| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: audit-rules | Distribution: openSUSE:Factory:zSystems |
| Version: 4.0 | Vendor: openSUSE |
| Release: 3.3 | Build date: Fri Oct 4 18:06:06 2024 |
| Group: System/Monitoring | Build host: reproducible |
| Size: 111157 | Source RPM: audit-secondary-4.0-3.3.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://people.redhat.com/sgrubb/audit/ | |
| Summary: Rules and utilities for audit | |
The audit rules package contains the rules and utilities to load audit rules.
LGPL-2.1-or-later
* Fri Oct 04 2024 Enzo Matsumiya <ematsumiya@suse.com>
- Update audit.spec (bsc#1231236):
* add requirement for 'awk' package
* move some %post logic from audit to audit-rules
* Wed Oct 02 2024 Enzo Matsumiya <ematsumiya@suse.com>
- Readd audit-allow-manual-stop.patch (removed by mistake)
* Tue Oct 01 2024 Enzo Matsumiya <ematsumiya@suse.com>
- Fix plugin termination when using systemd service units (bsc#1215377)
* add auditd.service-fix-plugin-termination.patch
* Thu Sep 26 2024 Enzo Matsumiya <ematsumiya@suse.com>
- Update audit-secondary.spec:
* Add "Requires: audit-rules" for audit package
* Remove preun/postun handling of audit-rules.service
* Tue Sep 17 2024 Enzo Matsumiya <ematsumiya@suse.com>
- Update to 4.0
- Drop python2 support
- Drop auvirt and autrace programs
- Drop SysVinit support
- Require the use of the 5.0 or later kernel headers
- New README.md file
- Rewrite legacy service functions in terms of systemctl
- Consolidate and update end of event detection to a common function
- Split off rule loading from auditd.service into audit-rules.service
- Refactor libaudit.h to split out logging functions and record numbers
- Speed up aureport --summary reports
- Limit libaudit python bindings to logging functions
- Add a metrics function for auparse
- Change auditctl to use pidfd_send_signal for signaling auditd
- Adjust watches to optimize syscalls hooked when watch file access
- Drop nispom rules
- Add intepretations for fsconfig, fsopen, fsmount, & move_mount
- Many code fixups (cgzones)
- Update syscall and interpretation tables to the 6.8 kernel
(from v3.1.2)
- When processing a run level change, make auditd exit
- In auditd, fix return code when rules added in immutable mode
- In auparse, when files are given, also consider EUID for access
- Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
- Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
- Update all lookup tables for the 6.5 kernel
- Don't be as paranoid about auditctl -R file permissions
- In ausearch, correct subject/object search to be an and if both are given
- Adjust formats for 64 bit time_t
- Fix segfault in python bindings around the feed API
- Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
- Update spec:
* Move rules-related files into new subpackage `audit-rules':
* Files moved:
- /sbin/auditctl, /sbin/augenrules,
/etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules}
- manpages for auditctl, augenrules, and audit.rules
- /etc/audit is now owned by `audit-rules' as well
* Add new file /usr/lib/systemd/system/audit-rules.service
* Remove in-house create-augenrules-service.patch that generated
augenrules.service systemd unit service
* Remove ownership of /usr/share/audit
* Create /usr/share/audit-rules directory on %install
* Remove audit-userspace-517-compat.patch (fixed upstream)
* Remove libev-werror.patch (fixed upstream)
* Remove audit-allow-manual-stop.patch (fixed upstream)
* Add fix-auparse-test.patch (downstream):
Upstream tests uses a static value (42) for 'gdm' uid/gid (based
on Fedora values, apparently). Replace these occurrences with
'unknown(123456)'
* Replace '--with-python' with '--with-python3' on %configure
* Remove autrace and auvirt references (upstream)
* Replace README with README.md
- Drop `--enable-systemd' from %configure as SysV-style scripts
aren't supported in upstream since
113ae191758c ("Drop support for SysVinit")
* Mon Aug 05 2024 Thorsten Kukuk <kukuk@suse.com>
- Remove rcaudit symlink [jsc#PED-266]
* Mon Jul 03 2023 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
* Mon Feb 20 2023 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
* Tue Dec 27 2022 Ludwig Nussel <lnussel@suse.com>
- Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Thu Dec 15 2022 Enzo Matsumiya <ematsumiya@suse.de>
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Mon Apr 11 2022 Jan Engelhardt <jengelh@inai.de>
- Drop buildrequire on C++ compiler.
- Modernize specfile constructs.
* Sat Mar 26 2022 Stephan Kulow <coolo@suse.com>
- Fix buildrequire for openldap2-devel - audit doesn't require the
(outdated) C++ binding, but the C headers that happen to be pulled
in by buildrequiring the C++ devel package
* Fri Mar 25 2022 Enzo Matsumiya <ematsumiya@suse.com>
- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
* add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
- Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517)
* add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Wed Mar 23 2022 Dirk Müller <dmueller@suse.com>
- add audit-userspace-517-compat.patch
/etc/audit /etc/audit.rules /etc/audit/audit-stop.rules /etc/audit/audit.rules /etc/audit/rules.d /etc/audit/rules.d/audit.rules /usr/lib/systemd/system/audit-rules.service /usr/sbin/auditctl /usr/sbin/augenrules /usr/share/audit-rules /usr/share/audit-rules/10-base-config.rules /usr/share/audit-rules/10-no-audit.rules /usr/share/audit-rules/11-loginuid.rules /usr/share/audit-rules/12-cont-fail.rules /usr/share/audit-rules/12-ignore-error.rules /usr/share/audit-rules/20-dont-audit.rules /usr/share/audit-rules/21-no32bit.rules /usr/share/audit-rules/22-ignore-chrony.rules /usr/share/audit-rules/23-ignore-filesystems.rules /usr/share/audit-rules/30-ospp-v42-1-create-failed.rules /usr/share/audit-rules/30-ospp-v42-1-create-success.rules /usr/share/audit-rules/30-ospp-v42-2-modify-failed.rules /usr/share/audit-rules/30-ospp-v42-2-modify-success.rules /usr/share/audit-rules/30-ospp-v42-3-access-failed.rules /usr/share/audit-rules/30-ospp-v42-3-access-success.rules /usr/share/audit-rules/30-ospp-v42-4-delete-failed.rules /usr/share/audit-rules/30-ospp-v42-4-delete-success.rules /usr/share/audit-rules/30-ospp-v42-5-perm-change-failed.rules /usr/share/audit-rules/30-ospp-v42-5-perm-change-success.rules /usr/share/audit-rules/30-ospp-v42-6-owner-change-failed.rules /usr/share/audit-rules/30-ospp-v42-6-owner-change-success.rules /usr/share/audit-rules/30-ospp-v42.rules /usr/share/audit-rules/30-pci-dss-v31.rules /usr/share/audit-rules/30-stig.rules /usr/share/audit-rules/31-privileged.rules /usr/share/audit-rules/32-power-abuse.rules /usr/share/audit-rules/40-local.rules /usr/share/audit-rules/41-containers.rules /usr/share/audit-rules/42-injection.rules /usr/share/audit-rules/43-module-load.rules /usr/share/audit-rules/44-installers.rules /usr/share/audit-rules/70-einval.rules /usr/share/audit-rules/71-networking.rules /usr/share/audit-rules/99-finalize.rules /usr/share/audit-rules/README-rules /usr/share/man/man7/audit.rules.7.gz /usr/share/man/man8/auditctl.8.gz /usr/share/man/man8/augenrules.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jan 14 23:53:21 2025