONFIG records- More cleanup of user space message functions
* Fri Jun 17 2005 Steve Grubb 0.9.7-1- fixed bug in send_user_message which errored on pam logins- Change nanosleeps over to select loops- Change the \'e\' option to auditctl -p to \'x\'
* Fri Jun 17 2005 Steve Grubb 0.9.6-1- fix bug in incremental flush where is wrongly reported an error- ausearch should not do uid check for -if option- adjust ipc interpretation to not use ipc.h
* Wed Jun 15 2005 Steve Grubb 0.9.5-1- interpret socketcall & ipc based on a0 in ausearch- change call sequence to make user space messages faster- update return val for auditctl
* Sun Jun 12 2005 Steve Grubb 0.9.4-1- Rule and watch insert no longer automatically dumps list- auditctl rules can now use auid instead of loginuid- Add sighup support for daemon reconfiguration- Move some functions into private.h
* Fri Jun 10 2005 Steve Grubb 0.9.3-1- Change filename handling to use linked list in ausearch- Add man pages for audit_setloginuid & audit_getloginuid- Fix problem where you couldn\'t set rule on unset loginuid\'s- Adjust memory management for sighup needs- Fix problem where netlink timeout counter wasn\'t being reset
* Fri Jun 03 2005 Steve Grubb 0.9.2-1- Step up to new glibc-kernheaders
* Fri Jun 03 2005 Steve Grubb 0.9.1-1- AUDITD_CLEAN_STOP config option in /etc/sysconfig/auditd- When unknown, show raw record in ausearch.- Add CWD message type support
* Thu May 26 2005 Steve Grubb 0.9-1- Translate numeric info to human readable for ausearch output- add \'-if\' option to ausearch to select input file- add \'-c\' option to ausearch to allow searching by comm field- init script now deletes all rules when daemon stops- Make auditctl display perms correctly in watch listings- Make auditctl -D remove all watches
* Sat May 21 2005 Steve Grubb 0.8.2-1- Update documentation- Handle user space audit events in more uniform way- Update all parsers for more robustness with new kernel changes- Create quiet mode for error messages- Make rotated logs readonly
* Wed May 18 2005 Steve Grubb 0.8.1-1- Fix code to \"or\" uid & gid checks for ausearch -ua & -ga- Change msg() to audit_msg() to avoid conflicts- Parse socket messages for hostname in ausearch
* Fri May 13 2005 Steve Grubb 0.8-1- ausearch fix bugs related to -f & -x- Parse messages using new types- Properly unescape filenames- Update interface for sending userspace messages to use more types
* Mon May 09 2005 Steve Grubb 0.7.4-1- Make sure ausearch ts & te obey DST.- Code cleanups to make file system watches work correctly
* Wed May 04 2005 Steve Grubb 0.7.3-1- Add code to get watch list to auditctl- Get -f & -hn working in ausearch- Added search by terminal, exe, and syscall to ausearch program- Added -w parameter to match whole word in ausearch
* Thu Apr 28 2005 Steve Grubb 0.7.2-1- Allow ausearch uid & gid to be non-numeric (root, wheel, etc)- Fix problems with changing run level- Added new code for logging shutdown reason credentials- Update DAEMON messages to use better timestamp
* Mon Apr 25 2005 Steve Grubb 0.7.1-1- Make sure time calc is done using localtime- Raise rlimits for file size & cpu usage- Added new disk_error_action config item to auditd.conf- Rework memory management of event buffer- Handled all errors in event logging thread
* Sun Apr 24 2005 Steve Grubb 0.7-1- In auditctl -l, loop until all rules are printed- Update autrace not to run if rules are currently loaded- Added code to switch to single user mode when disk is full- Added the ausearch program
* Thu Apr 21 2005 Steve Grubb 0.6.12-1- Fixed bug where elf type wasn\'t being set when given numerically- Added autrace program (similar to strace)- Fixed bug when logs = 2 and ROTATE is the action, only 1 log resulted
* Tue Apr 19 2005 Steve Grubb 0.6.11-1- Check log file size on start up- Added priority_boost config item- Reworked arch support- Reworked how run level is changed- Make allowances for ECONNREFUSED
* Sat Apr 02 2005 Steve Grubb 0.6.10-1- Code cleanups- Support the arch field for auditctl- Add version to auditctl- Documentation updates- Moved default location of the audit log to /var/log/audit
* Thu Mar 17 2005 Steve Grubb 0.6.9-1- Added patch for filesystem watch- Added version information to audit start message- Change netlink code to use ack in order to get error notification
* Thu Mar 10 2005 Steve Grubb 0.6.8-1- removed the pam_loginuid library - its going to pam
* Wed Mar 09 2005 Steve Grubb 0.6.7-1- Fixed bug setting loginuid- Added num_logs to configure number of logs when rotating- Added code for rotating logs
* Tue Mar 08 2005 Steve Grubb 0.6.6-1- Fix audit_set_pid to try to read a reply, but its non-fatal if no reply.- Remove the read status during init- Change to using pthreads sync mechanism for stopping system- Worker thread should ignore all signals- Change main loop to use select for inbound event handling- Gave pam_loginuid a \"failok\" option for testing
* Thu Mar 03 2005 Steve Grubb 0.6.5-1- Lots of code cleanups- Added write_pid function to auditd- Added audit_log to libaudit- Don\'t check file length in foreground mode of auditd- Added
*if_enabled functions to send messages only if audit system is enabled- If syscall name is unknown when printing rules, use the syscall number- Rework the build system to produce singly threaded public libraries- Create a multithreaded version of libaudit for the audit daemon\'s use
* Wed Feb 23 2005 Steve Grubb 0.6.4-1- Rename pam_audit to pam_loginuid to reflect what it does- Fix bug in detecting space left on partition- Fix bug in handling of suspended logging
* Wed Feb 23 2005 David Woodhouse 0.6.3-3- Include stdint.h in libaudit.h and require new glibc-kernheaders
* Sun Feb 20 2005 Steve Grubb 0.6.3-2- Another lib64 correction
* Sun Feb 20 2005 Steve Grubb 0.6.3-1- Change pam install from /lib/security to /lib/security- Change pam_audit to write loginuid to /proc/pid/loginuid- Add pam_session_close handle- Update to newest kernel headers
* Fri Feb 11 2005 Steve Grubb 0.6.2-1- New version- Add R option to auditctl to allow reading rules from file.- Do not allow task creation list to have syscall auditing- Add D option to allow deleting all rules with 1 command- Added pam_audit man page & sample.rules- Mod initscript to call auditctl to load rules at start-up- Write message to log file for daemon start up- Write message that daemon is shutting down- Modify auditd shutdown to wait until logger thread is finished- Add sample rule file to docs
* Sat Jan 08 2005 Steve Grubb 0.6.1-1- New version: rework auditctl and its man pages.- Added admin_space_left config option as last chance before running out of disk space.
* Wed Jan 05 2005 Steve Grubb 0.6-1- New version- Split package up to libs, libs-devel, and audit.
* Mon Dec 13 2004 Steve Grubb 0.5.6-1- New version
* Fri Dec 10 2004 Steve Grubb 0.5.5-1- New version
* Fri Dec 03 2004 Steve Grubb 0.5.4-1- New version
* Mon Nov 22 2004 Steve Grubb 0.5.3-1- New version
* Mon Nov 15 2004 Steve Grubb 0.5.2-1- New version
* Wed Nov 10 2004 Steve Grubb 0.5.1-1- Added initscript pieces- New version
* Thu Sep 02 2004 Charlie Bennett (ccbAATTredhat.com) 0.5-1 - Initial build.
  
ICM