Fedora Core 6 Update: audit-1.2.9-1.fc6

Steven Grubb sgrubb at redhat.com
Fri Oct 27 19:38:05 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1068
2006-10-27
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : audit
Version     : 1.2.9
Release     : 1.fc6
Summary     : User space tools for 2.6 kernel auditing
Description :
The audit package contains the user space utilities for
storing and searching the audit records generate by
the audit subsystem in the Linux 2.6 kernel.

---------------------------------------------------------------------

* Tue Oct 24 2006 Steve Grubb <sgrubb at redhat.com> 1.2.9-1
- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834)
- Fix some defines in libaudit.h
- Some auditd config strings were not initialized in aureport (#211443)
- Updated man pages
- Add Netlabel event types to libaudit
- Update aureports to current audit event types
- Update autrace a little
- Deprecated all the old audit_rule functions from public API
- Drop auparse library for the moment
* Fri Sep 29 2006 Steve Grubb <sgrubb at redhat.com> 1.2.8-1
- Add dist tag and bump version (#208532)
- Make internal auditd buffers bigger for context info
- Correct address resolving of hostname in logging functions
- Do not allow multiple msgtypes in same audit rule in auditctl (#207666)
- Only =, != operators for arch & inode fields in auditctl (#206427)
- Updated audit message type table
- Remove watches from aureport since FS_WATCH is deprecated
- Add audit_log_avc back temporarily (#208152)
* Mon Sep 18 2006 Steve Grubb <sgrubb at redhat.com> 1.2.7-2
- Fix logging messages to use addr if passed.
- Apply patches from Tony Jones correcting no kernel support messages
- Updated syscall tables for 2.6.18 kernel
- Remove deprecated functions: audit_log, audit_log_avc, audit_log_if_enabled
- Disallow syscall auditing on exclude list
- Improve time handling in ausearch and aureport (#191394)
- Attempt to reconstruct full path from relative for searching
* Wed Aug 30 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-3
- Rename audit event socket
* Mon Aug 28 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-2
- Another minor update to auditctl -p option
* Sat Aug 26 2006 Steve Grubb <sgrubb at redhat.com> 1.2.6-1
- Apply updates to dispatcher
- Fix a couple bugs regarding MLS labels
- Resurrect -p option
- Tighten rules with exclude filter
- Fix parsing issue which lead to segfault in some cases
- Fix option parsing to ignore malformed lines
* Fri Aug 18 2006 Jesse Keating <jkeating at redhat.com> - 1.2.5-8
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
  (#203001)
* Tue Aug  8 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-7
- Remove debug lines from dispatcher
* Wed Aug  2 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-6
- Change audisp to use a named pipe
* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-5
- Fix dispatcher to handle sigchld
- Fix library location for 64 bit
- Add Prereq
* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-4
- Eliminate avc package from audisp
* Wed Jul 19 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-3
- More fixes for setroubleshoot to handle failing plugin
* Fri Jul 14 2006 Dan Walsh <dwalsh at redhat.com> 1.2.5-2
- Fixes for setroubleshoot
* Thu Jul 13 2006 Steve Grubb <sgrubb at redhat.com> 1.2.5-1
- Switch out dispatcher
- Fix bug upgrading rule types
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.2.4-1.1
- rebuild
* Fri Jun 30 2006 Steve Grubb <sgrubb at redhat.com> 1.2.4-1
- Add support for the new filter key
- Update syscall tables for 2.6.17
- Add audit failure query function
- Switch out gethostbyname call with getaddrinfo
- Add audit by obj capability for 2.6.18 kernel
- Ausearch & aureport now fail if no args to -te
- New auditd.conf option to choose blocking/non-blocking dispatcher comm
- Ausearch improved search by label
* Thu May 25 2006 Steve Grubb <sgrubb at redhat.com> 1.2.3-1
- Apply patch to ensure watches only associate with exit filter
- Apply patch to correctly show new operators when new listing format is used
- Apply patch to pull kernel's audit.h into python bindings
- Collect signal sender's context
* Tue May 16 2006 David Woodhouse <dwmw2 at redhat.com> 1.2.2-2
- Require kernel-headers, not glibc-kernheaders. Again.
* Fri May 12 2006 Steve Grubb <sgrubb at redhat.com> 1.2.2-1
- Updates for new glibc-kernheaders
- Change auditctl to collect list of rules then delete them on -D
- Update capp.rules and lspp.rules to comment out rules for the possible list
- Add new message types
- Support sigusr1 sender identity of newer kernels
- Add support for ppid in auditctl and ausearch
- fix auditctl to trim the '/' from watches
- Move audit daemon config files to /etc/audit for better SE Linux protection
* Tue Apr 25 2006 David Woodhouse <dwmw2 at redhat.com> 1.2.1-2
- Require kernel-headers, not glibc-kernheaders
- Fix redefinition of audit_rule_data with new kernel headers
- Remove abuse of __KERNEL__ in lookup_table.c
* Sun Apr 16 2006 Steve Grubb <sgrubb at redhat.com> 1.2.1-1
- New message type for trusted apps
- Add new keywords today, yesterday, now for ausearch and aureport
- Make audit_log_user_avc_message really send to syslog on error
- Updated syscall tables in auditctl
- Deprecated the 'possible' action for syscall rules in auditctl
- Update watch code to use file syscalls instead of 'all' in auditctl
* Fri Apr  7 2006 Steve Grubb <sgrubb at redhat.com> 1.2-1
- Add support for new file system auditing kernel subsystem
* Thu Apr  6 2006 Steve Grubb <sgrubb at redhat.com> 1.1.6-1
- New message types
- Support new rule format found in 2.6.17 and later kernels
- Add support for audit by role, clearance, type, sensitivity
* Mon Mar  6 2006 Steve Grubb <sgrubb at redhat.com> 1.1.5-1
- Changed audit_log_semanage_message to take new params
- In aureport, add class between syscall and permission in avc report
- Fix bug where fsync is called in debug mode
- Add optional support for tty in SYSCALL records for ausearch/aureport
- Reinstate legacy rule operator support
- Add man pages
- Auditd ignore most signals
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1.1.4-5.1
- bump again for double-long bug on ppc(64)
* Fri Feb 10 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-5
- Change audit_log_semanage_message to check strlen as well as NULL.
* Thu Feb  9 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-3
- Change audit_log_semanage_message to take new params.
* Wed Feb  8 2006 Steve Grubb <sgrubb at redhat.com> 1.1.4-1
- Fix bug in autrace where it didn't run on kernels without file watch support
- Add syslog message to auditd saying what program was started for dispatcher
- Remove audit_send_user from public api
- Fix bug in USER_LOGIN messages where ausearch does not translate
  msg='uid=500: into acct name (#178102).
- Change comm with dispatcher to socketpair from pipe
- Change auditd to use custom daemonize to avoid race in init scripts
- Update error message when deleting a rule that doesn't exist (#176239)
- Call shutdown_dispatcher when auditd stops
- Add new logging function audit_log_semanage_message
* Tue Feb  7 2006 Jesse Keating <jkeating at redhat.com> - 1.1.3-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Thu Jan  5 2006 Steve Grubb <sgrubb at redhat.com> 1.1.3-1
- Add timestamp to daemon_config messages (#174865)
- Add error checking of year for aureport & ausearch
- Treat af_unix sockets as files for searching and reporting
- Update capp & lspp rules to combine syscalls for higher performance
- Adjusted the chkconfig line for auditd to start a little earlier
- Added skeleton program to docs for people to write their own dispatcher with
- Apply patch from Ulrich Drepper that optimizes resource utilization
- Change ausearch and aureport to unlocked IO
* Mon Dec  5 2005 Steve Grubb <sgrubb at redhat.com> 1.1.2-1
- Add more message types
* Wed Nov 30 2005 Steve Grubb <sgrubb at redhat.com> 1.1.1-1
- Add support for alpha processors
- Update the audisp code
- Add locale code in ausearch and aureport
- Add new rule operator patch
- Add exclude filter patch
- Cleanup make files
- Add python bindings
* Wed Nov  9 2005 Steve Grubb <sgrubb at redhat.com> 1.1-1
- Add initial version of audisp. Just a placeholder at this point
- Remove -t from auditctl
* Mon Nov  7 2005 Steve Grubb <sgrubb at redhat.com> 1.0.12-1
- Add 2 more summary reports
- Add 2 more message types

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

a928a71f7a6cbd358b516b1ed528b52a76ba7ef3  SRPMS/audit-1.2.9-1.fc6.src.rpm
a928a71f7a6cbd358b516b1ed528b52a76ba7ef3  noarch/audit-1.2.9-1.fc6.src.rpm
2580ec965f4a3cdc20e4aade838df36e5a9d7b57  ppc/audit-libs-1.2.9-1.fc6.ppc.rpm
f96378a06fdacff305e7d902ee8d7fe82e4eeee4  ppc/audit-1.2.9-1.fc6.ppc.rpm
e1ea26d899a4b88e5cb3ded8f72e3d09821b214b  ppc/debug/audit-debuginfo-1.2.9-1.fc6.ppc.rpm
f1d26fe8f37bb3629feb07d515e385dce87a1db0  ppc/audit-libs-devel-1.2.9-1.fc6.ppc.rpm
e1acaa808855791e8471ffdba35d228e076f0d25  ppc/audit-libs-python-1.2.9-1.fc6.ppc.rpm
46d3310df62efcb59963bc9e484454b564580fed  x86_64/audit-1.2.9-1.fc6.x86_64.rpm
c7e0cd55435aaf11da208a9b99460c3d452a94f5  x86_64/audit-libs-1.2.9-1.fc6.x86_64.rpm
1149ca693ad5443b094ba99dd7778990a6a43d6d  x86_64/audit-libs-python-1.2.9-1.fc6.x86_64.rpm
3c487dbe9822700f64aaa1f4966edf344db6f2cc  x86_64/debug/audit-debuginfo-1.2.9-1.fc6.x86_64.rpm
3da138a120222b8ed66ef22d4e2d29dc16ddaeaa  x86_64/audit-libs-devel-1.2.9-1.fc6.x86_64.rpm
709583d5f8029bab8239414899581f13b59a1c21  i386/audit-1.2.9-1.fc6.i386.rpm
124a4af7970ecd320e78d44458c635f6528599fb  i386/audit-libs-devel-1.2.9-1.fc6.i386.rpm
48a15b13ecdb88686a38545705f4b1bacfb15277  i386/audit-libs-python-1.2.9-1.fc6.i386.rpm
8048a4aa61a423d96cdfab76c46920f7a12df4b0  i386/audit-libs-1.2.9-1.fc6.i386.rpm
48669b650d3d887583dc85f2998a5c344a5617d9  i386/debug/audit-debuginfo-1.2.9-1.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the package-announce mailing list