Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

audit-4.0-3.2 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: audit Distribution: openSUSE Tumbleweed
Version: 4.0 Vendor: openSUSE
Release: 3.2 Build date: Fri Oct 4 18:06:06 2024
Group: System/Monitoring Build host: reproducible
Size: 524853 Source RPM: audit-secondary-4.0-3.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://people.redhat.com/sgrubb/audit/
Summary: User Space Tools for Kernel Auditing
The audit package contains the user space utilities for storing and
processing the audit records generated by the audit subsystem in the
Linux kernel.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Fri Oct 04 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update audit.spec (bsc#1231236):
    * add requirement for 'awk' package
    * move some %post logic from audit to audit-rules
* Wed Oct 02 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Readd audit-allow-manual-stop.patch (removed by mistake)
* Tue Oct 01 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Fix plugin termination when using systemd service units (bsc#1215377)
    * add auditd.service-fix-plugin-termination.patch
* Thu Sep 26 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update audit-secondary.spec:
    * Add "Requires: audit-rules" for audit package
    * Remove preun/postun handling of audit-rules.service
* Tue Sep 17 2024 Enzo Matsumiya <ematsumiya@suse.com>
  - Update to 4.0
    - Drop python2 support
    - Drop auvirt and autrace programs
    - Drop SysVinit support
    - Require the use of the 5.0 or later kernel headers
    - New README.md file
    - Rewrite legacy service functions in terms of systemctl
    - Consolidate and update end of event detection to a common function
    - Split off rule loading from auditd.service into audit-rules.service
    - Refactor libaudit.h to split out logging functions and record numbers
    - Speed up aureport --summary reports
    - Limit libaudit python bindings to logging functions
    - Add a metrics function for auparse
    - Change auditctl to use pidfd_send_signal for signaling auditd
    - Adjust watches to optimize syscalls hooked when watch file access
    - Drop nispom rules
    - Add intepretations for fsconfig, fsopen, fsmount, & move_mount
    - Many code fixups (cgzones)
    - Update syscall and interpretation tables to the 6.8 kernel
    (from v3.1.2)
    - When processing a run level change, make auditd exit
    - In auditd, fix return code when rules added in immutable mode
    - In auparse, when files are given, also consider EUID for access
    - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
    - Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
    - Update all lookup tables for the 6.5 kernel
    - Don't be as paranoid about auditctl -R file permissions
    - In ausearch, correct subject/object search to be an and if both are given
    - Adjust formats for 64 bit time_t
    - Fix segfault in python bindings around the feed API
    - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
  - Update spec:
    * Move rules-related files into new subpackage `audit-rules':
    * Files moved:
    - /sbin/auditctl, /sbin/augenrules,
    /etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules}
    - manpages for auditctl, augenrules, and audit.rules
    - /etc/audit is now owned by `audit-rules' as well
    * Add new file /usr/lib/systemd/system/audit-rules.service
    * Remove in-house create-augenrules-service.patch that generated
      augenrules.service systemd unit service
    * Remove ownership of /usr/share/audit
    * Create /usr/share/audit-rules directory on %install
    * Remove audit-userspace-517-compat.patch (fixed upstream)
    * Remove libev-werror.patch (fixed upstream)
    * Remove audit-allow-manual-stop.patch (fixed upstream)
    * Add fix-auparse-test.patch (downstream):
      Upstream tests uses a static value (42) for 'gdm' uid/gid (based
      on Fedora values, apparently).  Replace these occurrences with
      'unknown(123456)'
    * Replace '--with-python' with '--with-python3' on %configure
    * Remove autrace and auvirt references (upstream)
    * Replace README with README.md
  - Drop `--enable-systemd' from %configure as SysV-style scripts
    aren't supported in upstream since
    113ae191758c ("Drop support for SysVinit")
* Mon Aug 05 2024 Thorsten Kukuk <kukuk@suse.com>
  - Remove rcaudit symlink [jsc#PED-266]
* Mon Jul 03 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1.1:
    * Add user friendly keywords for signals to auditctl
    * In ausearch, parse up URINGOP and DM_CTRL records
    * Harden auparse to better handle corrupt logs
    * Fix a CFLAGS propogation problem in the common directory
    * Move the audispd af_unix plugin to a standalone program
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
  - Add _multibuild to define additional spec files as additional
    flavors.
    Eliminates the need for source package links in OBS.
* Mon Feb 20 2023 Paolo Stivanin <info@paolostivanin.com>
  - Update to 3.1:
    * Disable ProtectControlGroups in auditd.service by default
    * Fix rule checking for exclude filter
    * Make audit_rule_syscallbyname_data work correctly outside of auditctl
    * Add new record types
    * Add io_uring support
    * Add support for new FANOTIFY record fields
    * Add keyword, this-hour, to ausearch/report start/end options
    * Add Requires.private to audit.pc file
    * Try to interpret OPENAT2 fields correctly
* Tue Dec 27 2022 Ludwig Nussel <lnussel@suse.com>
  - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Thu Dec 15 2022 Enzo Matsumiya <ematsumiya@suse.de>
  - Enable build for ARM (32-bit)
  - Update to version 3.0.9:
    * In auditd, release the async flush lock on stop
    * Don't allow auditd to log directly into /var/log when log_group is non-zero
    * Cleanup krb5 memory leaks on error paths
    * Update auditd.cron to use auditctl --signal
    * In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
    * In auparse, special case kernel module name interpretation
    * If overflow_action is ignore, don't treat as an error
    (3.0.8)
    * Add gcc function attributes for access and allocation
    * Add some more man pages (MIZUTA Takeshi)
    * In auditd, change the reinitializing of the plugin queue
    * Fix path normalization in auparse (Sergio Correia)
    * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
    * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
    * Drop ProtectHome from auditd.service as it interferes with rules
    (3.0.7)
    * Add support for the OPENAT2 record type (Richard Guy Briggs)
    * In auditd, close the logging file descriptor when logging is suspended
    * Update the capabilities lookup table to match 5.16 kernel
    * Improve interpretation of renamat & faccessat family of syscalls
    * Update syscall table for the 5.16 kernel
    * Reduce dependency from initscripts to initscripts-service
  - Refresh patches (context adjusment):
    * audit-allow-manual-stop.patch
    * audit-ausearch-do-not-require-tclass.patch
    * audit-no-gss.patch
    * enable-stop-rules.patch
    * fix-hardened-service.patch
    * harden_auditd.service.patch
  - Remove patches (fixed by version update):
    * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
    * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Mon Apr 11 2022 Jan Engelhardt <jengelh@inai.de>
  - Drop buildrequire on C++ compiler.
  - Modernize specfile constructs.
* Sat Mar 26 2022 Stephan Kulow <coolo@suse.com>
  - Fix buildrequire for openldap2-devel - audit doesn't require the
    (outdated) C++ binding, but the C headers that happen to be pulled
    in by buildrequiring the C++ devel package
* Fri Mar 25 2022 Enzo Matsumiya <ematsumiya@suse.com>
  - Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
    * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
  - Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517)
    * add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
* Wed Mar 23 2022 Dirk Müller <dmueller@suse.com>
  - add audit-userspace-517-compat.patch

Files

/etc/audit
/etc/audit/auditd.conf
/etc/audit/plugins.d
/etc/audit/plugins.d/af_unix.conf
/etc/audit/plugins.d/syslog.conf
/etc/auditd.conf
/usr/bin/aulast
/usr/bin/aulastlog
/usr/bin/ausyscall
/usr/lib/systemd/system/auditd.service
/usr/sbin/audisp-af_unix
/usr/sbin/audisp-syslog
/usr/sbin/auditd
/usr/sbin/aureport
/usr/sbin/ausearch
/usr/share/doc/packages/audit
/usr/share/doc/packages/audit/ChangeLog
/usr/share/doc/packages/audit/README.md
/usr/share/doc/packages/audit/auditd.cron
/usr/share/licenses/audit
/usr/share/licenses/audit/COPYING
/usr/share/man/man5/auditd.conf.5.gz
/usr/share/man/man5/ausearch-expression.5.gz
/usr/share/man/man8/audisp-af_unix.8.gz
/usr/share/man/man8/auditd.8.gz
/usr/share/man/man8/aulast.8.gz
/usr/share/man/man8/aulastlog.8.gz
/usr/share/man/man8/aureport.8.gz
/usr/share/man/man8/ausearch.8.gz
/usr/share/man/man8/ausyscall.8.gz
/var/log/audit
/var/log/audit/audit.log
/var/spool/audit


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 12 01:37:12 2025