Commit Graph

293 Commits

Author SHA1 Message Date
Steve
b3b54c6117 add in some systemd scriptlets that were missed, including one which
will cause auditd to be enabled on upgrade from pre-systemd builds
2011-09-16 20:26:43 -04:00
Steve
33ec4fcb44 Enable by default (#737060) 2011-09-14 19:31:33 -04:00
Steve
8dd6547d12 Correct misplaced %ifnarch (#734359) 2011-08-30 13:51:21 -04:00
Steve
aeaa0e54f1 New upstream release 2011-08-15 13:49:32 -04:00
Steve
2d98cfa2f0 Introduce systemd unit file, drop SysV support 2011-07-26 20:28:48 -04:00
Steve
8b5d586a4b Introduce systemd unit file, drop SysV support 2011-07-26 20:04:26 -04:00
Steve
e7ff0d2294 New upstream release 2011-06-11 10:20:22 -04:00
Steve
6b391997be New upstream release 2011-06-11 10:07:10 -04:00
Steve
f205d23649 New upstream release 2011-04-20 17:07:24 -04:00
Steve
1eb8004e32 New upstream release 2011-03-29 19:54:22 -04:00
Dennis Gilmore
16421f7f6b - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-07 21:30:33 -06:00
Steve
71d7ff74bc - New upstream release 2011-02-04 13:05:38 -05:00
Karsten Hopp
9cf3f40191 bump and rebuild as 2.0.5-1 was erroneously linked with python-2.6 on ppc 2011-01-20 21:15:43 +01:00
Steve
86f9e56bf6 - New upstream release 2010-11-02 16:53:07 -04:00
dmalcolm
892aad8b84 - Rebuilt for
https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
2010-07-22 00:39:06 +00:00
Adam Jackson
9347513a78 autoreconf so the makefile change takes effect 2010-02-16 22:11:08 +00:00
Adam Jackson
f3577bed94 - audit-2.0.4-add-needed.patch: Fix FTBFS for --no-add-needed 2010-02-16 21:50:10 +00:00
Steve Grubb
e2190be046 - Split out static libs (#556039) 2010-01-29 18:57:22 +00:00
Steve Grubb
36cd75f988 - Split out static libs (#556039) 2010-01-29 18:46:25 +00:00
Steve Grubb
5e1075d12f - New upstream release 2009-12-08 15:44:08 +00:00
Steve Grubb
b1c2e57a32 - New upstream release 2009-10-17 19:29:28 +00:00
Steve Grubb
05d70ed917 - New upstream release 2009-10-16 17:14:38 +00:00
Steve Grubb
028898f181 - New upstream release 2009-10-16 17:09:20 +00:00
Steve Grubb
52a4831e16 - New upstream release 2009-09-28 19:55:04 +00:00
Steve Grubb
964f2cbd9f - New upstream release 2009-08-21 14:57:14 +00:00
Steve Grubb
1c13929628 - New upstream release 2009-08-19 19:23:25 +00:00
Steve Grubb
ad21c8a37c - New upstream release 2009-08-19 19:16:54 +00:00
Steve Grubb
7b312bdccc - New upstream release 2009-08-19 19:06:41 +00:00
Steve Grubb
ff137c5b6c add temporary compat package 2009-08-19 18:51:56 +00:00
Steve Grubb
b9f018d58e - New upstream release 2009-08-18 18:13:00 +00:00
Steve Grubb
0d9d3c9ee2 fix the release numbers 2009-07-29 23:52:26 +00:00
Jesse Keating
827754ea8c - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-24 17:33:31 +00:00
Steve Grubb
e76832c90f - New upstream release
- Fix problem with negative uids in audit rules on 32 bit systems
- Update tty keystroke interpretations (Miloslav Trmač)
2009-04-21 19:02:44 +00:00
Steve Grubb
943e1d4bec - Drop some debug code in libev 2009-04-03 19:42:16 +00:00
Steve Grubb
cdf3b383d3 - Apply patch from dwalsh moving audit.py file to arch specific python dir 2009-03-17 18:30:16 +00:00
Steve Grubb
e29b4b64db Adjusted the patch level 2009-02-26 23:59:43 +00:00
Steve Grubb
6578fabf5e - Handle audit=0 boot option for 2.6.29 kernel (#487541) 2009-02-26 21:44:35 +00:00
Steve Grubb
60481bc88a - New upstream release 2009-02-24 22:04:42 +00:00
Steve Grubb
311514cc09 - New upstream release 2009-02-24 21:36:08 +00:00
Jesse Keating
58d4476524 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-24 03:11:20 +00:00
Steve Grubb
46e327bbf6 Fix syslog conf packaging 2009-01-24 15:03:04 +00:00
Steve Grubb
24bca3bf6d - Add crypto event definitions 2009-01-13 22:12:58 +00:00
Steve Grubb
506ae42a34 - Add crypto event definitions 2009-01-13 22:01:45 +00:00
Steve Grubb
730f430ddb Add crypto event definitions 2009-01-13 21:51:42 +00:00
Steve Grubb
ea367a7cf2 - New upstream release 2009-01-10 21:10:21 +00:00
Steve Grubb
c28fd1e4b9 - Fix bz 476798 - "auditd -n" does not work 2008-12-17 15:06:51 +00:00
Steve Grubb
0784c5c460 - New upstream release 2008-12-13 13:52:26 +00:00
Ignacio Vazquez-Abrams
4f9c1b187f Rebuild for Python 2.6 2008-11-29 16:36:38 +00:00
Steve Grubb
26bdc0669a - New upstream release 2008-11-05 20:54:11 +00:00
Steve Grubb
333ae898aa - Update specfile requires to include dist 2008-10-28 14:35:27 +00:00
Steve Grubb
fb25688f94 - Fix ausearch/report recent and now time keyword lookups (#468668) 2008-10-27 17:41:01 +00:00
Steve Grubb
fd868dc9dc Update requires 2008-10-25 14:25:47 +00:00
Steve Grubb
5431994a68 - If kernel is in immutable mode, auditd should not send enable command 2008-10-25 13:08:31 +00:00
Steve Grubb
43fc1794e1 - Fix ausearch interpretting i386 syscalls on x86_64 machine 2008-10-24 19:29:23 +00:00
Steve Grubb
0961553dfe - Fix segfault when using file input to aureport
- Quieten down messages about missing gssapi support
2008-10-23 20:07:02 +00:00
Steve Grubb
c183a174e4 - Disable GSSAPI support until its reworked as plugin
- Interpret TTY audit data in auparse (Miloslav Trmač)
- Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
- Add USER_AVCs to aureport's avc reporting (Peng Haitao)
- Short circuit hostname resolution in libaudit if host is empty
- If log_group and user are not root, don't check dispatcher perms
- Fix a bug when executing "ausearch -te today PM"
- Add --exit search option to ausearch
- Fix parsing config file when kerberos is disabled
2008-10-22 18:21:46 +00:00
Steve Grubb
0983360c7f - Remove selinux policy for zos-remote 2008-10-16 19:54:50 +00:00
Steve Grubb
0a9e32d94a Disable testing of ppc 2008-09-17 20:49:00 +00:00
Steve Grubb
fffe22aac3 - Bug fixes for GSSAPI code in remote logging (DJ Delorie)
- Add watched syscall support to audisp-prelude
- Enable tcp_wrappers support in auditd
2008-09-17 20:12:32 +00:00
Steve Grubb
baa6b19d1f Don't do make check just yet 2008-09-11 23:11:08 +00:00
Steve Grubb
0f4ff3fca4 - Add subject to audit daemon events (Chu Li)
- Add tcp_wrappers support for auditd
- Updated syscall tables for 2.6.27 kernel
- Audit connect/disconnect of remote clients
- Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
2008-09-11 22:51:16 +00:00
Steve Grubb
0e1966b810 fix zos selinux policy file 2008-08-31 16:54:48 +00:00
Steve Grubb
8955505fb2 couple spec file updates 2008-08-25 21:24:14 +00:00
Steve Grubb
dce82d1b97 - Update system-config-audit to 0.4.8
- Whole lot of bug fixes - see ChangeLog for details
- Reimplement auditd main loop using libev
- Add TCP listener to auditd to receive remote events
- Fix scheduler problem (#457061)
2008-08-25 20:05:09 +00:00
Steve Grubb
8b5ee23989 - Move ausearch-expression to main package (#453437) 2008-07-04 00:55:30 +00:00
Steve Grubb
a94ab1c00d - Fix interpreting of keys in syscall records
- Don't error on name=(null) PATH records in ausearch/report
- Add key report to aureport
- Update system-config-audit to 0.4.7 (Miloslav Trmac)
- Add support for the filetype field option in auditctl new to 2.6.26
    kernels
2008-05-19 18:02:47 +00:00
Steve Grubb
b4b03fa176 - Fix output of keys in ausearch interpretted mode
- Fix ausearch/report --start now to not be reset to midnight
- audispd now has a priority boost config option
- Look for laddr in avcs reported via prelude
- Detect page 0 mmaps and alert via prelude
2008-05-09 18:37:00 +00:00
Steve Grubb
f2add7b4d6 - Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
- Fix auparse iterating in auparse_find_field and next_field
- Don't alert on USER_AVC's - they are not quite right
2008-04-18 20:18:30 +00:00
Steve Grubb
26677d9499 - Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
- Fix auparse iterating in auparse_find_field and next_field
- Don't alert on USER_AVC's - they are not quite right
2008-04-18 19:47:43 +00:00
Steve Grubb
d0505052ce - Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
2008-04-17 21:14:24 +00:00
Steve Grubb
0553dafd8a Add directory to locate rules 2008-04-08 17:28:30 +00:00
Steve Grubb
e32261e9dd Get rid of old patches 2008-04-08 17:14:57 +00:00
Steve Grubb
0a9ab60e01 - Fix buffer overflow in audit_log_user_command, again (#438840)
- Fix memory leak in EOE code in auditd (#440075)
- In auditctl, don't use new operators in legacy rule format
- Made a couple corrections in alpha & x86_64 syscall tables (Miloslav
    Trmac)
2008-04-08 17:11:19 +00:00
Steve Grubb
66fff58cc0 - Fix buffer overflow in audit_log_user_command, again (#438840)
- Fix memory leak in EOE code in auditd (#440075)
- In auditctl, don't use new operators in legacy rule format
- Made a couple corrections in alpha & x86_64 syscall tables (Miloslav
    Trmac)
2008-04-08 17:10:03 +00:00
Steve Grubb
13e2090eff - Fix memleak in auditd eoe code 2008-04-05 01:38:01 +00:00
Steve Grubb
5676baffd9 - Remove LSB headers from init scripts
- Fix buffer overflow in audit_log_user_command again
2008-04-01 16:33:34 +00:00
Steve Grubb
89ca632558 update sc-audit release 2008-03-30 19:18:35 +00:00
Steve Grubb
8efb1f0ace - Handle user space avcs in prelude plugin
- Fix watched account login detection for some failed login attempts
- Couple fixups in audit logging functions (Miloslav Trmac)
- Add support in auditctl for virtual keys
- auparse_find_field_next was not iterating correctly, fixed it
- Add idmef alerts for access or execution of watched file
- Fix buffer overflow in audit_log_user_command
- Add basic remote logging plugin - only sends & no flow control
- Update ausearch with interpret fixes from auparse
2008-03-30 19:17:17 +00:00
Steve Grubb
44f663a360 - Apply hidden attribute cleanup patch (Miloslav Trmac)
- Apply auparse expression interface patch (Miloslav Trmac)
- Fix potential memleak in audit event dispatcher
- Update system-config-audit to version 0.4.6 (Miloslav Trmac)
- audisp-prelude alerts now controlled by config file
- Updated syscall table for 2.6.25 kernel
- Apply patch correcting acct field being misencoded (Miloslav Trmac)
- Added watched account login detection for prelude plugin
2008-03-09 23:29:28 +00:00
Steve Grubb
379ed2602a updated spec file for merge review 2008-02-25 11:27:40 +00:00
Steve Grubb
a37b944f0b - Update for gcc 4.3
- Cleanup descriptors in audispd before running plugin
- Fix 'recent' keyword for aureport/search
- Fix SE Linux policy for zos_remote plugin
- Add event type for group password authentication attempts
- Couple of updates to the translation tables
- Add detection of failed group authentication to audisp-prelude
2008-02-14 19:51:04 +00:00
Steve Grubb
f4110fe9a8 bump release number 2008-01-31 22:27:40 +00:00
Steve Grubb
5ccda98dc4 - In ausearch/report, prefer -if to stdin
- In ausearch/report, add new command line option --input-logs (#428860)
- Updated audisp-prelude based on feedback from prelude-devel
- Added prelude alert for promiscuous socket being opened
- Added prelude alert for SE Linux policy enforcement changes
- Added prelude alerts for Forbidden Login Locations and Time
- Applied patch to auparse fixing error handling of searching by
    interpreted value (Miloslav Trmac)
2008-01-31 22:17:06 +00:00
Steve Grubb
7307aa51db - In ausearch/report, prefer -if to stdin
- In ausearch/report, add new command line option --input-logs (#428860)
- Updated audisp-prelude based on feedback from prelude-devel
- Added prelude alert for promiscuous socket being opened
- Added prelude alert for SE Linux policy enforcement changes
- Added prelude alerts for Forbidden Login Locations and Time
- Applied patch to auparse fixing error handling of searching by
    interpreted value (Miloslav Trmac)
2008-01-31 22:07:21 +00:00
Steve Grubb
9893d2d877 - Add prelude IDS plugin for IDMEF alerts
- Add --user option to aulastlog command
- Use desktop-file-install for system-config-audit
- Avoid touching auditd.conf most of the time (#408501)
2008-01-19 20:59:34 +00:00
Steve Grubb
597b4aeb16 - Updates for spec file review
- Adjust permission on selinux policy file
2008-01-11 20:42:03 +00:00
Steve Grubb
7b5bbccaae - Adjust permission on selinux policy file 2008-01-11 16:14:53 +00:00
Steve Grubb
61abc7b01e - Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
- Check for audit log being writable by owner in auditd
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
- Added aulastlog utility
2008-01-07 20:11:15 +00:00
Steve Grubb
1d5ece1ce9 - Allow 0600 file perms for audit logs 2007-12-31 03:48:17 +00:00
Steve Grubb
1a7594d87f - Allow 0600 file perms for audit logs 2007-12-31 03:29:57 +00:00
Steve Grubb
e8486e1e33 - fchmod of log file was on wrong variable (#426934)
- Allow use of errno strings for exit codes in audit rules
2007-12-29 15:51:09 +00:00
Miloslav Trmac
53106a0572 - Don't fchmod() /dev/null to mode 0400 (#426934) 2007-12-29 00:32:06 +00:00
Steve Grubb
597027a35e - Add kernel release string to DEAMON_START events
- Fix keep_logs when num_logs option disabled (#325561)
- Fix auparse to handle node fields for syscall records
- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
- Add keyword week-ago to aureport & ausearch start/end times
- Fix audit log permissions on rotate. If group is root 0400, otherwise
    0440
- Add RACF zos remote audispd plugin (Klaus Kiwi)
- Add event queue overflow action to audispd
2007-12-27 21:50:31 +00:00
Steve Grubb
fed3183375 - Fix race between threads accessing common data in auditd
- Fix double free in event dispatcher.
2007-10-17 18:21:53 +00:00
Steve Grubb
0a1d445d1c - Fix syscall name to number conversion in libaudit. 2007-10-05 15:42:18 +00:00
Steve Grubb
eadd98d61f - Don't retry if the rt queue is full. 2007-10-01 18:43:37 +00:00
Steve Grubb
559824bd5d - Add support for searching by posix regular expressions in auparse
- Route DEAMON events into rt interface
- If event pipe is full, try again after doing local logging
- Optionally add node/machine name to records in audit daemon
- Update ausearch/aureport to specify nodes to search on
- Fix segfault interpretting saddr fields in avcs
2007-09-25 15:56:34 +00:00
Steve Grubb
b62f29eb75 - Fix uninitialized variable in auparse (John Dennis) 2007-09-06 18:16:57 +00:00
Steve Grubb
862b73deea - External plugin support in place
- Fix reference counting in auparse python bindings (#263961)
- Moved default af_unix plugin socket to /var/run/audispd_events
2007-09-02 16:49:22 +00:00
Steve Grubb
114d2589bb - Add newline to audispd string formatted events 2007-08-29 17:18:22 +00:00