| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: audit | Distribution: Unknown |
| Version: 1.0.15 | Vendor: Unknown |
| Release: 1 | Build date: Sat Feb 3 00:00:23 2007 |
| Group: System Environment/Daemons | Build host: dhel4 |
| Size: 436862 | Source RPM: audit-1.0.15-1.src.rpm |
| Url: http://people.redhat.com/sgrubb/audit/ | |
| Summary: User space tools for 2.6 kernel auditing | |
The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel.
GPL
internal MD5: 3a5aeda4cf7083525ecff12bc1fda52c
* Mon Nov 13 2006 Steve Grubb <sgrubb@redhat.com> 1.0.15-1
- Correct address resolving of hostname in logging functions
- Fix logging messages to use addr if passed
- Add TRUSTED_APP message type
- Fix netlink errno return
- Auditd ignore most signals
- Add audit dispatcher interface to auditd
- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834)
- Cleanup file descriptor handling in auditd
- Improve time handling in ausearch and aureport (#191394)
- Attempt to reconstruct full path from relative for searching
- Ausearch & aureport now fail if no args to -te
- In aureport, add class between syscall and permission in avc report
- Fix bug where fsync is called in debug mode
- Add optional support for tty in SYSCALL records for ausearch/aureport
- ausearch & aureport implement uid/gid caching
- In ausearch & aureport, extract addr when hostname is unknown
- In ausearch & aureport, test audit log presence O_RDONLY
- Updated man pages (#213328, #213330)
* Sun Feb 05 2006 Steve Grubb <sgrubb@redhat.com> 1.0.14-1.fc4
- Change auditd to use custom daemonize to avoid race in init scripts
- Update error message when deleting a rule that doesn't exist (#176239)
* Wed Feb 01 2006 Steve Grubb <sgrubb@redhat.com> 1.0.13-1.fc4
- Fix bug in autrace where it didn't run on kernels without file watch support
- Add timestamp to daemon_config messages (#174865)
- Add error checking of year for aureport & ausearch
- Treat af_unix sockets as files for searching and reporting
- Update capp rules to combine syscalls for higher performance
- Apply patch from Ulrich Drepper that optimizes resource utilization
- Change ausearch and aureport to unlocked IO
- Add more message types
- Add support for alpha processors
- Add locale code in ausearch and aureport
- Cleanup make files
* Mon Nov 07 2005 Steve Grubb <sgrubb@redhat.com> 1.0.12-2.fc4
- Fix sendmail error handler. Bug report from Dustin Kirkland of IBM.
* Sun Nov 06 2005 Steve Grubb <sgrubb@redhat.com> 1.0.12-1.fc4
- Add 2 more summary reports
- Add 2 more message types
* Sat Nov 05 2005 Steve Grubb <sgrubb@redhat.com> 1.0.11-1.fc4
- Fix memory leaks in aureport & ausearch
- Fix auditd reconfig to change mail accts, too
- Fix stray pointer in sorting of aureport
- Added new message type
- Add results to all DAEMON messages
* Thu Nov 03 2005 Steve Grubb <sgrubb@redhat.com> 1.0.10-1.fc4
- Add --failed/success flags to aureport to select specific events for reports
- Add --summary to get totals of reported objects
- Add ability to force log rotation by sending sigusr1 to auditd
- Add -i flag to auditctl to ignore errors when reading rules from a file
- Reformat aureports so date & time are always given
- Add cron script for log rotation to docs
* Tue Nov 01 2005 Steve Grubb <sgrubb@redhat.com> 1.0.9-1.fc4
- Updated message types that auditd recognizes
- Added a couple more message types
- Added new standard logging format function
- Update default config
- Make ausearch -m take a list of message types
* Wed Oct 26 2005 Steve Grubb <sgrubb@redhat.com> 1.0.8-1.fc4
- Update man pages
- Add email alert for admin_space_left in auditd
- Aureport cleanups
- Add anomaly & response to anomaly reports to aureport
- Summary report runs by default in aureport
- Updated syscall number tables
* Tue Oct 18 2005 Steve Grubb <sgrubb@redhat.com> 1.0.7-1.fc4
- Update reports
- Add new message types
- Bug fixes
* Sun Oct 09 2005 Steve Grubb <sgrubb@redhat.com> 1.0.6-1.fc4
- in aureport, add column labels to reports
- added watch report to aureport
- added interpreting mode to aureport
- added user space avc standard message to libaudit
- aureport & ausearch now use builtin log locations when bad config file
- add email alert to low disk space warning actions in auditd
* Mon Oct 03 2005 Steve Grubb <sgrubb@redhat.com> 1.0.5-1.fc4
- ausearch can now search on SE Linux contexts
- added aureport program to analyze logs
- aureport added report option for each log's start and end time
- increased random number selected for initial seq number in auditd
- add new user space defines to libaudit.h
- add add standard logging functions to libaudit
* Thu Sep 22 2005 Steve Grubb <sgrubb@redhat.com> 1.0.4-1.fc4
- Make rate & backlog 32 bit unsigned int in auditctl
- In auditctl, if -F arch is given with -t option, don't require list
- Update auditd man page
- Add size check to audit_send
- Update message for audit_open failure when kernel doesn't support audit
* Sun Aug 21 2005 Steve Grubb <sgrubb@redhat.com> 1.0.3-1.fc4
- adjust file perms of newly created log file in auditd
- fix 2 memory leaks and an out of bounds access in auditd
- fix case where auditd was closing netlink descriptor too early
- fix watch rules not to take field arguments in auditctl
- fix bug where inode, devmajor, devminor, exit, and success fields in auditctl rules were not getting the correct value stored
* Tue Aug 09 2005 Steve Grubb <sgrubb@redhat.com> 1.0.2-3.FC4
- Set audit_pid to 0 in kernel on auditd shutdown
* Sun Aug 07 2005 Steve Grubb <sgrubb@redhat.com> 1.0.2-1.FC4
- Make sure error packets get eaten.
- Fix a few error messages in auditctl
- Fix handling of unsupported watches when reading rules from file in auditctl
* Tue Aug 02 2005 Steve Grubb <sgrubb@redhat.com> 1.0.1-1.FC4
- Add check for fields that cannot be used with syscall entry in auditctl
- Make auditctl not tolerate duplicate rule and watches
- Remove uid check in ausearch
* Mon Aug 01 2005 Steve Grubb <sgrubb@redhat.com> 1.0-1.FC4
- Update sample CAPP config
- Remove warning for trimming file path in auditctl
- Make auditctl tolerate duplicate rule and watches
- auditd has new option so it doesn't overwrite log files
- Fixed bug in autrace that was reporting bad descriptor
* Thu Jul 28 2005 Steve Grubb <sgrubb@redhat.com> 0.9.20-1.FC4
- Fix ausearch to handle missing audit log better
- Fix auditctl blank line handling
- Trim trailing '/' from file system watches in auditctl
- Catch cases where parameter was passed without option being given to auditctl
- Add CAPP sample configuration
* Sun Jul 17 2005 Steve Grubb <sgrubb@redhat.com> 0.9.19-2.FC4
- Fixed dangling symlink #163509
* Wed Jul 13 2005 Steve Grubb <sgrubb@redhat.com> 0.9.19-1.FC4
- ausearch remove debug code
* Wed Jul 13 2005 Steve Grubb <sgrubb@redhat.com> 0.9.18-1.FC4
- auditd message formatter use MAX_AUDIT_MESSAGE_LENGTH to prevent clipping
* Mon Jul 11 2005 Steve Grubb <sgrubb@redhat.com> 0.9.17-1
- Fix ausearch buffers to hold long filenames
- Make a0 long long for 64 bit kernels & 32 bit ausearch.
* Wed Jul 06 2005 Steve Grubb <sgrubb@redhat.com> 0.9.16-1
- Adjust umask
- Adjust length of strings for file system watches to not include NUL
- Remove extra error message from audit_send
* Sun Jun 26 2005 Steve Grubb <sgrubb@redhat.com> 0.9.15-1.FC4
- Update log rotation handling to be more robust
* Thu Jun 23 2005 Steve Grubb <sgrubb@redhat.com> 0.9.14-1
- make auditctl -s work again
- make AUDITD_CLEAN_STOP test in init scripts case insensitive
* Wed Jun 22 2005 Steve Grubb <sgrubb@redhat.com> 0.9.13-1
- Remove /lib/libaudit.so & .la from audit-libs package
- In auditctl, if syscall not given, default to all
* Tue Jun 21 2005 Steve Grubb <sgrubb@redhat.com> 0.9.12-1
- Add some syslog messages for a couple exits
- Add some unlinks of the pid file in a couple error exits
- Make some options of auditctl not expect a reply
- Update support for user and watch filter lists
* Mon Jun 20 2005 Steve Grubb <sgrubb@redhat.com> 0.9.11-1
- Change packet draining to nonblocking
- Interpret id field in ausearch
- Add error message if not able to create log
- Ignore netlink acks when asking for rule & watch list
* Sun Jun 19 2005 Steve Grubb <sgrubb@redhat.com> 0.9.10-1
- Make sure the bad packet is drained when retrying user messages
- Add support for new user and watch filter lists
- Interpret flags field in ausearch
* Sat Jun 18 2005 Steve Grubb <sgrubb@redhat.com> 0.9.9-1
- Fix user messages for people with older kernels
* Thu Jun 16 2005 Steve Grubb <sgrubb@redhat.com> 0.9.8-1
- Added support for FS_INODE and USYS_CONFIG records
- More cleanup of user space message functions
* Wed Jun 15 2005 Steve Grubb <sgrubb@redhat.com> 0.9.7-1
- fixed bug in send_user_message which errored on pam logins
- Change nanosleeps over to select loops
- Change the 'e' option to auditctl -p to 'x'
* Wed Jun 15 2005 Steve Grubb <sgrubb@redhat.com> 0.9.6-1
- fix bug in incremental flush where is wrongly reported an error
- ausearch should not do uid check for -if option
- adjust ipc interpretation to not use ipc.h
* Mon Jun 13 2005 Steve Grubb <sgrubb@redhat.com> 0.9.5-1
- interpret socketcall & ipc based on a0 in ausearch
- change call sequence to make user space messages faster
- update return val for auditctl
* Fri Jun 10 2005 Steve Grubb <sgrubb@redhat.com> 0.9.4-1
- Rule and watch insert no longer automatically dumps list
- auditctl rules can now use auid instead of loginuid
- Add sighup support for daemon reconfiguration
- Move some functions into private.h
* Wed Jun 08 2005 Steve Grubb <sgrubb@redhat.com> 0.9.3-1
- Change filename handling to use linked list in ausearch
- Add man pages for audit_setloginuid & audit_getloginuid
- Fix problem where you couldn't set rule on unset loginuid's
- Adjust memory management for sighup needs
- Fix problem where netlink timeout counter wasn't being reset
* Wed Jun 01 2005 Steve Grubb <sgrubb@redhat.com> 0.9.2-1
- Step up to new glibc-kernheaders
* Wed Jun 01 2005 Steve Grubb <sgrubb@redhat.com> 0.9.1-1
- AUDITD_CLEAN_STOP config option in /etc/sysconfig/auditd
- When unknown, show raw record in ausearch.
- Add CWD message type support
* Tue May 24 2005 Steve Grubb <sgrubb@redhat.com> 0.9-1
- Translate numeric info to human readable for ausearch output
- add '-if' option to ausearch to select input file
- add '-c' option to ausearch to allow searching by comm field
- init script now deletes all rules when daemon stops
- Make auditctl display perms correctly in watch listings
- Make auditctl -D remove all watches
* Thu May 19 2005 Steve Grubb <sgrubb@redhat.com> 0.8.2-1
- Update documentation
- Handle user space audit events in more uniform way
- Update all parsers for more robustness with new kernel changes
- Create quiet mode for error messages
- Make rotated logs readonly
* Mon May 16 2005 Steve Grubb <sgrubb@redhat.com> 0.8.1-1
- Fix code to "or" uid & gid checks for ausearch -ua & -ga
- Change msg() to audit_msg() to avoid conflicts
- Parse socket messages for hostname in ausearch
* Wed May 11 2005 Steve Grubb <sgrubb@redhat.com> 0.8-1
- ausearch fix bugs related to -f & -x
- Parse messages using new types
- Properly unescape filenames
- Update interface for sending userspace messages to use more types
* Sat May 07 2005 Steve Grubb <sgrubb@redhat.com> 0.7.4-1
- Make sure ausearch ts & te obey DST.
- Code cleanups to make file system watches work correctly
* Mon May 02 2005 Steve Grubb <sgrubb@redhat.com> 0.7.3-1
- Add code to get watch list to auditctl
- Get -f & -hn working in ausearch
- Added search by terminal, exe, and syscall to ausearch program
- Added -w parameter to match whole word in ausearch
* Tue Apr 26 2005 Steve Grubb <sgrubb@redhat.com> 0.7.2-1
- Allow ausearch uid & gid to be non-numeric (root, wheel, etc)
- Fix problems with changing run level
- Added new code for logging shutdown reason credentials
- Update DAEMON messages to use better timestamp
* Sat Apr 23 2005 Steve Grubb <sgrubb@redhat.com> 0.7.1-1
- Make sure time calc is done using localtime
- Raise rlimits for file size & cpu usage
- Added new disk_error_action config item to auditd.conf
- Rework memory management of event buffer
- Handled all errors in event logging thread
* Fri Apr 22 2005 Steve Grubb <sgrubb@redhat.com> 0.7-1
- In auditctl -l, loop until all rules are printed
- Update autrace not to run if rules are currently loaded
- Added code to switch to single user mode when disk is full
- Added the ausearch program
* Tue Apr 19 2005 Steve Grubb <sgrubb@redhat.com> 0.6.12-1
- Fixed bug where elf type wasn't being set when given numerically
- Added autrace program (similar to strace)
- Fixed bug when logs = 2 and ROTATE is the action, only 1 log resulted
* Sun Apr 17 2005 Steve Grubb <sgrubb@redhat.com> 0.6.11-1
- Check log file size on start up
- Added priority_boost config item
- Reworked arch support
- Reworked how run level is changed
- Make allowances for ECONNREFUSED
* Thu Mar 31 2005 Steve Grubb <sgrubb@redhat.com> 0.6.10-1
- Code cleanups
- Support the arch field for auditctl
- Add version to auditctl
- Documentation updates
- Moved default location of the audit log to /var/log/audit
* Wed Mar 16 2005 Steve Grubb <sgrubb@redhat.com> 0.6.9-1
- Added patch for filesystem watch
- Added version information to audit start message
- Change netlink code to use ack in order to get error notification
* Wed Mar 09 2005 Steve Grubb <sgrubb@redhat.com> 0.6.8-1
- removed the pam_loginuid library - its going to pam
* Tue Mar 08 2005 Steve Grubb <sgrubb@redhat.com> 0.6.7-1
- Fixed bug setting loginuid
- Added num_logs to configure number of logs when rotating
- Added code for rotating logs
* Mon Mar 07 2005 Steve Grubb <sgrubb@redhat.com> 0.6.6-1
- Fix audit_set_pid to try to read a reply, but its non-fatal if no reply.
- Remove the read status during init
- Change to using pthreads sync mechanism for stopping system
- Worker thread should ignore all signals
- Change main loop to use select for inbound event handling
- Gave pam_loginuid a "failok" option for testing
* Wed Mar 02 2005 Steve Grubb <sgrubb@redhat.com> 0.6.5-1
- Lots of code cleanups
- Added write_pid function to auditd
- Added audit_log to libaudit
- Don't check file length in foreground mode of auditd
- Added *if_enabled functions to send messages only if audit system is enabled
- If syscall name is unknown when printing rules, use the syscall number
- Rework the build system to produce singly threaded public libraries
- Create a multithreaded version of libaudit for the audit daemon's use
* Tue Feb 22 2005 Steve Grubb <sgrubb@redhat.com> 0.6.4-1
- Rename pam_audit to pam_loginuid to reflect what it does
- Fix bug in detecting space left on partition
- Fix bug in handling of suspended logging
* Tue Feb 22 2005 David Woodhouse <dwmw2@redhat.com> 0.6.3-3
- Include stdint.h in libaudit.h and require new glibc-kernheaders
* Sat Feb 19 2005 Steve Grubb <sgrubb@redhat.com> 0.6.3-2
- Another lib64 correction
* Sat Feb 19 2005 Steve Grubb <sgrubb@redhat.com> 0.6.3-1
- Change pam install from /lib/security to /lib/security
- Change pam_audit to write loginuid to /proc/pid/loginuid
- Add pam_session_close handle
- Update to newest kernel headers
* Thu Feb 10 2005 Steve Grubb <sgrubb@redhat.com> 0.6.2-1
- New version
- Add R option to auditctl to allow reading rules from file.
- Do not allow task creation list to have syscall auditing
- Add D option to allow deleting all rules with 1 command
- Added pam_audit man page & sample.rules
- Mod initscript to call auditctl to load rules at start-up
- Write message to log file for daemon start up
- Write message that daemon is shutting down
- Modify auditd shutdown to wait until logger thread is finished
- Add sample rule file to docs
* Fri Jan 07 2005 Steve Grubb <sgrubb@redhat.com> 0.6.1-1
- New version: rework auditctl and its man pages.
- Added admin_space_left config option as last chance before
running out of disk space.
* Tue Jan 04 2005 Steve Grubb <sgrubb@redhat.com> 0.6-1
- New version
- Split package up to libs, libs-devel, and audit.
* Sun Dec 12 2004 Steve Grubb <sgrubb@redhat.com> 0.5.6-1
- New version
* Thu Dec 09 2004 Steve Grubb <sgrubb@redhat.com> 0.5.5-1
- New version
* Thu Dec 02 2004 Steve Grubb <sgrubb@redhat.com> 0.5.4-1
- New version
* Sun Nov 21 2004 Steve Grubb <sgrubb@redhat.com> 0.5.3-1
- New version
* Sun Nov 14 2004 Steve Grubb <sgrubb@redhat.com> 0.5.2-1
- New version
* Tue Nov 09 2004 Steve Grubb <sgrubb@redhat.com> 0.5.1-1
- Added initscript pieces
- New version
* Tue Aug 31 2004 Charlie Bennett (ccb@redhat.com) 0.5-1
- Initial build.
/etc/audit.rules /etc/auditd.conf /etc/rc.d/init.d/auditd /etc/sysconfig/auditd /sbin/auditctl /sbin/auditd /sbin/aureport /sbin/ausearch /sbin/autrace /usr/share/doc/audit-1.0.15 /usr/share/doc/audit-1.0.15/COPYING /usr/share/doc/audit-1.0.15/ChangeLog /usr/share/doc/audit-1.0.15/README /usr/share/doc/audit-1.0.15/auditd.cron /usr/share/doc/audit-1.0.15/capp.rules /usr/share/doc/audit-1.0.15/sample.rules /usr/share/man/man8/auditctl.8.gz /usr/share/man/man8/auditd.8.gz /usr/share/man/man8/auditd.conf.8.gz /usr/share/man/man8/aureport.8.gz /usr/share/man/man8/ausearch.8.gz /usr/share/man/man8/autrace.8.gz /var/log/audit
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Aug 30 01:09:18 2008