Fedora Core 6 Test Update: audit-1.3-1.fc6

Steven Grubb sgrubb at redhat.com
Wed Nov 29 12:28:15 UTC 2006


---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2006-1346
2006-11-29
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : audit
Version     : 1.3
Release     : 1.fc6
Summary     : User space tools for 2.6 kernel auditing
Description :
The audit package contains the user space utilities for
storing and searching the audit records generate by
the audit subsystem in the Linux 2.6 kernel.

---------------------------------------------------------------------

* Tue Nov 28 2006 Steve Grubb <sgrubb at redhat.com> 1.3-1
- ausearch & aureport implement uid/gid caching
- In ausearch & aureport, extract addr when hostname is unknown
- In ausearch & aureport, test audit log presence O_RDONLY
- New ausearch/aureport time keywords: recent, this-week, this-month, this-year
- Added --add & --delete option to aureport
- Update res parsing in config change events
- Increase the size on audit daemon buffers
- Parse avc_path records in ausearch/aureport
- ausearch has new output mode, raw, for extracting events
- ausearch/aureport can now read stdin
- Rework AVC processing in ausearch/aureport
- Added long options to ausearch and aureport
* Tue Oct 24 2006 Steve Grubb <sgrubb at redhat.com> 1.2.9-1
- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834)
- Fix some defines in libaudit.h
- Some auditd config strings were not initialized in aureport (#211443)
- Updated man pages
- Add Netlabel event types to libaudit
- Update aureports to current audit event types
- Update autrace a little
- Deprecated all the old audit_rule functions from public API
- Drop auparse library for the moment
* Fri Sep 29 2006 Steve Grubb <sgrubb at redhat.com> 1.2.8-1
- Add dist tag and bump version (#208532)
- Make internal auditd buffers bigger for context info
- Correct address resolving of hostname in logging functions
- Do not allow multiple msgtypes in same audit rule in auditctl (#207666)
- Only =, != operators for arch & inode fields in auditctl (#206427)
- Updated audit message type table
- Remove watches from aureport since FS_WATCH is deprecated
- Add audit_log_avc back temporarily (#208152)
* Mon Sep 18 2006 Steve Grubb <sgrubb at redhat.com> 1.2.7-2
- Fix logging messages to use addr if passed.
- Apply patches from Tony Jones correcting no kernel support messages
- Updated syscall tables for 2.6.18 kernel
- Remove deprecated functions: audit_log, audit_log_avc, audit_log_if_enabled
- Disallow syscall auditing on exclude list
- Improve time handling in ausearch and aureport (#191394)
- Attempt to reconstruct full path from relative for searching
* Wed Aug 30 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-3
- Rename audit event socket
* Mon Aug 28 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-2
- Another minor update to auditctl -p option
* Sat Aug 26 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-1
- Apply updates to dispatcher
- Fix a couple bugs regarding MLS labels
- Resurrect -p option
- Tighten rules with exclude filter
- Fix parsing issue which lead to segfault in some cases
- Fix option parsing to ignore malformed lines
* Fri Aug 18 2006 Jesse Keating <jkeating at redhat.com> - 1.2.5-8
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
  (#203001)
* Tue Aug  8 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-7
- Remove debug lines from dispatcher
* Wed Aug  2 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-6
- Change audisp to use a named pipe
* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-5
- Fix dispatcher to handle sigchld
- Fix library location for 64 bit
- Add Prereq
* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-4
- Eliminate avc package from audisp
* Wed Jul 19 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-3
- More fixes for setroubleshoot to handle failing plugin
* Fri Jul 14 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-2
- Fixes for setroubleshoot
* Thu Jul 13 2006 Steve Grubb <sgrubb at redhat.com> 1.2.5-1
- Switch out dispatcher
- Fix bug upgrading rule types
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.2.4-1.1
- rebuild
* Fri Jun 30 2006 Steve Grubb <sgrubb at redhat.com> 1.2.4-1
- Add support for the new filter key
- Update syscall tables for 2.6.17
- Add audit failure query function
- Switch out gethostbyname call with getaddrinfo
- Add audit by obj capability for 2.6.18 kernel
- Ausearch & aureport now fail if no args to -te
- New auditd.conf option to choose blocking/non-blocking dispatcher comm
- Ausearch improved search by label
* Thu May 25 2006 Steve Grubb <sgrubb at redhat.com> 1.2.3-1
- Apply patch to ensure watches only associate with exit filter
- Apply patch to correctly show new operators when new listing format is used
- Apply patch to pull kernel's audit.h into python bindings
- Collect signal sender's context
* Tue May 16 2006 David Woodhouse <dwmw2 at redhat.com> 1.2.2-2
- Require kernel-headers, not glibc-kernheaders. Again.
* Fri May 12 2006 Steve Grubb <sgrubb at redhat.com> 1.2.2-1
- Updates for new glibc-kernheaders
- Change auditctl to collect list of rules then delete them on -D
- Update capp.rules and lspp.rules to comment out rules for the possible list
- Add new message types
- Support sigusr1 sender identity of newer kernels
- Add support for ppid in auditctl and ausearch
- fix auditctl to trim the '/' from watches
- Move audit daemon config files to /etc/audit for better SE Linux protection
* Tue Apr 25 2006 David Woodhouse <dwmw2 at redhat.com> 1.2.1-2
- Require kernel-headers, not glibc-kernheaders
- Fix redefinition of audit_rule_data with new kernel headers
- Remove abuse of __KERNEL__ in lookup_table.c
* Sun Apr 16 2006 Steve Grubb <sgrubb at redhat.com> 1.2.1-1
- New message type for trusted apps
- Add new keywords today, yesterday, now for ausearch and aureport
- Make audit_log_user_avc_message really send to syslog on error
- Updated syscall tables in auditctl
- Deprecated the 'possible' action for syscall rules in auditctl
- Update watch code to use file syscalls instead of 'all' in auditctl
* Fri Apr  7 2006 Steve Grubb <sgrubb at redhat.com> 1.2-1
- Add support for new file system auditing kernel subsystem
* Thu Apr  6 2006 Steve Grubb <sgrubb at redhat.com> 1.1.6-1
- New message types
- Support new rule format found in 2.6.17 and later kernels
- Add support for audit by role, clearance, type, sensitivity
* Mon Mar  6 2006 Steve Grubb <sgrubb at redhat.com> 1.1.5-1
- Changed audit_log_semanage_message to take new params
- In aureport, add class between syscall and permission in avc report
- Fix bug where fsync is called in debug mode
- Add optional support for tty in SYSCALL records for ausearch/aureport
- Reinstate legacy rule operator support
- Add man pages
- Auditd ignore most signals
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1.1.4-5.1
- bump again for double-long bug on ppc(64)
* Fri Feb 10 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-5
- Change audit_log_semanage_message to check strlen as well as NULL.
* Thu Feb  9 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-3
- Change audit_log_semanage_message to take new params.
* Wed Feb  8 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-1
- Fix bug in autrace where it didn't run on kernels without file watch support
- Add syslog message to auditd saying what program was started for dispatcher
- Remove audit_send_user from public api
- Fix bug in USER_LOGIN messages where ausearch does not translate
  msg='uid=500: into acct name (#178102).
- Change comm with dispatcher to socketpair from pipe
- Change auditd to use custom daemonize to avoid race in init scripts
- Update error message when deleting a rule that doesn't exist (#176239)
- Call shutdown_dispatcher when auditd stops
- Add new logging function audit_log_semanage_message
* Tue Feb  7 2006 Jesse Keating <jkeating at redhat.com> - 1.1.3-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Thu Jan  5 2006 Steve Grubb <sgrubb at redhat.com> 1.1.3-1
- Add timestamp to daemon_config messages (#174865)
- Add error checking of year for aureport & ausearch
- Treat af_unix sockets as files for searching and reporting
- Update capp & lspp rules to combine syscalls for higher performance
- Adjusted the chkconfig line for auditd to start a little earlier
- Added skeleton program to docs for people to write their own dispatcher with
- Apply patch from Ulrich Drepper that optimizes resource utilization
- Change ausearch and aureport to unlocked IO
* Mon Dec  5 2005 Steve Grubb <sgrubb at redhat.com> 1.1.2-1
- Add more message types
* Wed Nov 30 2005 Steve Grubb <sgrubb at redhat.com> 1.1.1-1
- Add support for alpha processors
- Update the audisp code
- Add locale code in ausearch and aureport
- Add new rule operator patch
- Add exclude filter patch
- Cleanup make files
- Add python bindings
* Wed Nov  9 2005 Steve Grubb <sgrubb at redhat.com> 1.1-1
- Add initial version of audisp. Just a placeholder at this point
- Remove -t from auditctl
* Mon Nov  7 2005 Steve Grubb <sgrubb at redhat.com> 1.0.12-1
- Add 2 more summary reports
- Add 2 more message types

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/

e76be5e86746c39c42dd9f2bca51e10c45cb6f04  SRPMS/audit-1.3-1.fc6.src.rpm
e76be5e86746c39c42dd9f2bca51e10c45cb6f04  noarch/audit-1.3-1.fc6.src.rpm
41cf4f4ddcd159352a3fe03c57fb3d9fcd9848db  ppc/debug/audit-debuginfo-1.3-1.fc6.ppc.rpm
655ea89adb155604538cb6889ff8094a46c12a9c  ppc/audit-libs-python-1.3-1.fc6.ppc.rpm
835f02ded95e5b6dd9cf85345bebed43896027f1  ppc/audit-libs-1.3-1.fc6.ppc.rpm
341b61fe930e85afae4626d716a5e8820c16f6d5  ppc/audit-1.3-1.fc6.ppc.rpm
5cd2d7fbf242b9005602f6c9def3a4db41f3e552  ppc/audit-libs-devel-1.3-1.fc6.ppc.rpm
00b369c33d51603c01fbec72f11b424d11979d69  x86_64/audit-1.3-1.fc6.x86_64.rpm
e3a917c9b1bdf02ac5420ffa8bb1fec93562d027  x86_64/audit-libs-python-1.3-1.fc6.x86_64.rpm
38bd4bf01b7d79e7ff50001f105dc8b0369b8138  x86_64/debug/audit-debuginfo-1.3-1.fc6.x86_64.rpm
fac5fe661bcf151503ba48fff1b2b63a0ae165c7  x86_64/audit-libs-1.3-1.fc6.x86_64.rpm
81a41fb625da544770111cfe59cdcb170e5a6549  x86_64/audit-libs-devel-1.3-1.fc6.x86_64.rpm
9b158323cb395d754221a319947f357d08bc88b3  i386/audit-libs-python-1.3-1.fc6.i386.rpm
eb9eef547b1c2845f4f7d047c58dbc97291324bf  i386/debug/audit-debuginfo-1.3-1.fc6.i386.rpm
a51e0c744276f6b557d0c95b77a8b8775eabd498  i386/audit-libs-1.3-1.fc6.i386.rpm
eb54886a426e3dbc455029d7a8efb318ca43a187  i386/audit-1.3-1.fc6.i386.rpm
cf4c995af8155039cfe3c06ae86927f564836ba3  i386/audit-libs-devel-1.3-1.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the fedora-test-list mailing list