Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

4 changed files with 449 additions and 92 deletions

View File

@ -1 +1 @@
45cffb1ded9a57a79b33547f58228131d3eb14a6 SOURCES/audit-3.1.2.tar.gz e58e9ecd90b54b04783e0a1f0c1cfd65880f42f8 SOURCES/audit-3.1.5.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/audit-3.1.2.tar.gz SOURCES/audit-3.1.5.tar.gz

View File

@ -0,0 +1,217 @@
From 4011007b445e8f8da9b0cc45eccd793b94f6b5ce Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Thu, 29 Jul 2021 19:25:43 -0300
Subject: [PATCH] Add ausysrulevalidate
---
contrib/ausysrulevalidate | 198 ++++++++++++++++++++++++++++++++++++++
1 file changed, 198 insertions(+)
create mode 100755 contrib/ausysrulevalidate
diff --git a/contrib/ausysrulevalidate b/contrib/ausysrulevalidate
new file mode 100755
index 0000000..a251b2c
--- /dev/null
+++ b/contrib/ausysrulevalidate
@@ -0,0 +1,198 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+# ausysrulevalidate - A program that lets you validate the syscalls
+# in audit rules.
+# Copyright (c) 2021 Red Hat Inc., Durham, North Carolina.
+# All Rights Reserved.
+#
+# This software may be freely redistributed and/or modified under the
+# terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; see the file COPYING. If not, write to the
+# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
+# Boston, MA 02110-1335, USA.
+#
+# Authors:
+# Sergio Correia <scorreia@redhat.com>
+
+""" This program lets you validate syscalls in audit rules. """
+
+import argparse
+import os.path
+import sys
+
+import audit
+
+
+class AuSyscallRuleValidate:
+ """AuSyscallRuleValidate validates syscalls in audit rules."""
+
+ def __init__(self):
+ self.syscalls_table = {}
+ self.invalid_syscalls = {}
+ self.machines = {
+ "b32": audit.audit_determine_machine("b32"),
+ "b64": audit.audit_determine_machine("b64"),
+ }
+
+ if self.machines["b32"] == -1 or self.machines["b64"] == -1:
+ sys.stderr.write("ERROR: Unable to determine machine type\n")
+ sys.exit(1)
+
+ def validate_syscall(self, arch, syscall):
+ """Validates a single syscall."""
+
+ if syscall == "all":
+ return True
+
+ lookup = "{0}:{1}".format(arch, syscall)
+ if lookup in self.syscalls_table:
+ return self.syscalls_table[lookup]
+
+ ret = audit.audit_name_to_syscall(syscall, self.machines[arch])
+ self.syscalls_table[lookup] = ret != -1
+ if not self.syscalls_table[lookup]:
+ self.invalid_syscalls[lookup] = lookup
+
+ return self.syscalls_table[lookup]
+
+ def process_syscalls(self, arch, syscalls):
+ """Processes a group of syscalls, validating them individually."""
+
+ scalls = syscalls.split(",")
+ processed = []
+ for syscall in scalls:
+ if self.validate_syscall(arch, syscall):
+ processed.append(syscall)
+ return ",".join(processed)
+
+ def parse_line(self, line):
+ """Processes a single line from the audit rules file, and returns the
+ same line adjusted, if required, by removing invalid syscalls, or even
+ removing the rule altogether, if no valid syscall remain after
+ validation."""
+
+ if line.lstrip().startswith("#") or "-S" not in line:
+ return line
+
+ # We do have a rule specifying syscalls, so let's validate them.
+ tokens = line.split()
+ processed = []
+ is_syscall = False
+ arch = None
+
+ for val in tokens:
+ if not is_syscall:
+ processed.append(val)
+
+ if val.startswith("arch="):
+ archs = val.split("=")
+ if len(archs) == 2:
+ arch = val.split("=")[1]
+ if arch not in self.machines:
+ sys.stderr.write("ERROR: unexpected arch '{0}'\n".format(arch))
+ continue
+
+ if val == "-S":
+ is_syscall = True
+ continue
+
+ if is_syscall:
+ is_syscall = False
+ scalls = self.process_syscalls(arch, val)
+
+ if len(scalls) == 0:
+ processed = processed[:-1]
+ continue
+ processed.append(scalls)
+
+ if "-S" not in processed:
+ # Removing rule altogether, as we have no valid syscalls remaining.
+ return None
+ return " ".join(processed)
+
+ def process_rules(self, rules_file):
+ """Reads a file with audit rules and returns the rules after
+ validation of syscalls/architecture. Invalid syscalls will be removed
+ and, if there are no valid remaining syscalls, the rule itself is
+ removed."""
+
+ if not os.path.isfile(rules_file):
+ sys.stderr.write("ERROR: rules file '{0}' not found\n".format(rules_file))
+ sys.exit(1)
+
+ with open(rules_file) as rules:
+ content = rules.readlines()
+
+ processed = []
+ changed = False
+ for line in content:
+ validated = self.parse_line(line)
+ if validated is None:
+ changed = True
+ continue
+
+ if validated.rstrip("\r\n") != line.rstrip("\r\n"):
+ changed = True
+ processed.append(validated.rstrip("\r\n"))
+
+ invalid_syscalls = []
+ for invalid in self.invalid_syscalls:
+ invalid_syscalls.append(invalid)
+
+ return (processed, changed, invalid_syscalls)
+
+ def update_rules(self, rules_file):
+ """Reads a file with audit rules and updates it after validation of
+ syscalls/architecture. Invalid syscalls will be removed and, if
+ there are no valid remaining syscalls, the rule itself is removed."""
+
+ new_rules, changed, invalid_syscalls = self.process_rules(rules_file)
+ if changed:
+ with open(rules_file, "w") as rules:
+ for line in new_rules:
+ rules.write("{0}\n".format(line))
+
+ return (new_rules, changed, invalid_syscalls)
+
+
+if __name__ == "__main__":
+ parser = argparse.ArgumentParser(description="ausysrulevalidate")
+ parser.add_argument(
+ "-u", "--update", help="Update rules file if required", action="store_true"
+ )
+ parser.add_argument(
+ "-v", "--verbose", help="Show the resulting rules file", action="store_true"
+ )
+ required_named = parser.add_argument_group("required named arguments")
+ required_named.add_argument(
+ "-r", "--rules-file", help="Rules file name", required=True
+ )
+ args = parser.parse_args()
+
+ validator = AuSyscallRuleValidate()
+
+ action = validator.process_rules
+ if args.update:
+ action = validator.update_rules
+
+ data, changed, invalid = action(args.rules_file)
+ if changed:
+ verb = "require"
+ if args.update:
+ verb += "d"
+ sys.stderr.write("Rules in '{0}' {1} changes\n".format(args.rules_file, verb))
+ if len(invalid) > 0:
+ sys.stderr.write("Invalid syscalls: {0}\n".format(", ".join(invalid)))
+
+ if args.verbose:
+ print(*data, sep="\n")
--
2.31.1

View File

@ -1,25 +1,31 @@
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Summary: User space tools for kernel auditing Summary: User space tools for kernel auditing
Name: audit Name: audit
Version: 3.1.2 Version: 3.1.5
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://people.redhat.com/sgrubb/audit/ URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
BuildRequires: gcc swig make Patch1: 0001-Add-ausysrulevalidate.patch
BuildRequires: make gcc swig
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: krb5-devel libcap-ng-devel BuildRequires: krb5-devel libcap-ng-devel
BuildRequires: kernel-headers >= 2.6.29 BuildRequires: kernel-headers >= 2.6.29
BuildRequires: systemd BuildRequires: systemd
#BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires(post): systemd coreutils Requires(post): systemd coreutils
Requires(preun): systemd initscripts Requires(preun): systemd
Requires(postun): systemd coreutils initscripts Requires(postun): systemd coreutils
Recommends: initscripts-service
# Placing this here under the assumption that anything using the
# python libraries expects the system to have an audit daemon
Obsoletes: python2-audit < %{version}-%{release}
%description %description
The audit package contains the user space utilities for The audit package contains the user space utilities for
@ -31,7 +37,7 @@ Summary: Dynamic library for libaudit
License: LGPLv2+ License: LGPLv2+
%description libs %description libs
The audit-libs package contains the dynamic libraries needed for The audit-libs package contains the dynamic libraries needed for
applications to use the audit framework. applications to use the audit framework.
%package libs-devel %package libs-devel
@ -48,6 +54,7 @@ developing applications that need to use the audit framework libraries.
Summary: Python3 bindings for libaudit Summary: Python3 bindings for libaudit
License: LGPLv2+ License: LGPLv2+
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: make
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: audit-libs-python3 = %{version}-%{release} Provides: audit-libs-python3 = %{version}-%{release}
Provides: audit-libs-python3%{?_isa} = %{version}-%{release} Provides: audit-libs-python3%{?_isa} = %{version}-%{release}
@ -84,14 +91,19 @@ Management Facility) database, through an IBM Tivoli Directory Server
%prep %prep
%setup -q %setup -q
cp %{SOURCE1} . cp %{SOURCE1} .
#autoreconf -fv --install %patch -P 1 -p1
autoreconf -fv --install
# Remove the ids code, its not ready
sed -i 's/ ids / /' audisp/plugins/Makefile.in
%build %build
%configure --with-python=no \ %configure --with-python=no \
--with-python3=yes \ --with-python3=yes \
--enable-gssapi-krb5=yes --with-arm --with-aarch64 \ --enable-gssapi-krb5=yes --with-arm --with-aarch64 \
--with-libcap-ng=yes --without-golang --enable-zos-remote \ --with-libcap-ng=yes --enable-zos-remote --without-golang \
--enable-systemd --enable-systemd --enable-experimental --with-io_uring
make CFLAGS="%{optflags}" %{?_smp_mflags} make CFLAGS="%{optflags}" %{?_smp_mflags}
@ -102,14 +114,23 @@ mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
mkdir -p $RPM_BUILD_ROOT/%{_datadir}
make DESTDIR=$RPM_BUILD_ROOT install make DESTDIR=$RPM_BUILD_ROOT install
# Validate sample rules shipped.
for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do
PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \
%{_builddir}/%{name}-%{version}/contrib/ausysrulevalidate \
--update --rules-file "${r}"
done
# Remove these items so they don't get picked up. # Remove these items so they don't get picked up.
rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
find $RPM_BUILD_ROOT -name '*.la' -delete find $RPM_BUILD_ROOT -name '*.la' -delete
find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete || true find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
@ -121,27 +142,39 @@ make check
rm -f rules/Makefile* rm -f rules/Makefile*
%post %post
%systemd_post auditd.service
# Copy default rules into place on new installation # Copy default rules into place on new installation
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
if [ "$files" -eq 0 ] ; then if [ "$files" -eq 0 ] ; then
if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then
cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
else else
touch /etc/audit/rules.d/audit.rules touch /etc/audit/rules.d/audit.rules
fi fi
chmod 0600 /etc/audit/rules.d/audit.rules chmod 0600 /etc/audit/rules.d/audit.rules
fi
# If upgrading, restart the daemon if it's running
if [ $1 -eq 2 ]; then
state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
if [ $state = "active" ] ; then
auditctl --signal stop || true
systemctl start auditd
fi
# if installing, start it since preset says we should be running
elif [ $1 -eq 1 ]; then
systemctl start auditd
fi fi
%systemd_post auditd.service
%preun %preun
%systemd_preun auditd.service %systemd_preun auditd.service
# if uninstalling stop the daemon
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
/sbin/service auditd stop > /dev/null 2>&1 auditctl --signal stop || true
fi # also delete loaded rules if uninstalling
auditctl -D || true
%postun
if [ $1 -ge 1 ]; then
/sbin/service auditd condrestart > /dev/null 2>&1 || :
fi fi
%files libs %files libs
@ -206,7 +239,6 @@ fi
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
%attr(750,root,root) %{_libexecdir}/audit-functions
%ghost %{_localstatedir}/run/auditd.state %ghost %{_localstatedir}/run/auditd.state
%attr(-,root,-) %dir %{_var}/log/audit %attr(-,root,-) %dir %{_var}/log/audit
%attr(750,root,root) %dir /etc/audit %attr(750,root,root) %dir /etc/audit
@ -216,21 +248,24 @@ fi
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules %ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules %config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
%files -n audispd-plugins %files -n audispd-plugins
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf %config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
%attr(750,root,root) %{_sbindir}/audisp-remote %attr(750,root,root) %{_sbindir}/audisp-remote
%attr(750,root,root) %{_sbindir}/audisp-syslog %attr(750,root,root) %{_sbindir}/audisp-syslog
%attr(750,root,root) %{_sbindir}/audisp-af_unix %attr(750,root,root) %{_sbindir}/audisp-af_unix
%attr(750,root,root) %{_sbindir}/audisp-statsd
%attr(700,root,root) %dir %{_var}/spool/audit %attr(700,root,root) %dir %{_var}/spool/audit
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
%attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
%attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz
%files -n audispd-plugins-zos %files -n audispd-plugins-zos
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
@ -240,100 +275,205 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog %changelog
* Sat Oct 21 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-1 * Tue Jul 09 2024 Attila Lakatos <alakatos@redhat.com> - 3.1.5-1
- Rebase audit to latest upstream release - New upstream maintenance release, 3.1.4
Resolves: RHEL-15001 - Prevent scriplets from failing
- When upgrading, restart the daemon if it's running
- If uninstalling, stop the daemon
- auditctl: use pidfd_send_signal for signaling auditd
Resolves: RHEL-45865
- Minor doc update
Resolves: RHEL-5186
- augenrules: do not exit with failure if in immutable mode
Resolves: RHEL-40110
- auditd.service: Disable ProtectControlGroups
Resolves: RHEL-5197
- auditctl: correct output when displaying rules with exe/path/dir
Resolves: RHEL-40243
* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-5 * Wed Nov 08 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-2
- Remove %systemd_preun from %preun scriptlet, as it was causing troubles when removing audit
Related: RHEL-14896
* Fri Oct 27 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-1
- New upstream release, 3.1.2
Resolves: RHEL-14896
* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-104
- Introduce new fanotify record fields - Introduce new fanotify record fields
Resolves: rhbz#2216668 Resolves: rhbz#2216666
- invalid use of flexible array member
Resolves: rhbz#2116867
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-4 * Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
- Drop ProtectHome from auditd.service as it interferes with rules - Drop ProtectHome from auditd.service as it interferes with rules
Resolves: rhbz#2071727 - Default systemd service config blocks audit watch rules in some directories Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]
* Mon Mar 14 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-3 * Sun Mar 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-102
- Fix path normalization in auparse - Fix path normalization in auparse
Resolves: rhbz#2062612 - auparse missing information when used with --format-text Resolves: rhbz#2062824 - auparse missing information when used with --format-text
* Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-2 * Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101
- Adjust sample-rules dir permissions - Adjust sample-rules dir permissions
Resolves: rhbz#2054727 - /usr/share/audit/sample-rules is no longer readable by non-root users Resolves: rhbz#2054432 - /usr/share/audit/sample-rules is no longer readable by non-root users
* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-1 * Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-100
- New upstream release - 3.0.7 - New upstream release, 3.0.7
Related: rhbz#1939406 Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages
* Thu Jan 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.5-1 * Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-5
- Rebase audit package on 8.6 - auparse: refact nvlist cleanup code
Resolves: rhbz#1939406 Resolves: rhbz#2008965
Resolves: rhbz#1906065
Resolves: rhbz#1921447
Resolves: rhbz#1927884
Resolves: rhbz#1921658
* Wed Jan 08 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.17.20191104git1c2f876 * Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-4
resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates (bpf patch) - When interpreting, if val is NULL return an empty string
Resolves: rhbz#2004420
* Thu Nov 28 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.16.20191104git1c2f876 * Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-3
resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin - Update dependency to initscripts-service instead of initscripts
Resolves: rhbz#2000933
* Mon Nov 04 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.15.20191104git1c2f876 * Tue Aug 17 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-2
resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates - Fix timestamp parsing
resolves: rhbz#1767054 - move audit rules to shared data directory Related: rhbz#1938680
resolves: rhbz#1746018 - Breakup 30-ospp-v42.rules into more granular files
resolves: rhbz#1740798 - auditctl(8) needs clarification for backlog_limit
resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin
* Thu Jul 25 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.13.20190607gitf58ec40 * Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-1
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes - New upstream release, 3.0.5
Related: rhbz#1938680
* Sat Jul 13 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.12.20190607gitf58ec40 * Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-3
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes - Validates the sample rules we ship
Resolves: rhbz#1985630
* Mon Jun 10 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.11.20190607gitf58ec40 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-2
resolves: rhbz#1643567 - service auditd stop exits prematurely - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
resolves: rhbz#1693470 - libauparse memory leak Related: rhbz#1991688
resolves: rhbz#1694071 - ausearch doesn't record device/inode details checkpointing a single file
resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes
resolves: rhbz#1705894 - aureport aborts when using a specific input
resolves: rhbz#1706045 - RFE: Backport support for new audit record types
resolves: rhbz#1715852 - RFE: provide a way to filter on network address family
* Wed Jan 09 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.10.20180831git0047a6c * Tue Jun 22 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-1
resolves: rhbz#1655270] Message "audit: backlog limit exceeded" reported - New upstream release, 3.0.2.
- Fix annobin failure Fix issues detected by static analyzers
Resolves: rhbz#1938680
* Fri Dec 07 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.8.20180831git0047a6c * Mon Jun 21 2021 Sergio Correia <scorreia@redhat.com> - 3.0.1-4
resolves: rhbz#1639745 - build requires go-toolset-7 which is not available - Enable default RHEL configuration
resolves: rhbz#1643567 - service auditd stop exits prematurely This enables syscall auditing by default.
resolves: rhbz#1616428 - Update git snapshot of audit package Resolves: rhbz#1924561
- Remove static libs subpackage
* Fri Aug 31 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.5.20180831git0047a6c * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.1-3
resolves: rhbz#1616428 - Update git snapshot of audit package - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Feb 18 2021 Steve Grubb <sgrubb@redhat.com> 3.0.1-2
- Add patch fixing segafult in the audisp-statsd plugin
* Fri Feb 12 2021 Steve Grubb <sgrubb@redhat.com> 3.0.1-1
- New upstream feature and bugfix release
- Enable building the audisp-statsd plugin
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Dec 16 2020 Steve Grubb <sgrubb@redhat.com> 3.0-1
- New upstream feature and bugfix release
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.21.20191104git1c2f876
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.20.20191104git1c2f876
- Rebuilt for Python 3.9
* Thu Mar 12 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.19.20191104git1c2f876
- Add Obsolete python2-audit (#1783061)
* Wed Jan 29 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.18.20191104git1c2f876
- Fix multiple definition of `event_node_list' (#1794446)
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.17.20191104git1c2f876
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Nov 22 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.16.20191104git1c2f876
- Drop python2 subpackage (#1775076)
* Mon Nov 04 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.14.20191104git1c2f876
- New upstream git snapshot prerelease
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.14.20190507gitf58ec40
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.13.20190507gitf58ec40
- Rebuilt for Python 3.8
* Wed Jul 31 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.12.20190507gitf58ec40
- Fix 1734953 - audit: FTBFS in Fedora rawhide/f31
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.11.20190507gitf58ec40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 05 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.10.20190507gitf58ec40
- Add initscripts package to the requires (bz #1727058)
* Mon Jun 10 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.9.20190507gitf58ec40
- New upstream git snapshot prerelease which fixes several problems
- Fixed 1698130 - removing audit.rpm doesn't stop auditd
* Tue Mar 26 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.7.20190326git03e7489
- New upstream git snapshot prerelease which fixes a memory leak
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.6.20181218gitbdb72c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Dec 18 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.5.20181218gitbdb72c0
- New upstream git snapshot prerelease
- Remove historical ldconfig scriptlet (#1644056)
* Fri Aug 31 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.4.20180831git0047a6c
- New upstream feature prerelease
* Wed Aug 08 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.2.20180808git77fbcf3 * Wed Aug 08 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.2.20180808git77fbcf3
resolves: rhbz#1567357 New upstream feature prerelease - New upstream feature prerelease
* Tue Jul 17 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.1.20180717gitacd53d1 * Tue Jul 17 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.1.20180717gitacd53d1
- New upstream feature prerelease - New upstream feature prerelease
* Tue Jun 26 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-2 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-4
- Fix segfault on shutdown - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jul 4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.8.4-3
- Remove unused sys V initscripts legacy bits
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8.4-2
- Rebuilt for Python 3.7
* Tue Jun 19 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-1 * Tue Jun 19 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-1
- New upstream bugfix release - New upstream bugfix release
* Wed May 30 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-1 * Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8.3-4
- New upstream bugfix release - Rebuilt for Python 3.7
- Remove Python2 support
* Fri Apr 13 2018 Tom Stellard <tstellar@redhat.com> - 2.7.8-2 * Tue Apr 10 2018 Pete Walter <pwalter@fedoraproject.org> - 2.8.3-3
- Use go-toolset-7 instead of golang - Rename Python 2 and 3 subpackages to python2-audit and python3-audit as per guidelines
- Package now must be built with: rhpkg --release rhel-8.0-go-toolset
* Mon Mar 26 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-2
- Fix Obsoletion of audit-libs-python not handled properly (#1559674)
* Sat Mar 10 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-1
- New upstream bugfix release
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Feb 05 2018 Steve Grubb <sgrubb@redhat.com> 2.8.2-3
- Add a Provides audit-libs-python (#1537864)
- Remove tcp_wrappers support?
* Thu Dec 14 2017 Steve Grubb <sgrubb@redhat.com> 2.8.2-2
- Rename things from python to python2
* Thu Dec 14 2017 Steve Grubb <sgrubb@redhat.com> 2.8.2-1
- New upstream bugfix release
* Thu Oct 12 2017 Steve Grubb <sgrubb@redhat.com> 2.8.1-1
- New upstream bugfix release
* Tue Oct 10 2017 Steve Grubb <sgrubb@redhat.com> 2.8-1
- New upstream feature release
* Mon Sep 18 2017 Steve Grubb <sgrubb@redhat.com> 2.7.8-1 * Mon Sep 18 2017 Steve Grubb <sgrubb@redhat.com> 2.7.8-1
- New upstream bugfix release - New upstream bugfix release