Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

audit-4.0-6.1 RPM for riscv64

From OpenSuSE Ports Tumbleweed for riscv64

Name: audit Distribution: openSUSE Tumbleweed
Version: 4.0 Vendor: openSUSE
Release: 6.1 Build date: Fri Oct 4 18:06:06 2024
Group: System/Monitoring Build host: reproducible
Size: 442669 Source RPM: audit-secondary-4.0-6.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://people.redhat.com/sgrubb/audit/
Summary: User Space Tools for Kernel Auditing
The audit package contains the user space utilities for storing and
processing the audit records generated by the audit subsystem in the
Linux kernel.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Fri Oct 04 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update audit.spec (bsc#1231236):
    * add requirement for 'awk' package
    * move some %post logic from audit to audit-rules
* Wed Oct 02 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Readd audit-allow-manual-stop.patch (removed by mistake)
* Tue Oct 01 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Fix plugin termination when using systemd service units (bsc#1215377)
    * add auditd.service-fix-plugin-termination.patch
* Thu Sep 26 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update audit-secondary.spec:
    * Add "Requires: audit-rules" for audit package
    * Remove preun/postun handling of audit-rules.service
* Tue Sep 17 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update to 4.0
    - Drop python2 support
    - Drop auvirt and autrace programs
    - Drop SysVinit support
    - Require the use of the 5.0 or later kernel headers
    - New README.md file
    - Rewrite legacy service functions in terms of systemctl
    - Consolidate and update end of event detection to a common function
    - Split off rule loading from auditd.service into audit-rules.service
    - Refactor libaudit.h to split out logging functions and record numbers
    - Speed up aureport --summary reports
    - Limit libaudit python bindings to logging functions
    - Add a metrics function for auparse
    - Change auditctl to use pidfd_send_signal for signaling auditd
    - Adjust watches to optimize syscalls hooked when watch file access
    - Drop nispom rules
    - Add intepretations for fsconfig, fsopen, fsmount, & move_mount
    - Many code fixups (cgzones)
    - Update syscall and interpretation tables to the 6.8 kernel
    (from v3.1.2)
    - When processing a run level change, make auditd exit
    - In auditd, fix return code when rules added in immutable mode
    - In auparse, when files are given, also consider EUID for access
    - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
    - Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
    - Update all lookup tables for the 6.5 kernel
    - Don't be as paranoid about auditctl -R file permissions
    - In ausearch, correct subject/object search to be an and if both are given
    - Adjust formats for 64 bit time_t
    - Fix segfault in python bindings around the feed API
    - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
  - Update spec:
    * Move rules-related files into new subpackage `audit-rules':
    * Files moved:
    - /sbin/auditctl, /sbin/augenrules,
    /etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules}
    - manpages for auditctl, augenrules, and audit.rules
    - /etc/audit is now owned by `audit-rules' as well
    * Add new file /usr/lib/systemd/system/audit-rules.service
    * Remove in-house create-augenrules-service.patch that generated
      augenrules.service systemd unit service
    * Remove ownership of /usr/share/audit
    * Create /usr/share/audit-rules directory on %install
    * Remove audit-userspace-517-compat.patch (fixed upstream)
    * Remove libev-werror.patch (fixed upstream)
    * Remove audit-allow-manual-stop.patch (fixed upstream)
    * Add fix-auparse-test.patch (downstream):
      Upstream tests uses a static value (42) for 'gdm' uid/gid (based
      on Fedora values, apparently).  Replace these occurrences with
      'unknown(123456)'
    * Replace '--with-python' with '--with-python3' on %configure
    * Remove autrace and auvirt references (upstream)
    * Replace README with README.md
  - Drop `--enable-systemd' from %configure as SysV-style scripts
    aren't supported in upstream since
    113ae191758c ("Drop support for SysVinit")
* Mon Aug 05 2024 Thorsten Kukuk <kukuk@suse.com>
  - Remove rcaudit symlink [jsc#PED-266]
* Mon Jul 03 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1.1:
    * Add user friendly keywords for signals to auditctl
    * In ausearch, parse up URINGOP and DM_CTRL records
    * Harden auparse to better handle corrupt logs
    * Fix a CFLAGS propogation problem in the common directory
    * Move the audispd af_unix plugin to a standalone program
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
  - Add _multibuild to define additional spec files as additional
    flavors.
    Eliminates the need for source package links in OBS.
* Mon Feb 20 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1:
    * Disable ProtectControlGroups in auditd.service by default
    * Fix rule checking for exclude filter
    * Make audit_rule_syscallbyname_data work correctly outside of auditctl
    * Add new record types
    * Add io_uring support
    * Add support for new FANOTIFY record fields
    * Add keyword, this-hour, to ausearch/report start/end options
    * Add Requires.private to audit.pc file
    * Try to interpret OPENAT2 fields correctly
* Tue Dec 27 2022 Ludwig Nussel <lnussel@suse.com>
  - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Thu Dec 15 2022 Enzo Matsumiya <ematsumiya@suse.de>
  - Enable build for ARM (32-bit)
  - Update to version 3.0.9:
    * In auditd, release the async flush lock on stop
    * Don't allow auditd to log directly into /var/log when log_group is non-zero
    * Cleanup krb5 memory leaks on error paths
    * Update auditd.cron to use auditctl --signal
    * In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
    * In auparse, special case kernel module name interpretation
    * If overflow_action is ignore, don't treat as an error
    (3.0.8)
    * Add gcc function attributes for access and allocation
    * Add some more man pages (MIZUTA Takeshi)
    * In auditd, change the reinitializing of the plugin queue
    * Fix path normalization in auparse (Sergio Correia)
    * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
    * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
    * Drop ProtectHome from auditd.service as it interferes with rules
    (3.0.7)
    * Add support for the OPENAT2 record type (Richard Guy Briggs)
    * In auditd, close the logging file descriptor when logging is suspended
    * Update the capabilities lookup table to match 5.16 kernel
    * Improve interpretation of renamat & faccessat family of syscalls
    * Update syscall table for the 5.16 kernel
    * Reduce dependency from initscripts to initscripts-service
  - Refresh patches (context adjusment):
    * audit-allow-manual-stop.patch
    * audit-ausearch-do-not-require-tclass.patch
    * audit-no-gss.patch
    * enable-stop-rules.patch
    * fix-hardened-service.patch
    * harden_auditd.service.patch
  - Remove patches (fixed by version update):
    * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
    * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Mon Apr 11 2022 Jan Engelhardt <jengelh@inai.de>
  - Drop buildrequire on C++ compiler.
  - Modernize specfile constructs.
* Sat Mar 26 2022 Stephan Kulow <coolo@suse.com>
  - Fix buildrequire for openldap2-devel - audit doesn't require the
    (outdated) C++ binding, but the C headers that happen to be pulled
    in by buildrequiring the C++ devel package
* Fri Mar 25 2022 Enzo Matsumiya <ematsumiya@suse.com>
  - Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
    * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
  - Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517)
    * add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Wed Mar 23 2022 Dirk Müller <dmueller@suse.com>
  - add audit-userspace-517-compat.patch
* Mon Nov 29 2021 Fabian Vogt <fvogt@suse.com>
  - Use %autosetup
  - Don't include sample rules as %doc, they're already installed
    as normal files
  - Fix create-augenrules-service.patch:
    * auditd.service needs to require augenrules.service,
      not the other way around
  - Fix documentation for enable-stop-rules.patch
* Sun Nov 07 2021 Callum Farmer <gmbr3@opensuse.org>
  - Update to version 3.0.6:
    * fixes a segfault on some SELINUX_ERR records
    * makes IPX packet interpretation dependent on the ipx header
      file existing
    * adds b32/b64 support to ausyscall
    * adds support for armv8l
    * fixes auditctl list of syscalls on PPC
    * auditd.service now restarts auditd under some conditions
* Fri Oct 15 2021 Callum Farmer <gmbr3@opensuse.org>
  - Add CONFIG parameter to %sysusers_generate_pre
* Wed Oct 13 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Create separate service for augenrules (bsc#1191614, bsc#1181400)
    * add create-augenrules-service.patch
    Remove ReadWritePaths=/etc/audit from auditd.service, also removes
    augenrules call from ExecStartPost.
    Create augenrules.service with the ReadWritePaths directive above.
    This makes /etc/audit only accessible by augenrules.service and
    let auditd.service (and daemon) to be sandboxed again.
  - Update audit-secondary.spec to accomodate the new service file.
* Mon Sep 20 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Fix hardened auditd.service (bsc#1181400)
    * add fix-hardened-service.patch
      Make /etc/audit read-write from the service.
      Remove PrivateDevices=true to expose /dev/* to auditd.service.
  - Enable stop rules for audit.service (cf. bsc#1190227)
    * add enable-stop-rules.patch
* Thu Sep 16 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Change default log_format from ENRICHED to RAW (bsc#1190500):
    * add change-default-log_format.patch (SUSE-specific patch)
  - Update to version 3.0.5:
    * In auditd, flush uid/gid caches when user/group added/deleted/modified
    * Fixed various issues when dealing with corrupted logs
    * In auditd, check if log_file is valid before closing handle
  - Include fixed from 3.0.4:
    * Apply performance speedups to auparse library
    * Optimize rule loading in auditctl
    * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
    * Update syscall table to the 5.14 kernel
    * Fixed various issues when dealing with corrupted logs
* Mon Aug 16 2021 Marcus Meissner <meissner@suse.com>
  - harden_auditd.service.patch: automatic hardening applied to systemd
    services
* Fri Jul 30 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Update to version 3.0.3:
    * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
    * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
    * Change auparse_feed_has_data in auparse to include incomplete events
    * Auditd, stop linking against -lrt
    * Add ProtectHome and RestrictRealtime to auditd.service
    * In auditd, read up to 3 netlink packets in a row
    * In auditd, do not validate path to plugin unless active
    * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
  - use https source urls
* Mon Jun 14 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Adjust audit.spec and audit-secondary.spec to support new version
  - Include fix for libev
    * add libev-werror.patch
  - Update to version 3.0.2
  - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
  - Optionally interpret auid in auditctl -l
  - Update some syscall argument interpretations
  - In auditd, do not allow spaces in the hostname name format
  - Big documentation cleanup (MIZUTA Takeshi)
  - Update syscall table to the 5.12 kernel
  - Update the auparse normalizer for new event types
  - Fix compiler warnings in ids subsystem
  - Block a couple signals from flush & reconfigure threads
  - In auditd, don't wait on flush thread when exiting
  - Output error message if the path of input files are too long ausearch/report
    Included fixes from 3.0.1
  - Update syscall table to the 5.11 kernel
  - Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
  - Only enable periodic timers when listening on the network
  - Upgrade libev to 4.33
  - Add auparse_new_buffer function to auparse library
  - Use the select libev backend unless aggregating events
  - Add sudoers to some base audit rules
  - Update the auparse normalizer for some new syscalls and event types
    Included fixes from 3.0
  - Generate checkpoint file even when no results are returned (Burn Alting)
  - Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
  - Convert auparse_test to run with python3 (Tomáš Chvátal)
  - Drop support for prelude
  - Adjust backlog_wait_time in rules to the kernel default (#1482848)
  - Remove ids key syntax checking of rules in auditctl
  - Use SIGCONT to dump auditd internal state (#1504251)
  - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
  - Fix parsing of uid & success for ausearch
  - Add support for not equal operator in audit by executable (Ondrej Mosnacek)
  - Hide lru symbols in auparse
  - Add systemd process protections
  - Fix aureport summary time range reporting
  - Allow unlimited retries on startup for remote logging
  - Add queue_depth to remote logging stats and increase default queue_depth size
  - Fix segfault on shutdown
  - Merge auditd and audispd code
  - Close on execute init_pipe fd (#1587995)
  - Breakout audisp syslog plugin to be standalone program
  - Create a common internal library to reduce code
  - Move all audispd config files under /etc/audit/
  - Move audispd.conf settings into auditd.conf
  - Add queue depth statistics to internal state dump report
  - Add network statistics to internal state dump report
  - SIGUSR now also restarts queue processing if its suspended
  - Update lookup tables for the 4.18 kernel
  - Add auparse_normalizer support for SOFTWARE_UPDATE event
  - Add 30-ospp-v42.rules to meet new Common Criteria requirements
  - Deprecate enable_krb and replace with transport config opt for remote logging
  - Mark netlabel events as simple events so that get processed quicker
  - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
  - In aureport, fix segfault in file report
  - Add auparse_normalizer support for labeled networking events
  - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
  - In ausearch/auparse, event aging is off by a second
  - In ausearch/auparse, correct event ordering to process oldest first
  - Migrate auparse python test to python3
  - auparse_reset was not clearing everything it should
  - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
  - In ausearch/report, lightly parse selinux portion of USER_AVC events
  - Add bpf syscall command argument interpretation to auparse
  - In ausearch/report, limit record size when malformed
  - Port af_unix plugin to libev
  - In auditd, fix extract_type function for network originating events
  - In auditd, calculate right size and location for network originating events
  - Make legacy script wait for auditd to terminate (#1643567)
  - Treat all network originating events as VER2 so dispatcher doesn't format it
  - If an event has a node name make it VER2 so dispatcher doesnt format it
  - In audisp-remote do an initial connection attempt (#1625156)
  - In auditd, allow expression of space left as a percentage (#1650670)
  - On PPC64LE systems, only allow 64 bit rules (#1462178)
  - Make some parts of auditd state report optional based on config
  - Update to libev-4.25
  - Fix ausearch when checkpointing a single file (Burn Alting)
  - Fix scripting in 31-privileged.rules wrt filecap (#1662516)
  - In ausearch, do not checkpt if stdin is input source
  - In libev, remove __cold__ attribute for functions to allow proper hardening
  - Add tests to configure.ac for openldap support
  - Make systemd support files use /run rather than /var/run (Christian Hesse)
  - Fix minor memory leak in auditd kerberos credentials code
  - Allow exclude and user filter by executable name (Ondrej Mosnacek)
  - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
  - In ausearch/report fix --end to use midnight time instead of now (#1671338)
  - Add substitue functions for strndupa & rawmemchr
  - Fix memleak in auparse caused by corrected event ordering
  - Fix legacy reload script to reload audit rules when daemon is reloaded
  - Support for unescaping in trusted messages (Dmitry Voronin)
  - In auditd, use standard template for DEAMON events (Richard Guy Briggs)
  - In aureport, fix segfault for malformed USER_CMD events
  - Add exe field to audit_log_user_command in libaudit
  - In auditctl support filter on socket address families (Richard Guy Briggs)
  - Deprecate support for Alpha & IA64 processors
  - If space_left_action is rotate, allow it every time (#1718444)
  - In auparse, drop standalone EOE events
  - Add milliseconds column for ausearch extra time csv format
  - Fix aureport first event reporting when no start given
  - In audisp-remote, add new config item for startup connection errors
  - Remove dependency on chkconfig
  - Install rules to /usr/share/audit/sample-rules/
  - Split up ospp rules to make SCAP scanning easier (#1746018)
  - In audisp-syslog, support interpreting records (#1497279)
  - Audit USER events now sends msg as name value pair
  - Add support for AUDIT_BPF event
  - Auditd should not process AUDIT_REPLACE events
  - Update syscall tables to the 5.5 kernel
  - Improve personality interpretation by using PERS_MASK
  - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
  - Change auparse python bindings to shared object (Issue #121)
  - Add error messages for watch permissions
  - If audit rules file doesn't exist log error message instead of info message
  - Revise error message for unmatched options in auditctl
  - In audisp-remote, fixup remote endpoint disappearin in ascii format
  - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
  - In auditctl, add support for sending a signal to auditd
  - Removes audit-fno-common.patch: fixed in upstream
  - Removes audit-python3.patch: fixed in upstream
* Mon Feb 01 2021 Dominique Leuenberger <dimstar@opensuse.org>
  - Do not explicitly provide group(audit) in system-users-audit:
    this is automatically handled by rpm/providers.
* Thu Jan 28 2021 Enzo Matsumiya <ematsumiya@suse.com>
  - Create new "audit" group for read access to logs (bsc#1178154)
    * add change-default-log_group.patch
    * update audit-secondary.spec

Files

/etc/audit
/etc/audit/auditd.conf
/etc/audit/plugins.d
/etc/audit/plugins.d/af_unix.conf
/etc/audit/plugins.d/syslog.conf
/etc/auditd.conf
/usr/bin/aulast
/usr/bin/aulastlog
/usr/bin/ausyscall
/usr/lib/systemd/system/auditd.service
/usr/sbin/audisp-af_unix
/usr/sbin/audisp-syslog
/usr/sbin/auditd
/usr/sbin/aureport
/usr/sbin/ausearch
/usr/share/doc/packages/audit
/usr/share/doc/packages/audit/ChangeLog
/usr/share/doc/packages/audit/README.md
/usr/share/doc/packages/audit/auditd.cron
/usr/share/licenses/audit
/usr/share/licenses/audit/COPYING
/usr/share/man/man5/auditd.conf.5.gz
/usr/share/man/man5/ausearch-expression.5.gz
/usr/share/man/man8/audisp-af_unix.8.gz
/usr/share/man/man8/auditd.8.gz
/usr/share/man/man8/aulast.8.gz
/usr/share/man/man8/aulastlog.8.gz
/usr/share/man/man8/aureport.8.gz
/usr/share/man/man8/ausearch.8.gz
/usr/share/man/man8/ausyscall.8.gz
/var/log/audit
/var/log/audit/audit.log
/var/spool/audit


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Nov 13 00:41:02 2024