Fedora Core 6 Update: audit-1.3-2.fc6

Steven Grubb sgrubb at redhat.com
Thu Nov 30 15:32:33 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1367
2006-11-30
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : audit
Version     : 1.3
Release     : 2.fc6
Summary     : User space tools for 2.6 kernel auditing
Description :
The audit package contains the user space utilities for
storing and searching the audit records generate by
the audit subsystem in the Linux 2.6 kernel.

---------------------------------------------------------------------

* Thu Nov 30 2006 Steve Grubb <sgrubb at redhat.com> 1.3-2
- Fix minor parsing problem and add new msg types
* Tue Nov 28 2006 Steve Grubb <sgrubb at redhat.com> 1.3-1
- ausearch & aureport implement uid/gid caching
- In ausearch & aureport, extract addr when hostname is unknown
- In ausearch & aureport, test audit log presence O_RDONLY
- New ausearch/aureport time keywords: recent, this-week, this-month, this-year
- Added --add & --delete option to aureport
- Update res parsing in config change events
- Increase the size on audit daemon buffers
- Parse avc_path records in ausearch/aureport
- ausearch has new output mode, raw, for extracting events
- ausearch/aureport can now read stdin
- Rework AVC processing in ausearch/aureport
- Added long options to ausearch and aureport
* Tue Oct 24 2006 Steve Grubb <sgrubb at redhat.com> 1.2.9-1
- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834)
- Fix some defines in libaudit.h
- Some auditd config strings were not initialized in aureport (#211443)
- Updated man pages
- Add Netlabel event types to libaudit
- Update aureports to current audit event types
- Update autrace a little
- Deprecated all the old audit_rule functions from public API
- Drop auparse library for the moment
* Fri Sep 29 2006 Steve Grubb <sgrubb at redhat.com> 1.2.8-1
- Add dist tag and bump version (#208532)
- Make internal auditd buffers bigger for context info
- Correct address resolving of hostname in logging functions
- Do not allow multiple msgtypes in same audit rule in auditctl (#207666)
- Only =, != operators for arch & inode fields in auditctl (#206427)
- Updated audit message type table
- Remove watches from aureport since FS_WATCH is deprecated
- Add audit_log_avc back temporarily (#208152)
* Mon Sep 18 2006 Steve Grubb <sgrubb at redhat.com> 1.2.7-2
- Fix logging messages to use addr if passed.
- Apply patches from Tony Jones correcting no kernel support messages
- Updated syscall tables for 2.6.18 kernel
- Remove deprecated functions: audit_log, audit_log_avc, audit_log_if_enabled
- Disallow syscall auditing on exclude list
- Improve time handling in ausearch and aureport (#191394)
- Attempt to reconstruct full path from relative for searching
* Wed Aug 30 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-3
- Rename audit event socket
* Mon Aug 28 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-2
- Another minor update to auditctl -p option
* Sat Aug 26 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-1
- Apply updates to dispatcher
- Fix a couple bugs regarding MLS labels
- Resurrect -p option
- Tighten rules with exclude filter
- Fix parsing issue which lead to segfault in some cases
- Fix option parsing to ignore malformed lines
* Fri Aug 18 2006 Jesse Keating <jkeating at redhat.com> - 1.2.5-8
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
  (#203001)
* Tue Aug  8 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-7
- Remove debug lines from dispatcher
* Wed Aug  2 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-6
- Change audisp to use a named pipe
* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-5
- Fix dispatcher to handle sigchld
- Fix library location for 64 bit
- Add Prereq
* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-4
- Eliminate avc package from audisp
* Wed Jul 19 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-3
- More fixes for setroubleshoot to handle failing plugin
* Fri Jul 14 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-2
- Fixes for setroubleshoot
* Thu Jul 13 2006 Steve Grubb <sgrubb at redhat.com> 1.2.5-1
- Switch out dispatcher
- Fix bug upgrading rule types
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.2.4-1.1
- rebuild
* Fri Jun 30 2006 Steve Grubb <sgrubb at redhat.com> 1.2.4-1
- Add support for the new filter key
- Update syscall tables for 2.6.17
- Add audit failure query function
- Switch out gethostbyname call with getaddrinfo
- Add audit by obj capability for 2.6.18 kernel
- Ausearch & aureport now fail if no args to -te
- New auditd.conf option to choose blocking/non-blocking dispatcher comm
- Ausearch improved search by label
* Thu May 25 2006 Steve Grubb <sgrubb at redhat.com> 1.2.3-1
- Apply patch to ensure watches only associate with exit filter
- Apply patch to correctly show new operators when new listing format is used
- Apply patch to pull kernel's audit.h into python bindings
- Collect signal sender's context
* Tue May 16 2006 David Woodhouse <dwmw2 at redhat.com> 1.2.2-2
- Require kernel-headers, not glibc-kernheaders. Again.
* Fri May 12 2006 Steve Grubb <sgrubb at redhat.com> 1.2.2-1
- Updates for new glibc-kernheaders
- Change auditctl to collect list of rules then delete them on -D
- Update capp.rules and lspp.rules to comment out rules for the possible list
- Add new message types
- Support sigusr1 sender identity of newer kernels
- Add support for ppid in auditctl and ausearch
- fix auditctl to trim the '/' from watches
- Move audit daemon config files to /etc/audit for better SE Linux protection
* Tue Apr 25 2006 David Woodhouse <dwmw2 at redhat.com> 1.2.1-2
- Require kernel-headers, not glibc-kernheaders
- Fix redefinition of audit_rule_data with new kernel headers
- Remove abuse of __KERNEL__ in lookup_table.c
* Sun Apr 16 2006 Steve Grubb <sgrubb at redhat.com> 1.2.1-1
- New message type for trusted apps
- Add new keywords today, yesterday, now for ausearch and aureport
- Make audit_log_user_avc_message really send to syslog on error
- Updated syscall tables in auditctl
- Deprecated the 'possible' action for syscall rules in auditctl
- Update watch code to use file syscalls instead of 'all' in auditctl
* Fri Apr  7 2006 Steve Grubb <sgrubb at redhat.com> 1.2-1
- Add support for new file system auditing kernel subsystem
* Thu Apr  6 2006 Steve Grubb <sgrubb at redhat.com> 1.1.6-1
- New message types
- Support new rule format found in 2.6.17 and later kernels
- Add support for audit by role, clearance, type, sensitivity
* Mon Mar  6 2006 Steve Grubb <sgrubb at redhat.com> 1.1.5-1
- Changed audit_log_semanage_message to take new params
- In aureport, add class between syscall and permission in avc report
- Fix bug where fsync is called in debug mode
- Add optional support for tty in SYSCALL records for ausearch/aureport
- Reinstate legacy rule operator support
- Add man pages
- Auditd ignore most signals
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1.1.4-5.1
- bump again for double-long bug on ppc(64)
* Fri Feb 10 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-5
- Change audit_log_semanage_message to check strlen as well as NULL.
* Thu Feb  9 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-3
- Change audit_log_semanage_message to take new params.
* Wed Feb  8 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-1
- Fix bug in autrace where it didn't run on kernels without file watch support
- Add syslog message to auditd saying what program was started for dispatcher
- Remove audit_send_user from public api
- Fix bug in USER_LOGIN messages where ausearch does not translate
  msg='uid=500: into acct name (#178102).
- Change comm with dispatcher to socketpair from pipe
- Change auditd to use custom daemonize to avoid race in init scripts
- Update error message when deleting a rule that doesn't exist (#176239)
- Call shutdown_dispatcher when auditd stops
- Add new logging function audit_log_semanage_message
* Tue Feb  7 2006 Jesse Keating <jkeating at redhat.com> - 1.1.3-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Thu Jan  5 2006 Steve Grubb <sgrubb at redhat.com> 1.1.3-1
- Add timestamp to daemon_config messages (#174865)
- Add error checking of year for aureport & ausearch
- Treat af_unix sockets as files for searching and reporting
- Update capp & lspp rules to combine syscalls for higher performance
- Adjusted the chkconfig line for auditd to start a little earlier
- Added skeleton program to docs for people to write their own dispatcher with
- Apply patch from Ulrich Drepper that optimizes resource utilization
- Change ausearch and aureport to unlocked IO
* Mon Dec  5 2005 Steve Grubb <sgrubb at redhat.com> 1.1.2-1
- Add more message types
* Wed Nov 30 2005 Steve Grubb <sgrubb at redhat.com> 1.1.1-1
- Add support for alpha processors
- Update the audisp code
- Add locale code in ausearch and aureport
- Add new rule operator patch
- Add exclude filter patch
- Cleanup make files
- Add python bindings
* Wed Nov  9 2005 Steve Grubb <sgrubb at redhat.com> 1.1-1
- Add initial version of audisp. Just a placeholder at this point
- Remove -t from auditctl
* Mon Nov  7 2005 Steve Grubb <sgrubb at redhat.com> 1.0.12-1
- Add 2 more summary reports
- Add 2 more message types

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

12647d52da3ec83207e17fda88457cbfa3b03c19  SRPMS/audit-1.3-2.fc6.src.rpm
12647d52da3ec83207e17fda88457cbfa3b03c19  noarch/audit-1.3-2.fc6.src.rpm
d962b6f8f3964cc2dad27b78ee8638f6dc47d236  ppc/audit-1.3-2.fc6.ppc.rpm
77c8ffa7ea5f7be2a854631024a555d1d4fbf48d  ppc/audit-libs-1.3-2.fc6.ppc.rpm
cc3ac4131a60aa6c154455f73517d93ce7abcc6a  ppc/debug/audit-debuginfo-1.3-2.fc6.ppc.rpm
7ecf235c31adec599a9d6de198b1f17227b294d4  ppc/audit-libs-python-1.3-2.fc6.ppc.rpm
b6047a3c90ef459f03fcfba9528ece62f413f23b  ppc/audit-libs-devel-1.3-2.fc6.ppc.rpm
8354e36842a9b55c8d562007169bb3e77d6b8445  x86_64/audit-libs-python-1.3-2.fc6.x86_64.rpm
4eb2657e02ab33a831e46bd7eb3dc313b7404b85  x86_64/debug/audit-debuginfo-1.3-2.fc6.x86_64.rpm
91cce05a0ed75e1cda802d1e2596b9d8aeb8ec7f  x86_64/audit-libs-1.3-2.fc6.x86_64.rpm
0706fb9b49bc0fb7e13db122440ae8474be0f4c8  x86_64/audit-1.3-2.fc6.x86_64.rpm
d0ed8491cfdca67b533474cb7db1240c008e7dd7  x86_64/audit-libs-devel-1.3-2.fc6.x86_64.rpm
a0dbcb60421988a7582bfc8fd25c8956dc5fc9ac  i386/audit-libs-python-1.3-2.fc6.i386.rpm
4704a83163e67a0fd6d4bffea7598b9d9f07ae13  i386/audit-1.3-2.fc6.i386.rpm
b22be937c83b514bddc714efbc881150311b52f0  i386/audit-libs-1.3-2.fc6.i386.rpm
cb8f39b950b52dd1d265a8dc09ee32663deb1421  i386/audit-libs-devel-1.3-2.fc6.i386.rpm
1a9a98f43ba37d5751fb571631d1dd97da3d61ca  i386/debug/audit-debuginfo-1.3-2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the Fedora-package-announce mailing list