rpms
/
audit
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:i8c-beta
rpms:c8-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8
...
pull from: rpms:c10-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:i8c-beta
rpms:c8-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

5 changed files with 248 additions and 372 deletions
Show Stats

2
.audit.metadata
Unescape View File

@ -1 +1 @@
e58e9ecd90b54b04783e0a1f0c1cfd65880f42f8 SOURCES/audit-3.1.5.tar.gz
5938533442194c78af30a56bffa6586a244ba7a4 SOURCES/audit-4.0.tar.gz

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/audit-3.1.5.tar.gz
SOURCES/audit-4.0.tar.gz

217
SOURCES/0001-Add-ausysrulevalidate.patch
Unescape View File

@ -1,217 +0,0 @@
From 4011007b445e8f8da9b0cc45eccd793b94f6b5ce Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Thu, 29 Jul 2021 19:25:43 -0300
Subject: [PATCH] Add ausysrulevalidate
---
contrib/ausysrulevalidate | 198 ++++++++++++++++++++++++++++++++++++++
1 file changed, 198 insertions(+)
create mode 100755 contrib/ausysrulevalidate
diff --git a/contrib/ausysrulevalidate b/contrib/ausysrulevalidate
new file mode 100755
index 0000000..a251b2c
--- /dev/null
+++ b/contrib/ausysrulevalidate
@@ -0,0 +1,198 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+# ausysrulevalidate - A program that lets you validate the syscalls
+# in audit rules.
+# Copyright (c) 2021 Red Hat Inc., Durham, North Carolina.
+# All Rights Reserved.
+#
+# This software may be freely redistributed and/or modified under the
+# terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; see the file COPYING. If not, write to the
+# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
+# Boston, MA 02110-1335, USA.
+#
+# Authors:
+# Sergio Correia <scorreia@redhat.com>
+
+""" This program lets you validate syscalls in audit rules. """
+
+import argparse
+import os.path
+import sys
+
+import audit
+
+
+class AuSyscallRuleValidate:
+ """AuSyscallRuleValidate validates syscalls in audit rules."""
+
+ def __init__(self):
+ self.syscalls_table = {}
+ self.invalid_syscalls = {}
+ self.machines = {
+ "b32": audit.audit_determine_machine("b32"),
+ "b64": audit.audit_determine_machine("b64"),
+ }
+
+ if self.machines["b32"] == -1 or self.machines["b64"] == -1:
+ sys.stderr.write("ERROR: Unable to determine machine type\n")
+ sys.exit(1)
+
+ def validate_syscall(self, arch, syscall):
+ """Validates a single syscall."""
+
+ if syscall == "all":
+ return True
+
+ lookup = "{0}:{1}".format(arch, syscall)
+ if lookup in self.syscalls_table:
+ return self.syscalls_table[lookup]
+
+ ret = audit.audit_name_to_syscall(syscall, self.machines[arch])
+ self.syscalls_table[lookup] = ret != -1
+ if not self.syscalls_table[lookup]:
+ self.invalid_syscalls[lookup] = lookup
+
+ return self.syscalls_table[lookup]
+
+ def process_syscalls(self, arch, syscalls):
+ """Processes a group of syscalls, validating them individually."""
+
+ scalls = syscalls.split(",")
+ processed = []
+ for syscall in scalls:
+ if self.validate_syscall(arch, syscall):
+ processed.append(syscall)
+ return ",".join(processed)
+
+ def parse_line(self, line):
+ """Processes a single line from the audit rules file, and returns the
+ same line adjusted, if required, by removing invalid syscalls, or even
+ removing the rule altogether, if no valid syscall remain after
+ validation."""
+
+ if line.lstrip().startswith("#") or "-S" not in line:
+ return line
+
+ # We do have a rule specifying syscalls, so let's validate them.
+ tokens = line.split()
+ processed = []
+ is_syscall = False
+ arch = None
+
+ for val in tokens:
+ if not is_syscall:
+ processed.append(val)
+
+ if val.startswith("arch="):
+ archs = val.split("=")
+ if len(archs) == 2:
+ arch = val.split("=")[1]
+ if arch not in self.machines:
+ sys.stderr.write("ERROR: unexpected arch '{0}'\n".format(arch))
+ continue
+
+ if val == "-S":
+ is_syscall = True
+ continue
+
+ if is_syscall:
+ is_syscall = False
+ scalls = self.process_syscalls(arch, val)
+
+ if len(scalls) == 0:
+ processed = processed[:-1]
+ continue
+ processed.append(scalls)
+
+ if "-S" not in processed:
+ # Removing rule altogether, as we have no valid syscalls remaining.
+ return None
+ return " ".join(processed)
+
+ def process_rules(self, rules_file):
+ """Reads a file with audit rules and returns the rules after
+ validation of syscalls/architecture. Invalid syscalls will be removed
+ and, if there are no valid remaining syscalls, the rule itself is
+ removed."""
+
+ if not os.path.isfile(rules_file):
+ sys.stderr.write("ERROR: rules file '{0}' not found\n".format(rules_file))
+ sys.exit(1)
+
+ with open(rules_file) as rules:
+ content = rules.readlines()
+
+ processed = []
+ changed = False
+ for line in content:
+ validated = self.parse_line(line)
+ if validated is None:
+ changed = True
+ continue
+
+ if validated.rstrip("\r\n") != line.rstrip("\r\n"):
+ changed = True
+ processed.append(validated.rstrip("\r\n"))
+
+ invalid_syscalls = []
+ for invalid in self.invalid_syscalls:
+ invalid_syscalls.append(invalid)
+
+ return (processed, changed, invalid_syscalls)
+
+ def update_rules(self, rules_file):
+ """Reads a file with audit rules and updates it after validation of
+ syscalls/architecture. Invalid syscalls will be removed and, if
+ there are no valid remaining syscalls, the rule itself is removed."""
+
+ new_rules, changed, invalid_syscalls = self.process_rules(rules_file)
+ if changed:
+ with open(rules_file, "w") as rules:
+ for line in new_rules:
+ rules.write("{0}\n".format(line))
+
+ return (new_rules, changed, invalid_syscalls)
+
+
+if __name__ == "__main__":
+ parser = argparse.ArgumentParser(description="ausysrulevalidate")
+ parser.add_argument(
+ "-u", "--update", help="Update rules file if required", action="store_true"
+ )
+ parser.add_argument(
+ "-v", "--verbose", help="Show the resulting rules file", action="store_true"
+ )
+ required_named = parser.add_argument_group("required named arguments")
+ required_named.add_argument(
+ "-r", "--rules-file", help="Rules file name", required=True
+ )
+ args = parser.parse_args()
+
+ validator = AuSyscallRuleValidate()
+
+ action = validator.process_rules
+ if args.update:
+ action = validator.update_rules
+
+ data, changed, invalid = action(args.rules_file)
+ if changed:
+ verb = "require"
+ if args.update:
+ verb += "d"
+ sys.stderr.write("Rules in '{0}' {1} changes\n".format(args.rules_file, verb))
+ if len(invalid) > 0:
+ sys.stderr.write("Invalid syscalls: {0}\n".format(", ".join(invalid)))
+
+ if args.verbose:
+ print(*data, sep="\n")
--
2.31.1

45
SOURCES/audit-4.0-attributes.patch
Unescape View File

@ -0,0 +1,45 @@
From 0db6e0960a5c55b468f21f9841bbc7e67832b66a Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Wed, 17 Jan 2024 12:07:25 -0500
Subject: [PATCH] Update function attributes
---
auparse/auparse.h | 2 +-
lib/libaudit.h | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/auparse/auparse.h b/auparse/auparse.h
index c27f1ff96..0b3f68c35 100644
--- a/auparse/auparse.h
+++ b/auparse/auparse.h
@@ -68,7 +68,7 @@ void auparse_add_callback(auparse_state_t *au, auparse_callback_ptr callback,
void *user_data, user_destroy user_destroy_func);
void auparse_set_escape_mode(auparse_state_t *au, auparse_esc_t mode);
int auparse_reset(auparse_state_t *au);
-char *auparse_metrics(const auparse_state_t *au);
+char *auparse_metrics(const auparse_state_t *au) __attr_dealloc_free;
/* Functions that are part of the search interface */
int ausearch_add_expression(auparse_state_t *au, const char *expression,
diff --git a/lib/libaudit.h b/lib/libaudit.h
index 34b337a7c..15ea2e6f4 100644
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -248,12 +248,12 @@ int audit_set_enabled(int fd, uint32_t enabled) __wur;
int audit_set_failure(int fd, uint32_t failure) __wur;
int audit_set_rate_limit(int fd, uint32_t limit);
int audit_set_backlog_limit(int fd, uint32_t limit);
-int audit_set_backlog_wait_time(int fd, uint32_t bwt);
-int audit_reset_lost(int fd);
-int audit_reset_backlog_wait_time_actual(int fd);
+int audit_set_backlog_wait_time(int fd, uint32_t bwt);
+int audit_reset_lost(int fd);
+int audit_reset_backlog_wait_time_actual(int fd);
int audit_set_feature(int fd, unsigned feature, unsigned value,
- unsigned lock);
-int audit_set_loginuid_immutable(int fd);
+ unsigned lock) __wur;
+int audit_set_loginuid_immutable(int fd) __wur;
/* AUDIT_LIST_RULES */
int audit_request_rules_list_data(int fd);

330
SPECS/audit.spec
Unescape View File

@ -1,23 +1,19 @@
Summary: User space tools for kernel auditing
Name: audit
Version: 3.1.5
Release: 1%{?dist}
License: GPLv2+
Version: 4.0
Release: 9%{?dist}
License: GPL-2.0-or-later AND LGPL-2.0-or-later
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
Patch1: 0001-Add-ausysrulevalidate.patch
BuildRequires: make gcc swig
BuildRequires: openldap-devel
BuildRequires: krb5-devel libcap-ng-devel
BuildRequires: kernel-headers >= 2.6.29
Patch1: audit-4.0-attributes.patch
BuildRequires: make gcc
BuildRequires: kernel-headers >= 5.0
BuildRequires: systemd
BuildRequires: autoconf automake libtool
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-rules%{?_isa} = %{version}-%{release}
Requires(post): systemd coreutils
Requires(preun): systemd
Requires(postun): systemd coreutils
@ -31,10 +27,12 @@ Obsoletes: python2-audit < %{version}-%{release}
The audit package contains the user space utilities for
storing and searching the audit records generated by
the audit subsystem in the Linux 2.6 and later kernels.
It includes example rules that you can use.
%package libs
Summary: Dynamic library for libaudit
License: LGPLv2+
License: LGPL-2.0-or-later
BuildRequires: libcap-ng-devel
%description libs
The audit-libs package contains the dynamic libraries needed for
@ -42,9 +40,9 @@ applications to use the audit framework.
%package libs-devel
Summary: Header files for libaudit
License: LGPLv2+
License: LGPL-2.0-or-later
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: kernel-headers >= 2.6.29
Requires: kernel-headers >= 5.0
%description libs-devel
The audit-libs-devel package contains the header files needed for
@ -52,9 +50,8 @@ developing applications that need to use the audit framework libraries.
%package -n python3-audit
Summary: Python3 bindings for libaudit
License: LGPLv2+
BuildRequires: python3-devel
BuildRequires: make
License: LGPL-2.0-or-later
BuildRequires: python3-devel python-unversioned-command swig
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: audit-libs-python3 = %{version}-%{release}
Provides: audit-libs-python3%{?_isa} = %{version}-%{release}
@ -66,7 +63,8 @@ and libauparse can be used by python3.
%package -n audispd-plugins
Summary: Plugins for the audit event dispatcher
License: GPLv2+
License: GPL-2.0-or-later
BuildRequires: krb5-devel libcap-ng-devel
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@ -77,10 +75,10 @@ like relay events to remote machines.
%package -n audispd-plugins-zos
Summary: z/OS plugin for the audit event dispatcher
License: GPLv2+
License: GPL-2.0-or-later
BuildRequires: openldap-devel libcap-ng-devel
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: openldap
%description -n audispd-plugins-zos
The audispd-plugins-zos package provides a plugin that will forward all
@ -88,21 +86,28 @@ incoming audit events, as they happen, to a configured z/OS SMF (Service
Management Facility) database, through an IBM Tivoli Directory Server
(ITDS) set for Remote Audit service.
%package rules
Summary: audit rules and utilities
License: GPL-2.0-or-later
Recommends: %{name} = %{version}-%{release}
%description rules
The audit rules package contains the rules and utilities to load audit rules.
%prep
%setup -q
%patch 1 -p1
cp %{SOURCE1} .
%patch -P 1 -p1
autoreconf -fv --install
# Remove the ids code, its not ready
sed -i 's/ ids / /' audisp/plugins/Makefile.am
sed -i 's/ ids / /' audisp/plugins/Makefile.in
%build
%configure --with-python=no \
--with-python3=yes \
--enable-gssapi-krb5=yes --with-arm --with-aarch64 \
--with-libcap-ng=yes --enable-zos-remote --without-golang \
--with-libcap-ng=yes --without-golang --enable-zos-remote \
--enable-systemd --enable-experimental --with-io_uring
make CFLAGS="%{optflags}" %{?_smp_mflags}
@ -110,71 +115,81 @@ make CFLAGS="%{optflags}" %{?_smp_mflags}
%install
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audit/plugins.d,etc/audit/rules.d}
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
mkdir -p $RPM_BUILD_ROOT/%{_datadir}
make DESTDIR=$RPM_BUILD_ROOT install
# Validate sample rules shipped.
for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do
PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \
%{_builddir}/%{name}-%{version}/contrib/ausysrulevalidate \
--update --rules-file "${r}"
done
# Remove these items so they don't get picked up.
rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
find $RPM_BUILD_ROOT -name '*.la' -delete
find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete
find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete || true
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
%check
make check
#make %{?_smp_mflags} check
# Get rid of make files so that they don't get packaged.
rm -f rules/Makefile*
%post
%systemd_post auditd.service
# Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then
if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then
cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
else
touch /etc/audit/rules.d/audit.rules
# Do not perform service start/restart when running during an rpm-ostree compose
if [ -f /run/ostree-booted ] ; then
exit 0
fi
chmod 0600 /etc/audit/rules.d/audit.rules
fi
# If upgrading, restart the daemon if it's running
# If an upgrade, restart it if it's running
if [ $1 -eq 2 ] ; then
state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
if [ $state = "active" ] ; then
auditctl --signal stop || true
systemctl start auditd
fi
# if installing, start it since preset says we should be running
# if an install, start it since preset says we should be running
elif [ $1 -eq 1 ] ; then
systemctl start auditd
fi
%post rules
%systemd_post audit-rules.service
# Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then
echo "No rules detected, adding default"
%if 0%{?rhel}
if [ -e %{_datadir}/%{name}-rules/10-base-config.rules ] ; then
install -m 0600 -o 0 -g 0 -p %{_datadir}/%{name}-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
%else
# FESCO asked for audit to be off by default. #1117953
if [ -e %{_datadir}/%{name}-rules/10-no-audit.rules ] ; then
install -m 0600 -o 0 -g 0 -p %{_datadir}/%{name}-rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
%endif
else
install -m 0600 -o 0 -g 0 /dev/null /etc/audit/rules.d/audit.rules
fi
# Only load the new rules if not running during an rpm-ostree compose
if [ ! -f /run/ostree-booted ] ; then
# Make the new rules active
augenrules --load || true
fi
fi
%preun
%systemd_preun auditd.service
# if uninstalling stop the daemon
# If uninstalling, stop it
if [ $1 -eq 0 ] ; then
auditctl --signal stop || true
# also delete loaded rules if uninstalling
auditctl -D || true
fi
%preun rules
%systemd_preun audit-rules.service
# If uninstalling, delete the rules loaded in the kernel
if [ $1 -eq 0 ] ; then
auditctl -D > /dev/null 2>&1 || true
fi
%files libs
@ -190,46 +205,37 @@ fi
%{_libdir}/libaudit.so
%{_libdir}/libauparse.so
%{_includedir}/libaudit.h
%{_includedir}/audit_logging.h
%{_includedir}/audit-records.h
%{_includedir}/auparse.h
%{_includedir}/auparse-defs.h
%{_datadir}/aclocal/audit.m4
%{_libdir}/pkgconfig/audit.pc
%{_libdir}/pkgconfig/auparse.pc
%{_mandir}/man3/*
%{_mandir}/man5/ausearch-expression.5.gz
%files -n python3-audit
%attr(755,root,root) %{python3_sitearch}/*
%files
%doc README ChangeLog init.d/auditd.cron
%doc README.md ChangeLog init.d/auditd.cron
%{!?_licensedir:%global license %%doc}
%license COPYING
%attr(755,root,root) %{_datadir}/%{name}
%attr(644,root,root) %{_datadir}/%{name}/sample-rules/*
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz
%attr(755,root,root) %{_sbindir}/auditctl
%attr(755,root,root) %{_sbindir}/auditd
%attr(755,root,root) %{_sbindir}/ausearch
%attr(755,root,root) %{_sbindir}/aureport
%attr(750,root,root) %{_sbindir}/autrace
%attr(755,root,root) %{_sbindir}/augenrules
%attr(755,root,root) %{_bindir}/aulast
%attr(755,root,root) %{_bindir}/aulastlog
%attr(755,root,root) %{_bindir}/ausyscall
%attr(755,root,root) %{_bindir}/auvirt
%attr(644,root,root) %{_unitdir}/auditd.service
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart
@ -241,11 +247,21 @@ fi
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%ghost %{_localstatedir}/run/auditd.state
%attr(-,root,-) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit
%attr(750,root,root) %dir /etc/audit/rules.d
%attr(750,root,root) %dir /etc/audit/plugins.d
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
%files rules
%attr(755,root,root) %dir %{_datadir}/%{name}-rules
%attr(644,root,root) %{_datadir}/%{name}-rules/*
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
%attr(755,root,root) %{_sbindir}/auditctl
%attr(755,root,root) %{_sbindir}/augenrules
%attr(644,root,root) %{_unitdir}/audit-rules.service
%attr(750,root,root) %dir /etc/audit
%attr(750,root,root) %dir /etc/audit/rules.d
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
@ -275,90 +291,122 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog
* Tue Jul 09 2024 Attila Lakatos <alakatos@redhat.com> - 3.1.5-1
- New upstream maintenance release, 3.1.4
- Prevent scriplets from failing
- When upgrading, restart the daemon if it's running
- If uninstalling, stop the daemon
- auditctl: use pidfd_send_signal for signaling auditd
Resolves: RHEL-45865
- Minor doc update
Resolves: RHEL-5186
- augenrules: do not exit with failure if in immutable mode
Resolves: RHEL-40110
- auditd.service: Disable ProtectControlGroups
Resolves: RHEL-5197
- auditctl: correct output when displaying rules with exe/path/dir
Resolves: RHEL-40243
* Wed Nov 08 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-2
- Remove %systemd_preun from %preun scriptlet, as it was causing troubles when removing audit
Related: RHEL-14896
* Fri Oct 27 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-1
- New upstream release, 3.1.2
Resolves: RHEL-14896
* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-104
- Introduce new fanotify record fields
Resolves: rhbz#2216666
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
- Drop ProtectHome from auditd.service as it interferes with rules
Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]
* Sun Mar 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-102
- Fix path normalization in auparse
Resolves: rhbz#2062824 - auparse missing information when used with --format-text
* Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.0-9
- Bump release for June 2024 mass rebuild
* Sun Feb 04 2024 Timothée Ravier <tim@siosm.fr> - 4.0-8
- Fix 'install' calls in post scriptlet
* Thu Jan 25 2024 Steve Grubb <sgrubb@redhat.com> 4.0-7
- Don't do "live" operations during rpm-ostree composes
* Wed Jan 24 2024 Steve Grubb <sgrubb@redhat.com> 4.0-5
- Auditd is stopping during upgrade (bz 2259610)
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jan 16 2024 Steve Grubb <sgrubb@redhat.com> 4.0-1
- New upstream major release
* Sat Nov 04 2023 Steve Grubb <sgrubb@redhat.com> 3.1.2-5
- Bug fixes pulled from upstrean
* Wed Sep 13 2023 Dusty Mabe <dusty@dustymabe.com> 3.1.2-4
- Remove initscripts-service from Requires(postun)
* Fri Sep 01 2023 Steve Grubb <sgrubb@redhat.com> 3.1.2-3
- Change initscrips-service to a Recommends
* Sat Aug 26 2023 Steve Grubb <sgrubb@redhat.com> 3.1.2-2
- SPDX Migration
* Sun Aug 06 2023 Steve Grubb <sgrubb@redhat.com> 3.1.2-1
- New upstream release
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 3.1.1-3
- Rebuilt for Python 3.12
* Tue May 09 2023 Davide Cavalca <dcavalca@fedoraproject.org> 3.1.1-2
- Install the base ruleset on RHEL
* Thu Apr 27 2023 Steve Grubb <sgrubb@redhat.com> 3.1.1-1
- New upstream release
* Thu Feb 09 2023 Steve Grubb <sgrubb@redhat.com> 3.1-2
- New upstream feature release
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Dec 22 2022 Steve Grubb <sgrubb@redhat.com> 3.0.9-2
- BuildRequires python-setuptools
- SPDX Migration
* Mon Aug 29 2022 Steve Grubb <sgrubb@redhat.com> 3.0.9-1
- New upstream bugfix release
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.0.8-2
- Rebuilt for Python 3.11
* Tue Mar 29 2022 Steve Grubb <sgrubb@redhat.com> 3.0.8-1
- New upstream bugfix release
* Thu Feb 24 2022 Steve Grubb <sgrubb@redhat.com> 3.0.7-3
- Undo fix to libaudit.h before installing
* Mon Feb 14 2022 Steve Grubb <sgrubb@redhat.com> 3.0.7-2
- Adjust sample-rules dir permissions
Resolves: rhbz#2054432 - /usr/share/audit/sample-rules is no longer readable by non-root users
- Add support for new access/dealloc function attributes
- Adjust compile flags for less warnings
* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-100
- New upstream release, 3.0.7
Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages
* Sun Jan 23 2022 Steve Grubb <sgrubb@redhat.com> 3.0.7-1
- New upstream bugfix and feature release
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-5
- auparse: refact nvlist cleanup code
Resolves: rhbz#2008965
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-4
- When interpreting, if val is NULL return an empty string
Resolves: rhbz#2004420
* Wed Jan 05 2022 Steve Grubb <sgrubb@redhat.com> 3.0.6-2
- Require initscripts-service instead of initscripts
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-3
- Update dependency to initscripts-service instead of initscripts
Resolves: rhbz#2000933
* Fri Oct 01 2021 Steve Grubb <sgrubb@redhat.com> 3.0.6-1
- New upstream bugfix release
* Tue Aug 17 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-2
- Fix timestamp parsing
Related: rhbz#1938680
* Tue Sep 14 2021 Steve Grubb <sgrubb@redhat.com> 3.0.5-3
- Move BuildRequires around to what actually needs it
* Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-1
- New upstream release, 3.0.5
Related: rhbz#1938680
* Tue Sep 14 2021 Steve Grubb <sgrubb@redhat.com> 3.0.5-2
- Drop IPX interpretation support
* Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-3
- Validates the sample rules we ship
Resolves: rhbz#1985630
* Wed Aug 11 2021 Steve Grubb <sgrubb@redhat.com> 3.0.5-1
- New upstream bugfix release
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Sun Aug 08 2021 Steve Grubb <sgrubb@redhat.com> 3.0.4-1
- New upstream feature release
* Tue Jun 22 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-1
- New upstream release, 3.0.2.
Fix issues detected by static analyzers
Resolves: rhbz#1938680
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 21 2021 Sergio Correia <scorreia@redhat.com> - 3.0.1-4
- Enable default RHEL configuration
This enables syscall auditing by default.
Resolves: rhbz#1924561
* Wed Jul 14 2021 Steve Grubb <sgrubb@redhat.com> 3.0.3-1
- New upstream feature release
* Thu Jun 24 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-2
- Do not use custom sbindir and libdir in configure
* Thu Jun 10 2021 Steve Grubb <sgrubb@redhat.com> 3.0.2-1
- New upstream feature and bugfix release
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 3.0.1-3
- Rebuilt for Python 3.10
* Thu Feb 18 2021 Steve Grubb <sgrubb@redhat.com> 3.0.1-2
- Add patch fixing segafult in the audisp-statsd plugin

Write Preview
Loading…
Cancel
Save