diff --git a/.cvsignore b/.cvsignore index be24754..a2fd8d9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -62,3 +62,4 @@ setroubleshoot-2.2.47.tar.gz setroubleshoot-2.2.48.tar.gz setroubleshoot-2.2.50.tar.gz setroubleshoot-2.2.52.tar.gz +setroubleshoot-2.2.55.tar.gz diff --git a/setroubleshoot.spec b/setroubleshoot.spec index dbc660c..1ceee28 100644 --- a/setroubleshoot.spec +++ b/setroubleshoot.spec @@ -1,6 +1,6 @@ Summary: Helps troubleshoot SELinux problems Name: setroubleshoot -Version: 2.2.52 +Version: 2.2.55 Release: 1%{?dist} License: GPLv2+ Group: Applications/System @@ -40,9 +40,9 @@ BuildRequires: htmlview Requires: htmlview %endif -%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +%global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)") -%define pkgpythondir %{python_sitelib}/%{name} +%global pkgpythondir %{python_sitelib}/%{name} %define pkgdocdir %{_datadir}/doc/%{name}-%{version} %define pkgguidir %{_datadir}/%{name}/gui %define pkgdatadir %{_datadir}/%{name} @@ -51,7 +51,7 @@ Requires: htmlview %define pkgrundir %{_localstatedir}/run/%{name} %define pkgconfigdir %{_sysconfdir}/%{name} %define pkglogdir %{_localstatedir}/log/%{name} -%define pkgdatabase %{pkgvardatadir}/audit_listener_database.xml +%global pkgdatabase %{pkgvardatadir}/audit_listener_database.xml %description setroubleshoot gui. Application that allows you to view setroubleshoot-server @@ -164,6 +164,7 @@ rm -rf %{buildroot} %{_sbindir}/sedispatch %{_sbindir}/setroubleshootd %{python_sitelib}/sesearch*.egg-info +%{python_sitelib}/setroubleshoot*.egg-info %dir %attr(0755,root,root) %{pkgconfigdir} %dir %attr(0755,root,root) %{pkgpythondir} %dir %attr(0755,root,root) %{pkgpythondir}/sesearch @@ -187,6 +188,7 @@ rm -rf %{buildroot} %{pkgpythondir}/xml_serialize.py* %{pkgpythondir}/sesearch/__init__.py* %{pkgpythondir}/sesearch/_sesearch.so +%{pkgpythondir}/default_encoding_utf8.so %{pkgdatadir} %config %{pkgconfigdir}/%{name}.cfg %dir %{pkglogdir} @@ -209,9 +211,15 @@ Requires(pre): setroubleshoot = %{version}-%{release} Setroubleshoot documentation package %files doc +%defattr(-,root,root,-) %doc %{pkgdocdir} %changelog +* Thu Jan 13 2010 Dan Walsh - 2.2.55-2 +- Cleanup spec file +- Add default_encoding +- Fix wording in bug report window + * Thu Dec 3 2009 Dan Walsh - 2.2.52-1 - Fix ignore button - Add delete button @@ -266,9 +274,9 @@ Setroubleshoot documentation package * Thu Oct 1 2009 Dan Walsh - 2.2.35-1 - Fix translations, plurals and glade - - Update Po - - Fix plural form - - Add support for Green Plugins + - Update Po + - Fix plural form + - Add support for Green Plugins * Mon Sep 28 2009 Dan Walsh - 2.2.33-1 - Fix translations, plurals and glade @@ -320,8 +328,8 @@ Setroubleshoot documentation package * Tue Aug 18 2009 Dan Walsh - 2.2.20-1 -Update to upstream - 2009-8-18 Thomas Liu - - Added check for new policy. + - 2009-8-18 Thomas Liu + - Added check for new policy. * Tue Aug 18 2009 Dan Walsh - 2.2.19-1 - Default syscall field in audit_data @@ -348,14 +356,14 @@ Setroubleshoot documentation package * Mon Jul 15 2009 Dan Walsh - 2.2.14-1 - Update to upstream 2009-7-15 Dan Walsh - - Fix handling of syscall record a1 field - - Translate "/" to mountpoint when returned by kernel + - Fix handling of syscall record a1 field + - Translate "/" to mountpoint when returned by kernel * Mon Jul 7 2009 Dan Walsh - 2.2.13-1 - Update to upstream 2009-7-07 Thomas Liu - - Fixed detail doc not clearing when deleting all alerts - - Hid notify check when deleting all alerts. + - Fixed detail doc not clearing when deleting all alerts + - Hid notify check when deleting all alerts. * Wed Jul 1 2009 Dan Walsh - 2.2.12-1 - Fix locate code to use os.lstat @@ -363,17 +371,17 @@ Setroubleshoot documentation package * Wed Jul 1 2009 Dan Walsh - 2.2.11-1 - Update to upstream 2009-7-01 Thomas Liu - - Fixed browser behavior when there are no alerts - - Fixed seapplet behavior when there are no alerts - - Made delete all button delete alerts on server side and on local side + - Fixed browser behavior when there are no alerts + - Fixed seapplet behavior when there are no alerts + - Made delete all button delete alerts on server side and on local side * Mon Jun 29 2009 Dan Walsh - 2.2.10-1 - - Add open access to audit_data.py define statements +- Add open access to audit_data.py define statements * Fri Jun 26 2009 Dan Walsh - 2.2.9-1 - Update to upstream 2009-6-25 Thomas Liu - - Added a "Copy to Clipboard" button to the browser GUI. + - Added a "Copy to Clipboard" button to the browser GUI. * Wed Jun 24 2009 Dan Walsh - 2.2.8-1 - Add sesearch @@ -385,7 +393,7 @@ Setroubleshoot documentation package * Thu Jun 18 2009 Dan Walsh - 2.2.1-1 - Update to upstream * Thomas Liu - Bug fixes to GUI, added Delete All Alerts menu item. + Bug fixes to GUI, added Delete All Alerts menu item. * Tue Jun 16 2009 Dan Walsh - 2.2.1-1 - Update to upstream @@ -482,849 +490,849 @@ Setroubleshoot documentation package - Resolve bug #431380: prevent notify popups while setroubleshoot is open * Wed Feb 6 2008 John Dennis - 2.0.5-1 - - allow sealert -l lookup to accept * wildcard - - add a few more audit fields needing special decode handling +- allow sealert -l lookup to accept * wildcard +- add a few more audit fields needing special decode handling * Thu Jan 31 2008 - 2.0.4-1 - - Resolve bug #430421: audit_listener_database.xml:3029: parser error in xmlParseDoc() - rewrite the audit_msg_decode logic to beaware of specific audit fields - - add new template substitution $SOURCE, a friendly name, $SOURCE_PATH still exists - and is the full path name of $SOURCE, also add 'source' attribute in AVC class, - fix how source and source_path are computed from audit's comm and exe fields - - fix the computation of tpath to also look at the audit name field, formerly - it had only been looking at path, fixes showing up for many targets - - add exception handling around xml file writes (Alan Cox reports problem when /var is full) - - add testing documentation - - Resolve bug #430845: obsolete URL in setroubleshoot package description - - Resolve bug #428960: Permissive message makes no sense. - - init script now allows extra test options - - show_browser() now opens and raises the window (e.g. presents) rather than just - assuring it's realized (e.g. iconified, or hidden) - - sealert -l message in syslog converts from html before writing to syslog - - Resolve bug #320881: export setroubleshoot_selinux_symposium in PDF format - - add code to verify all async rpc's have been cleared from the async rpc cache - - add code to set a default rpc method return if the interface does not define a callback - (methods which did not have a callback were not returning anything and hence were not - getting cleared from the cache) +- Resolve bug #430421: audit_listener_database.xml:3029: parser error in xmlParseDoc() + rewrite the audit_msg_decode logic to beaware of specific audit fields +- add new template substitution $SOURCE, a friendly name, $SOURCE_PATH still exists + and is the full path name of $SOURCE, also add 'source' attribute in AVC class, + fix how source and source_path are computed from audit's comm and exe fields +- fix the computation of tpath to also look at the audit name field, formerly + it had only been looking at path, fixes showing up for many targets +- add exception handling around xml file writes (Alan Cox reports problem when /var is full) +- add testing documentation +- Resolve bug #430845: obsolete URL in setroubleshoot package description +- Resolve bug #428960: Permissive message makes no sense. +- init script now allows extra test options +- show_browser() now opens and raises the window (e.g. presents) rather than just + assuring it's realized (e.g. iconified, or hidden) +- sealert -l message in syslog converts from html before writing to syslog +- Resolve bug #320881: export setroubleshoot_selinux_symposium in PDF format +- add code to verify all async rpc's have been cleared from the async rpc cache +- add code to set a default rpc method return if the interface does not define a callbak + (methods which did not have a callback were not returning anything and hence were no + getting cleared from the cache) * Fri Jan 11 2008 - 2.0.2-1 - - Resolve bug #428252: Problem with update/remove old version - - Add code to validate xml database version, if file is incompatible it is not read, - the next time the database is written it will be in the new version format. - This means the database contents are not preserved across database version upgrades. - - Remove postun trigger from spec file used to clear database between incompatible versions - the new database version check during database read will handle this instead - - bullet proof exit status in init script and rpm scriptlets - - Resolve bug #247302: setroubleshoot's autostart .desktop file fails to start under a KDE session - - Resolve bug #376041: Cannot check setroubleshoot service status as non-root - - Resolve bug #332281: remove obsolete translation - - Resolve bug #344331: No description in gnome-session-properties - - Resolve bug #358581: missing libuser-python dependency - - Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin - - Resolve bug #427260: German Translation - - enhance the sealert man page +- Resolve bug #428252: Problem with update/remove old version +- Add code to validate xml database version, if file is incompatible it is not read, + the next time the database is written it will be in the new version format. + This means the database contents are not preserved across database version upgrades. +- Remove postun trigger from spec file used to clear database between incompatible versions + the new database version check during database read will handle this instead +- bullet proof exit status in init script and rpm scriptlets +- Resolve bug #247302: setroubleshoot's autostart .desktop file fails to start under a KDE session +- Resolve bug #376041: Cannot check setroubleshoot service status as non-root +- Resolve bug #332281: remove obsolete translation +- Resolve bug #344331: No description in gnome-session-properties +- Resolve bug #358581: missing libuser-python dependency +- Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin +- Resolve bug #427260: German Translation +- enhance the sealert man page * Fri Jan 4 2008 - 2.0.1-1 - - make connection error message persist instead of timeout in browser - - updated Brazilian Portuguese translation: Igor Pires Soares - - implement uid,username checks - - rpc methods now check for authenticated state - - fix html handling of summary string - - add 'named' messages to status bar, make sure all messages either timeout or are named - - fix ordering of menus, resolves bug #427418 - - add 'hide quiet' to browser view filtering, resolves bug #427421 - - tweak siginfo text formatting - - add logon to SECommandLine so that sealert -l works - +- make connection error message persist instead of timeout in browser +- updated Brazilian Portuguese translation: Igor Pires Soares +- implement uid,username checks +- rpc methods now check for authenticated state +- fix html handling of summary string +- add 'named' messages to status bar, make sure all messages either timeout or are named +- fix ordering of menus, resolves bug #427418 +- add 'hide quiet' to browser view filtering, resolves bug #427421 +- tweak siginfo text formatting +- add logon to SECommandLine so that sealert -l works + * Fri Dec 28 2007 - 2.0.0-1 - - prepare for v2 test release - - Completed most work for version 2 of setroubleshoot, prepare for test release - - import Dan's changes from the mainline - primarily allow_postfix_local_write_mail_spool plugin - - escape html, fix siginfo.format_html(), siginfo.format_text() - - add async-error signal - - change identity to just username - - make sure set_filter user validation works and reports error in browser - - fix generation of line numbers and host when connected to audispd - - add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode - - resolves bug #244345: avc path information incomplete - - get the uid,gid when a client connects to the server - - set_filter now verifies the filter is owned by the user, - - resolves bug #288261: setroubleshoot lack of user authentication - - remove filter options which weren't being used - - change '@' in audit data hostname to '.' - - remove restart dialog - resolves bug #321171: sealert's dialog after update is higly confusing - - fix rpc xml arg - - fix handling of host value - - tweak what fields are in signature - - move data items which had been in 'avc' object into siginfo - - clean up siginfo format - - large parts of new audit data pipeline working, checkpoint - - fix duplicate xml nodes when generating xml tree - - audit event can now be xml serialized - - switch from using int's for audit record types to strings - - avoid conversion headaches and possibilty of not being - able to convert a new unknown type - - add logic to allow XmlSerialize to be subclassed and init_from_xml_node to be overridden - - add support to xml serialize classes AuditEventID, AuditEvent, AuditRecord - - use metaclass for xml class init - - start adding xml support to audit data classes - - Use metaclass to wrap class init - - move xml serialization code from signature.py to xml_serialize.py - - simplify aspect of the serialization code - - add unstructured xml mapping, each xml element name has its content mapped to obj.name - - modify xml serialization to be driven by xml contents - - general clean up - - checkpoint conversion of serialization to use metaclasses - - clean up class/data specifications for XmlSerializable - - add support for client rpc testing - - add changelog entry - - add SubProcess class to setroubleshootd in preparation to - - run daemon as subprocess so we can gather results and - compare them to the expected data we sent - - rewrite all plugins to use new v2 audit data - - add SubProcess class to setroubleshootd in preparation to +- prepare for v2 test release +- Completed most work for version 2 of setroubleshoot, prepare for test release +- import Dan's changes from the mainline + primarily allow_postfix_local_write_mail_spool plugin +- escape html, fix siginfo.format_html(), siginfo.format_text() +- add async-error signal +- change identity to just username +- make sure set_filter user validation works and reports error in browser +- fix generation of line numbers and host when connected to audispd +- add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode +- resolves bug #244345: avc path information incomplete +- get the uid,gid when a client connects to the server +- set_filter now verifies the filter is owned by the user, +- resolves bug #288261: setroubleshoot lack of user authentication +- remove filter options which weren't being used +- change '@' in audit data hostname to '.' +- remove restart dialog + resolves bug #321171: sealert's dialog after update is higly confusing +- fix rpc xml arg +- fix handling of host value +- tweak what fields are in signature +- move data items which had been in 'avc' object into siginfo +- clean up siginfo format +- large parts of new audit data pipeline working, checkpoint +- fix duplicate xml nodes when generating xml tree +- audit event can now be xml serialized +- switch from using int's for audit record types to strings +- avoid conversion headaches and possibilty of not being + able to convert a new unknown type +- add logic to allow XmlSerialize to be subclassed and init_from_xml_node to be overridden +- add support to xml serialize classes AuditEventID, AuditEvent, AuditRecord +- use metaclass for xml class init +- start adding xml support to audit data classes +- Use metaclass to wrap class init +- move xml serialization code from signature.py to xml_serialize.py +- simplify aspect of the serialization code +- add unstructured xml mapping, each xml element name has its content mapped to obj.name +- modify xml serialization to be driven by xml contents +- general clean up +- checkpoint conversion of serialization to use metaclasses +- clean up class/data specifications for XmlSerializable +- add support for client rpc testing +- add changelog entry +- add SubProcess class to setroubleshootd in preparation to +- run daemon as subprocess so we can gather results and + compare them to the expected data we sent +- rewrite all plugins to use new v2 audit data +- add SubProcess class to setroubleshootd in preparation to run daemon as subprocess so we can gather results and compare them to the expected data we sent - - add new test support: add config section 'test', add boolean 'analyze' to - config test section, add class TestPluginReportReceiver which is installed - if test.analyze is True, it prints analysis report. In test_setroubleshootd - send AUDIT_EOE to assure sequential event processing so analysis results - have same ordering as events that are sent by test_setroubleshootd - - alert signatures now include host information, alerts will be grouped by host +- add new test support: add config section 'test', add boolean 'analyze' to + config test section, add class TestPluginReportReceiver which is installed + if test.analyze is True, it prints analysis report. In test_setroubleshootd + send AUDIT_EOE to assure sequential event processing so analysis results + have same ordering as events that are sent by test_setroubleshootd +- alert signatures now include host information, alerts will be grouped by host * Tue Oct 2 2007 John Dennis - 1.10.7-1 - - Fix spec file requires for opening an HTML page - In configure.ac search for xdg-open and htmlview in priority order, - set variable html_browser_open to the one found, in spec file require - xdg-utils for fedora and htmlview for RHEL. +- Fix spec file requires for opening an HTML page + In configure.ac search for xdg-open and htmlview in priority order, + set variable html_browser_open to the one found, in spec file require + xdg-utils for fedora and htmlview for RHEL. - - add "Host" column in browser - add "Toggle Column Visibility" menu to toggle display of any column on/off +- add "Host" column in browser + add "Toggle Column Visibility" menu to toggle display of any column on/off - - Resolves bug #310261: setroubleshoot notifications aren't throttled +- Resolves bug #310261: setroubleshoot notifications aren't throttled - - add support for AUDIT_EOE, end-of-event, if AUDIT_EOE immediately - emit cached event. Disable timeouts used to flush events if - AUDIT_EOE has been seen. - +- add support for AUDIT_EOE, end-of-event, if AUDIT_EOE immediately + emit cached event. Disable timeouts used to flush events if + AUDIT_EOE has been seen. + * Wed Sep 26 2007 John Dennis - 1.10.6-1 - - make selinx-policy requires in spec file specific to dist tag +- make selinx-policy requires in spec file specific to dist tag * Mon Sep 24 2007 John Dennis - 1.10.5-1 - - update code for command line log file scanning to work with - new log file scanning code introduced for the browser. +- update code for command line log file scanning to work with + new log file scanning code introduced for the browser. - - update Bulgarian translation (Doncho N. Gunchev (gunchev@gmail.com)) +- update Bulgarian translation (Doncho N. Gunchev (gunchev@gmail.com)) - - update Polish translation (Piotr Drąg (raven@pmail.pl)) +- update Polish translation (Piotr Drąg (raven@pmail.pl)) - - Resolves bug #239893: sealert wakes up very often - This was caused by the use of threads and pygtk's thread signal - handling. The only use of threads in sealert was for log file - scanning so that the UI would remain responsive during a - scan. Threads in sealert have now been completely - removed. Instead the scanning work is performed in a gobject idle - function called from the main loop. The idle function is written - as a python generator function which allows for the function to - perform a small amount of work, save it's execution state and - return. The next time the idle function is called from the main - loop it resumes execution from it's last state until it decides - to yield control again. This way the long running scan/analysis - can be performed in small successive units of work during the - time the application is otherwise idle and it does not interfere - with the rest of the GUI event processing. Everything now occurs - in an event loop, think of it as the applications process/thread - scheduler whose event handlers execute time slices. +- Resolves bug #239893: sealert wakes up very often + This was caused by the use of threads and pygtk's thread signal + handling. The only use of threads in sealert was for log file + scanning so that the UI would remain responsive during a + scan. Threads in sealert have now been completely + removed. Instead the scanning work is performed in a gobject idle + function called from the main loop. The idle function is written + as a python generator function which allows for the function to + perform a small amount of work, save it's execution state and + return. The next time the idle function is called from the main + loop it resumes execution from it's last state until it decides + to yield control again. This way the long running scan/analysis + can be performed in small successive units of work during the + time the application is otherwise idle and it does not interfere + with the rest of the GUI event processing. Everything now occurs + in an event loop, think of it as the applications process/thread + scheduler whose event handlers execute time slices. - - rewrote parts of the audit input pipeline to use generators - instead of callbacks, thus permitting the logfile scanning code - to yield control with more granularity. Also updated - test_setroubleshootd and audisp_listen to use the new - generator/yield logic. +- rewrote parts of the audit input pipeline to use generators + instead of callbacks, thus permitting the logfile scanning code + to yield control with more granularity. Also updated + test_setroubleshootd and audisp_listen to use the new + generator/yield logic. - - rewrote the dialog used for scanning log files, progress bar - updates are now in the dialog, the scan can be terminated part - way through, errors from the scan are reported in pop-up dialog, - one can only dismiss the dialog with success if the scan had - been successfully run to completion, otherwise the user is only - left with the option to cancel. +- rewrote the dialog used for scanning log files, progress bar + updates are now in the dialog, the scan can be terminated part + way through, errors from the scan are reported in pop-up dialog, + one can only dismiss the dialog with success if the scan had + been successfully run to completion, otherwise the user is only + left with the option to cancel. - - Relates bug #252035 bug #247469, setroubleshootd and sealert should - exit if SELinux is disabled. +- Relates bug #252035 bug #247469, setroubleshootd and sealert should + exit if SELinux is disabled. - - add utility functions escape_html() and unescape_html() +- add utility functions escape_html() and unescape_html() - - fix initial sort order in browser, track sort order in browser +- fix initial sort order in browser, track sort order in browser - - modify AVC.get_path() to only return a value if the 'path' field is - set, formerly it also considered the fields 'name' & 'file' which were - incorrect. get_path() now also looks to see if the string begins with a - slash for a fully qualified path, if not it looks to see if its a - pseudo path such as 'pipe[12345]' or 'socket[12345]' and if so strips out - the instance information inside the brackets and returns just the type of - the pseudo path. This is done because we do not want path information - in the signature to be unique for each instance of the denial. +- modify AVC.get_path() to only return a value if the 'path' field is + set, formerly it also considered the fields 'name' & 'file' which were + incorrect. get_path() now also looks to see if the string begins with a + slash for a fully qualified path, if not it looks to see if its a + pseudo path such as 'pipe[12345]' or 'socket[12345]' and if so strips out + the instance information inside the brackets and returns just the type of + the pseudo path. This is done because we do not want path information + in the signature to be unique for each instance of the denial. - - modify the TimeStamp class to hide it's internal datetime member, - remove the cmp() method, the internal __cmp__ will be automatically invoked. +- modify the TimeStamp class to hide it's internal datetime member, + remove the cmp() method, the internal __cmp__ will be automatically invoked. - - require selinux policy version in spec file to allow system dbus use - - - Resolves bug #256601: audit2allow generates incorrect syntax when comma "," in - denied list +- require selinux policy version in spec file to allow system dbus use + +- Resolves bug #256601: audit2allow generates incorrect syntax when comma "," in + denied list - - update po i18n files +- update po i18n files - - Add support for pruning database by age and size +- Add support for pruning database by age and size * Sat Sep 8 2007 John Dennis - 1.10.4-1 - - fix init script +- fix init script * Sat Sep 8 2007 John Dennis - 1.10.3-1 - - modify avc_audit.py to use new audit_data.py implementation +- modify avc_audit.py to use new audit_data.py implementation - - can listen for audit events on either /var/run/audit_events - in bindary protocol mode or /var/run/audisp_events in - text protocol mode +- can listen for audit events on either /var/run/audit_events + in bindary protocol mode or /var/run/audisp_events in + text protocol mode * Thu Sep 6 2007 John Dennis - 1.10.2-1 - - remove all copied code from test_setroubleshootd, now we import - from setroubleshoot - - - export ClientConnectionHandler from rpc.py as a base class. - Derive SetroubleshootdClientConnectionHandler and - AuditClientConnectionHandler from ClientConnectionHandler. +- remove all copied code from test_setroubleshootd, now we import + from setroubleshoot + +- export ClientConnectionHandler from rpc.py as a base class. + Derive SetroubleshootdClientConnectionHandler and + AuditClientConnectionHandler from ClientConnectionHandler. - - add audisp_listen as test program +- add audisp_listen as test program - - create setroubleshoot sym link in top devel directory pointing - to src so import setroubleshoot.foo if PYTHONPATH=topdir +- create setroubleshoot sym link in top devel directory pointing + to src so import setroubleshoot.foo if PYTHONPATH=topdir - - add get_option, convert_cfg_type to config.py.in so that one - can pass optional dict to override config file settings +- add get_option, convert_cfg_type to config.py.in so that one + can pass optional dict to override config file settings - - rewrite log_init() so it's easier for other programs to use it, - fix the import logic concering log & config +- rewrite log_init() so it's easier for other programs to use it, + fix the import logic concering log & config - - remove log code from test_setroubleshoot, now just does import - from setroubleshoot. - - - test_setroubleshootd can now handle audit records in both text - and binary formats, can be selected by command line arg. It can now - either output to clients connecting on a socket or to stdout. Can - now optionally exit after N socket client connections. +- remove log code from test_setroubleshoot, now just does import + from setroubleshoot. + +- test_setroubleshootd can now handle audit records in both text + and binary formats, can be selected by command line arg. It can now + either output to clients connecting on a socket or to stdout. Can + now optionally exit after N socket client connections. - - remove non audit record lines from test data +- remove non audit record lines from test data - - remove config_init() and log_init() from package __init__.py - It was the wrong place to call them, now call them when the - process initializes before the first setroubleshoot imports +- remove config_init() and log_init() from package __init__.py + It was the wrong place to call them, now call them when the + process initializes before the first setroubleshoot imports - - add parse_config_setting() and set_config() to config module - - setroubleshootd now accepts -c --config command line arg - - test_sectroubleshoot: add err defines & program_error exception - add is_valid() tests to assure we read a valid audit record - log the unrecognized line if not valid, clean up socket close() +- add parse_config_setting() and set_config() to config module +- setroubleshootd now accepts -c --config command line arg +- test_sectroubleshoot: add err defines & program_error exception + add is_valid() tests to assure we read a valid audit record + log the unrecognized line if not valid, clean up socket close() - - Relates Bug #247056, update initscript to LSB standards - Note: LSB initscripts in Fedora is not yet a resolved issue, - the changes implemented were to add an LSB block and support - the new LSB try-restart and force-reload commands. However - the new /lib/lsb/init-functions are NOT currently used as this - is the unstable part. +- Relates Bug #247056, update initscript to LSB standards + Note: LSB initscripts in Fedora is not yet a resolved issue, + the changes implemented were to add an LSB block and support + the new LSB try-restart and force-reload commands. However + the new /lib/lsb/init-functions are NOT currently used as this + is the unstable part. * Thu Aug 23 2007 John Dennis - 1.10.1-1 - - add BuildRequires perl-XML-Parser +- add BuildRequires perl-XML-Parser * Thu Aug 23 2007 John Dennis - 1.10.0-1 - - move all plugins and their translations to independent package - - wrap XML generation inside try/except - - correct how access list is obtained in avc_auparse.py - - add try/except around top level of AnalyzeThread.run so exceptions - in the thread get reported and the analysis thread does not just die. - - also add try/except around LogfileThread.process_logfile - - add new function assure_file_ownership_permissions() - - server now forces it's database file permissions/ownership to be 0600 root:root - - rpm now forces the server's database file permissions/ownership to be 0600 root:root - - Resolves Bug #251545: Review Request: setroubleshoot-plugins - analysis plugins for setroubleshoot - - clean up some other rpmlint warnings in setroubleshoot.spec - - fix missing install of setroubleshoot icon and sym link to it - - Resolves Bug #251551, setroubleshoot shows up in in wrong desktop menu - also run desktop-file-install in rpm install - - add /etc/dbus-1/system.d/setroubleshootd.conf dbus configuration file - - Resolves Bug #250979, Bug #250932 Missing dependencies - - Restore plugins/Makefile.am which got nuked somehow - - remove dus.dbus_bindings.bus_name_has_owner(), deprecated as of F7 - - wrap rpm transactions in try/except +- move all plugins and their translations to independent package +- wrap XML generation inside try/except +- correct how access list is obtained in avc_auparse.py +- add try/except around top level of AnalyzeThread.run so exceptions + in the thread get reported and the analysis thread does not just die. +- also add try/except around LogfileThread.process_logfile +- add new function assure_file_ownership_permissions() +- server now forces it's database file permissions/ownership to be 0600 root:root +- rpm now forces the server's database file permissions/ownership to be 0600 root:root +- Resolves Bug #251545: Review Request: setroubleshoot-plugins - analysis plugins for setroubleshoot +- clean up some other rpmlint warnings in setroubleshoot.spec +- fix missing install of setroubleshoot icon and sym link to it +- Resolves Bug #251551, setroubleshoot shows up in in wrong desktop menu + also run desktop-file-install in rpm install +- add /etc/dbus-1/system.d/setroubleshootd.conf dbus configuration file +- Resolves Bug #250979, Bug #250932 Missing dependencies +- Restore plugins/Makefile.am which got nuked somehow +- remove dus.dbus_bindings.bus_name_has_owner(), deprecated as of F7 +- wrap rpm transactions in try/except * Tue Jun 12 2007 John Dennis - 1.9.7-1 - - Resolves Bug# 241739, this bug is the lead bug for several bug reports, - all consequences of the same problem, setroubleshootd/sealert when run - in a non latin language environment because of incompatibilities in - i18n encoding between components. +- Resolves Bug# 241739, this bug is the lead bug for several bug reports, + all consequences of the same problem, setroubleshootd/sealert when run + in a non latin language environment because of incompatibilities in + i18n encoding between components. * Wed May 30 2007 John Dennis - 1.9.6-1 - - add avc_auparse.py, now has option to use audit parsing library instead of - built-in audit parsing. - - fix bug in log file scanning and detail display update - - Resolves Bug# 238516, python pkg directory not owned +- add avc_auparse.py, now has option to use audit parsing library instead of + built-in audit parsing. +- fix bug in log file scanning and detail display update +- Resolves Bug# 238516, python pkg directory not owned * Wed Apr 25 2007 Dan Walsh - 1.9.5-1 - - Update translations - - Fix mislabeled file +- Update translations +- Fix mislabeled file * Mon Mar 19 2007 Dan Walsh - 1.9.4-1 - - Remove disable_trans boolean - - Check for paths in filesystem before suggesting chcon -R - - Remove default to listen on local ports +- Remove disable_trans boolean +- Check for paths in filesystem before suggesting chcon -R +- Remove default to listen on local ports * Mon Mar 5 2007 John Dennis - 1.9.3-1 - - install icon in /usr/share/icons, refer to icon by name using standard API - - Fix performance problems in setroubleshoot browser log file scanning - - Significant rewrite of data/view management code in setroubleshoot - browser. data and view now cleanly separated, can easily switch - between data views while maintaining selections, view state, with - proper update of status information in status area - - Resolves Bug# 227806: right click context menu resets selection - - Logfile scans now operate in independent thread, proper asynchronous - updates of browser during scan, browser used to appear to hang - - Resolves Bug# 224340: Rewrite Menu/Toobar/Popup to use UIManger instead of glade - - Add toobar support - - Implement GUI to edit email recipient list in setroubleshoot browser - - Added user help to setroubleshoot browser - - Related Bug# 224343: Fix setroubleshoot browser to respond to desktop theme changes - - improve traceback error reporting in sealert - - rewrite AboutDialog, replacing glade version - - Resolves bug #229849 Bug# 230115, Relates bug #221850: fix uuid code to resolve - '_uuid_generate_random' is not defined error - +- install icon in /usr/share/icons, refer to icon by name using standard API +- Fix performance problems in setroubleshoot browser log file scanning +- Significant rewrite of data/view management code in setroubleshoot + browser. data and view now cleanly separated, can easily switch + between data views while maintaining selections, view state, with + proper update of status information in status area +- Resolves Bug# 227806: right click context menu resets selection +- Logfile scans now operate in independent thread, proper asynchronous + updates of browser during scan, browser used to appear to hang +- Resolves Bug# 224340: Rewrite Menu/Toobar/Popup to use UIManger instead of glade +- Add toobar support +- Implement GUI to edit email recipient list in setroubleshoot browser +- Added user help to setroubleshoot browser +- Related Bug# 224343: Fix setroubleshoot browser to respond to desktop theme changes +- improve traceback error reporting in sealert +- rewrite AboutDialog, replacing glade version +- Resolves bug #229849 Bug# 230115, Relates bug #221850: fix uuid code to resolve + '_uuid_generate_random' is not defined error + * Thu Feb 22 2007 Dan Walsh - 1.9.2-1 - - Suck in AuditMsg since audit libs are dropping support +- Suck in AuditMsg since audit libs are dropping support * Fri Feb 16 2007 Dan Walsh - 1.9.1-1 - - Split into server and gui packages +- Split into server and gui packages * Fri Feb 16 2007 Dan Walsh - 1.8.19-1 - - Remove use of ctypes in uuid, which is causing bad avc messages +- Remove use of ctypes in uuid, which is causing bad avc messages * Fri Feb 9 2007 Dan Walsh - 1.8.18-1 - - Remove avc from Plugin.py +- Remove avc from Plugin.py * Wed Feb 7 2007 Dan Walsh - 1.8.17-1 - - Remove tempfile handling in util.py. Causes lots of avc's and is not used +- Remove tempfile handling in util.py. Causes lots of avc's and is not used * Fri Feb 2 2007 John Dennis - 1.8.16-1 [John Dennis ] - - Resolves: Bug# 224343 sealert's "Aditional Info:" text should be in white box - - Resolves: Bug# 224336 sealert should have GtkRadioButtons in menu View - - Related: bug #224351 - Rewrite parts of logging support to better support changing output - categories, output destinations. Now -v -V verbose works in sealert. - - Resolves bug# 225161, granted AVC's incorrectly identified as a denial - - add alert count to status bar - - add "Help" command to Help menu, opens web browser on wiki User FAQ +- Resolves: Bug# 224343 sealert's "Aditional Info:" text should be in white box +- Resolves: Bug# 224336 sealert should have GtkRadioButtons in menu View +- Related: bug #224351 + Rewrite parts of logging support to better support changing output + categories, output destinations. Now -v -V verbose works in sealert. +- Resolves bug# 225161, granted AVC's incorrectly identified as a denial +- add alert count to status bar +- add "Help" command to Help menu, opens web browser on wiki User FAQ [Dan Walsh ] - - Make setroubleshoot.logrotate correctly +- Make setroubleshoot.logrotate correctly * Fri Jan 12 2007 Dan Walsh - 1.8.15-1 - - Update po - - Additional Plugins - - Cleanup Plugins +- Update po +- Additional Plugins +- Cleanup Plugins * Thu Jan 11 2007 John Dennis - 1.8.14-1 - - Resolves: bug# 221850 - plugin module loading was failing in python 2.5 with the message - "SystemError: Parent module 'plugins' not loaded". This is due to a - change in behavior between python 2.4 and 2.5, in python 2.4 the lack - of a parent module was silently ignored. The fix is to load - plugins.__init__ first. - +- Resolves: bug# 221850 + plugin module loading was failing in python 2.5 with the message + "SystemError: Parent module 'plugins' not loaded". This is due to a + change in behavior between python 2.4 and 2.5, in python 2.4 the lack + of a parent module was silently ignored. The fix is to load + plugins.__init__ first. + * Sat Jan 6 2007 John Dennis - 1.8.13-1 - - update translations +- update translations - - change SETroubleshootDatabase so it is optional if it's backed - by a file, this fixes the problem of us littering temporary files - when scanning logfiles which does not require persistence. +- change SETroubleshootDatabase so it is optional if it's backed + by a file, this fixes the problem of us littering temporary files + when scanning logfiles which does not require persistence. - - disable the view logfile menu item if no logfile has been opened +- disable the view logfile menu item if no logfile has been opened - - fix redundant log messages for case where there is no log file and - the console flag is set. When there is no log file the logging - module opens a console stream, thus the console stream produced - by the console flag was redundant. +- fix redundant log messages for case where there is no log file and + the console flag is set. When there is no log file the logging + module opens a console stream, thus the console stream produced + by the console flag was redundant. - - add username and password command line arguments - rework startup logic so that all command line args are processed - before we do any real work - - - rework the email preferences so that each email address can - have a filter type associated with it. +- add username and password command line arguments + rework startup logic so that all command line args are processed + before we do any real work + +- rework the email preferences so that each email address can + have a filter type associated with it. - add a new filter_type "Ignore After First Alert" which filters - after the first alert has been delivered + add a new filter_type "Ignore After First Alert" which filters + after the first alert has been delivered - - add UI for setting the email addresses alerts are sent to. - Add menu item to edit email list, add email list dialog. - Remove 'recipient' config file entry, now list is stored - in seperate file. Add rpc to query and set the email list, - the GUI calls this to get the current list from the server - and set it in the server, it is the server which reads and - writes the file. Add 'enable' flag to each email entry. - Modify how the server iterates over the email list when it - receives an alert. When marking an alert as having been sent - the username is the email address but with 'email:' prepended so - as not to collide with non-email filtering options for the same user. +- add UI for setting the email addresses alerts are sent to. + Add menu item to edit email list, add email list dialog. + Remove 'recipient' config file entry, now list is stored + in seperate file. Add rpc to query and set the email list, + the GUI calls this to get the current list from the server + and set it in the server, it is the server which reads and + writes the file. Add 'enable' flag to each email entry. + Modify how the server iterates over the email list when it + receives an alert. When marking an alert as having been sent + the username is the email address but with 'email:' prepended so + as not to collide with non-email filtering options for the same user. * Wed Dec 20 2006 John Dennis - 1.8.12-1 - - remove obsolte requires for python element tree +- remove obsolte requires for python element tree * Mon Dec 18 2006 John Dennis - 1.8.11-1 - - Resolves: #216575, more translations - - Replace delete and expunge menu labels with something more intuitive - - add ability for browser to be restarted with identical window - position and state - - add pkg version and protocol version to logon handshake, test for - compatibility between clint and server, prompt for restart - - add non-modal restart dialog - - add dialog to display traceback if sealert faults with an uncaught - exception, try to limit invisible errors - - fix return args on rpc method - - add instance id to server +- Resolves: #216575, more translations +- Replace delete and expunge menu labels with something more intuitive +- add ability for browser to be restarted with identical window + position and state +- add pkg version and protocol version to logon handshake, test for + compatibility between clint and server, prompt for restart +- add non-modal restart dialog +- add dialog to display traceback if sealert faults with an uncaught + exception, try to limit invisible errors +- fix return args on rpc method +- add instance id to server * Wed Dec 9 2006 Dan Walsh - 1.8.10-1 - - Improve quality of plugins - - Make matching easier - - Resolves: #216575 +- Improve quality of plugins +- Make matching easier +- Resolves: #216575 * Wed Dec 9 2006 Dan Walsh - 1.8.9-1 - - Additional Translations - - Resolves: #216575 +- Additional Translations +- Resolves: #216575 * Sat Dec 8 2006 Dan Walsh - 1.8.8-1 - - Additional Translations - - Change sealert to be able to run without X-Windows - - Resolves: #216575 +- Additional Translations +- Change sealert to be able to run without X-Windows +- Resolves: #216575 * Fri Dec 8 2006 Dan Walsh - 1.8.7-1 - - Additional Translations - - Change avc_audit.py to allow it to analyze /var/log/messages +- Additional Translations +- Change avc_audit.py to allow it to analyze /var/log/messages * Mon Dec 4 2006 John Dennis - 1.8.6-1 - - Resolves: bug# 218150, - "If view is set to "hide delete" you cannot filter new entries" - Actually, the bug was toggle cell renderer was connected to the - base model instead of the model attached to the view, the sort - model, this meant the toggle was occuring on the wrong row if - the view was sorted differently than the base model. +- Resolves: bug# 218150, + "If view is set to "hide delete" you cannot filter new entries" + Actually, the bug was toggle cell renderer was connected to the + base model instead of the model attached to the view, the sort + model, this meant the toggle was occuring on the wrong row if + the view was sorted differently than the base model. * Fri Dec 1 2006 John Dennis - 1.8.5-1 - - fix bug, "could not convert path to a GtkTreePath" when database - is initially empty, caused by last_selected_row == None +- fix bug, "could not convert path to a GtkTreePath" when database + is initially empty, caused by last_selected_row == None * Thu Nov 30 2006 John Dennis - 1.8.3-1 - - Resolves: bug# 217961, sealert needs pygtk2-libglade - - more i18n translations - - Resolves: bug# 217710, date representation did not respect locale, - at the same time remove old date formatting code, now cruft since - we can't use it because it was specific to US English. - - fix how selections are handled when rows are expunged. - - add Copy to Edit menu, for copying selection from detail pane, - unfortunately gtkhtml2 widget does not preserve line breaks between - table rows. +- Resolves: bug# 217961, sealert needs pygtk2-libglade +- more i18n translations +- Resolves: bug# 217710, date representation did not respect locale, + at the same time remove old date formatting code, now cruft since + we can't use it because it was specific to US English. +- fix how selections are handled when rows are expunged. +- add Copy to Edit menu, for copying selection from detail pane, + unfortunately gtkhtml2 widget does not preserve line breaks between + table rows. * Tue Nov 28 2006 John Dennis - 1.8.1-1 - - Resolves: bug# 216936, bug# 215290, add 'Copy Alert' edit menu item - - clean up menu items, add tooltips - - fix printing so it will work with multiple alerts, force font to - monospace 10pt, display error dialog if printing fails. - - Resolves: bug# 216908, platform and raw audit messages were not wrapped - to fit on page. - - Related: bug# 216575, update i18n po files - - Resolves: bug# 216941, set default folder for save operation, also set - default filename - - Resolves: #bug 216327 add menu items "toggle hide deleted", "select none". Add model - filter to control visibility of alerts - - Resolves: bug# 214218, sealert with no command line - arguments induces startup as dbus service, this had been a - regression. - - Resolves: bug# 216327, rework how deletes are performed in browser. Delete - now marks each seleted siginfo with a delete flag, expunge - permanently deletes siginfo's marked for deletion, also add undelete - command, removed delete confirmation dialog. Modify how text - attributes in cell renderer are computed to allow for - strike-throughs of alerts marked for deletion. - - multiple alerts can now be selected, add select all command, +- Resolves: bug# 216936, bug# 215290, add 'Copy Alert' edit menu item +- clean up menu items, add tooltips +- fix printing so it will work with multiple alerts, force font to + monospace 10pt, display error dialog if printing fails. +- Resolves: bug# 216908, platform and raw audit messages were not wrapped + to fit on page. +- Related: bug# 216575, update i18n po files +- Resolves: bug# 216941, set default folder for save operation, also set + default filename +- Resolves: #bug 216327 add menu items "toggle hide deleted", "select none". Add model + filter to control visibility of alerts +- Resolves: bug# 214218, sealert with no command line + arguments induces startup as dbus service, this had been a + regression. +- Resolves: bug# 216327, rework how deletes are performed in browser. Delete + now marks each seleted siginfo with a delete flag, expunge + permanently deletes siginfo's marked for deletion, also add undelete + command, removed delete confirmation dialog. Modify how text + attributes in cell renderer are computed to allow for + strike-throughs of alerts marked for deletion. +- multiple alerts can now be selected, add select all command, * Tue Nov 23 2006 Dan Walsh - 1.7.1-1 - - New Icon and translations +- New Icon and translations * Tue Nov 21 2006 Dan Walsh - 1.7-1 [John Dennis ] - - Add command line utilities - - logfile scanning finally seems to work connected to browser - - Additional Information section of report now includes line - number information (if alert was generated from logfile) - - replace database update_callback() with notify interface, a more - generic solution more easily shared between components - - object implementing rpc method is now explicitly attached via - connect_rpc_interface() instead of walking the MRO chain with - magic exclusions. explicitly connecting is more flexible and - robust (no getting the wrong object by mistake) - - fix handling of return args in local rpc case - - fix signal connections between audit and logfile - - split databae and database_properties for audit and logfile - - fix initial connection state - - fix lookup_local_id +- Add command line utilities +- logfile scanning finally seems to work connected to browser +- Additional Information section of report now includes line + number information (if alert was generated from logfile) +- replace database update_callback() with notify interface, a more + generic solution more easily shared between components +- object implementing rpc method is now explicitly attached via + connect_rpc_interface() instead of walking the MRO chain with + magic exclusions. explicitly connecting is more flexible and + robust (no getting the wrong object by mistake) +- fix handling of return args in local rpc case +- fix signal connections between audit and logfile +- split databae and database_properties for audit and logfile +- fix initial connection state +- fix lookup_local_id * Wed Nov 8 2006 Dan Walsh - 1.5-1 - - Speed up startup of service +- Speed up startup of service * Tue Nov 6 2006 Dan Walsh - 1.4-1 - - Many fixes - - Changed the api +- Many fixes +- Changed the api * Tue Oct 24 2006 Dan Walsh - 1.3-1 - - Speed enhancments +- Speed enhancments [John Dennis ] - - log file parsing now approx 4 times faster - - greatly enhance the statistics reporting capability in attempt - to diagnose slow log file parsing performance - - make gathering of environmenatal information optional, - environment information is only relevant at the time the - alert fires, not in a post processing scenario - - clean up several places where environmental information was - assumed and/or was always gathered, or gathered in the wrong place. +- log file parsing now approx 4 times faster +- greatly enhance the statistics reporting capability in attempt + to diagnose slow log file parsing performance +- make gathering of environmenatal information optional, + environment information is only relevant at the time the + alert fires, not in a post processing scenario +- clean up several places where environmental information was + assumed and/or was always gathered, or gathered in the wrong place. * Tue Oct 17 2006 Dan Walsh - 1.2-1 - - Fix signature for PORT_NUMBER src command +- Fix signature for PORT_NUMBER src command * Tue Oct 3 2006 Dan Walsh - 1.1-1 - - Additional Plugins for port_t and device_t and mislabled files. +- Additional Plugins for port_t and device_t and mislabled files. * Tue Oct 3 2006 Dan Walsh - 1.0-1 - - Release of first version - - Fix icon +- Release of first version +- Fix icon [John Dennis ] - - Memory leak fixes - - Substitution fixes - - File names in hex fixes +- Memory leak fixes +- Substitution fixes +- File names in hex fixes * Fri Sep 29 2006 Dan Walsh - 0.48-1 - - Sealert only notify dropped connection once - - setroubleshoot shutdown cleanly +- Sealert only notify dropped connection once +- setroubleshoot shutdown cleanly [John Dennis ] - - Gui cleanups +- Gui cleanups * Wed Sep 27 2006 Dan Walsh - 0.47-1 - - Change close key binding to ctrl-w +- Change close key binding to ctrl-w * Tue Sep 26 2006 Dan Walsh - 0.46-1 - - Add new plugins cvs_data, rsync_data, xen_image, swapfile, samba_share +- Add new plugins cvs_data, rsync_data, xen_image, swapfile, samba_share [John Dennis ] - - clear the GUI of old data before loading new data, - fix the code used to display the filter icon in the filter column +- clear the GUI of old data before loading new data, + fix the code used to display the filter icon in the filter column * Tue Sep 26 2006 Dan Walsh - 0.45-1 [John Dennis ] - - Major rewrite of the client/server RPC code, +- Major rewrite of the client/server RPC code, * Sat Sep 16 2006 Dan Walsh - 0.44-1 - - Fix Affected RPMS handling +- Fix Affected RPMS handling * Fri Sep 15 2006 Dan Walsh - 0.43-1 - - Fix mail handling - - fix bugs related to recording per user per signature filtering +- Fix mail handling +- fix bugs related to recording per user per signature filtering [John Dennis ] - - fix bugs related to recording per user per signature filtering +- fix bugs related to recording per user per signature filtering [Karl MacMillan ] - - Add signal handling to client and server. - - Fix minor plugin bugs. +- Add signal handling to client and server. +- Fix minor plugin bugs. * Thu Sep 7 2006 Dan Walsh - 0.42-1 [Karl MacMillan ] - - Add rpm information for target. - - Add hostname and uname to signature info - - Add display of the full AVC - - Add display of the analysis id - - Change html generation to be separated out and us elemmenttree +- Add rpm information for target. +- Add hostname and uname to signature info +- Add display of the full AVC +- Add display of the analysis id +- Change html generation to be separated out and us elemmenttree [John Dennis ] - - add CommunicationChannel class to encapsulate data transfer - operations, in particular to provide an object threads can lock - during data transfer. - - checkpoint the logfile scanning code, somewhat working +- add CommunicationChannel class to encapsulate data transfer + operations, in particular to provide an object threads can lock + during data transfer. +- checkpoint the logfile scanning code, somewhat working * Fri Aug 31 2006 Dan Walsh - 0.41-1 - - Fix printing +- Fix printing * Fri Aug 31 2006 Dan Walsh - 0.40-1 - - Fix notification window problems. Now dissappears and does not regenerate if +- Fix notification window problems. Now dissappears and does not regenerate if it has already been seen * Fri Aug 31 2006 Dan Walsh - 0.39-1 - - Add Icon +- Add Icon [John Dennis ] - - dispatcher.py: rework how audit messages injected into the - system and processed. Much of this work was in support of log file - scanning which should be coupled to the exact same processing code - as audit messages arriving from the audit socket. In essence log - file scanning synthesizes an audit message and we inject it into - the system the same way socket messages are injected. This was - also an excellent moment correctly handle out of order audit - messages, something we were not able to handle previously. This - may have been contributing to splitting what should have been a - single alert into two or more separate alerts because we didn't - recongize the incoming audit events as a single event. Correctly - assembling out of order messages introduced a fair amount of extra - complexity as we now maintain a cache of recent audit events, this - is fully documented in dispatcher.py - - Turn notifications back on by default. +- dispatcher.py: rework how audit messages injected into the + system and processed. Much of this work was in support of log file + scanning which should be coupled to the exact same processing code + as audit messages arriving from the audit socket. In essence log + file scanning synthesizes an audit message and we inject it into + the system the same way socket messages are injected. This was + also an excellent moment correctly handle out of order audit + messages, something we were not able to handle previously. This + may have been contributing to splitting what should have been a + single alert into two or more separate alerts because we didn't + recongize the incoming audit events as a single event. Correctly + assembling out of order messages introduced a fair amount of extra + complexity as we now maintain a cache of recent audit events, this + is fully documented in dispatcher.py +- Turn notifications back on by default. [Karl MacMillan ] - - Separated out HTML rendering and made it easier to translate. +- Separated out HTML rendering and made it easier to translate. * Fri Aug 30 2006 Dan Walsh - 0.38-1 [Dan Walsh] - - Hook up the rest of the menu bars on browser window - - Add public_content.py plugin +- Hook up the rest of the menu bars on browser window +- Add public_content.py plugin [John Dennis ] - - add delete_signatures() method to AlertClient class - - start using the AppBar in the browser. - - "open logfile" now connected all the way from browser menu - to server rpc, still needs implementation, but "plumbing" is working. - - fixes for the date/time dialog - - remove install of setroubleshoot.glade, we now only use - setroubleshoot_browser.glade - - some fixed to DateTimeDialog +- add delete_signatures() method to AlertClient class +- start using the AppBar in the browser. +- "open logfile" now connected all the way from browser menu + to server rpc, still needs implementation, but "plumbing" is working. +- fixes for the date/time dialog +- remove install of setroubleshoot.glade, we now only use + setroubleshoot_browser.glade +- some fixed to DateTimeDialog * Fri Aug 25 2006 Dan Walsh - 0.37-1 - - Add back in the status icon +- Add back in the status icon * Thu Aug 24 2006 John Dennis - 0.36-1 - - change dbclear trigger to 0.35 +- change dbclear trigger to 0.35 * Thu Aug 24 2006 John Dennis - 0.35-1 - - add sorting on category column and seen column in browser, - fix reference to my_draw() in print function. +- add sorting on category column and seen column in browser, + fix reference to my_draw() in print function. - - make browser window hidden by default so it does not flash - when it's first realized, connect to the "realize" signal to - initially position the vpane, add signal handlers to track - when the browser is visible, the presentation of the status - icon now checks if the browser is visible, the status icon is - not presented if the browser is already displayed. +- make browser window hidden by default so it does not flash + when it's first realized, connect to the "realize" signal to + initially position the vpane, add signal handlers to track + when the browser is visible, the presentation of the status + icon now checks if the browser is visible, the status icon is + not presented if the browser is already displayed. * Thu Aug 22 2006 Dan Walsh - 0.34-1 - - Standardize on the browser. remove alert window +- Standardize on the browser. remove alert window [John Dennis ] - - remove all vestiges of popup alert, now browser is the only - UI game in town - - restore the automatic updating of the browser window which had - been a regression, the AlertClient class now emits signals which - the GUI classes can connect to receive signals from the fault server, - also fix the "mark seen" regression - - browser.py: restore mark_seen timeout +- remove all vestiges of popup alert, now browser is the only + UI game in town +- restore the automatic updating of the browser window which had + been a regression, the AlertClient class now emits signals which + the GUI classes can connect to receive signals from the fault server, + also fix the "mark seen" regression +- browser.py: restore mark_seen timeout * Tue Aug 22 2006 Dan Walsh - 0.33-1 - - Spell check plugins - - fix dbus instantiation +- Spell check plugins +- fix dbus instantiation * Tue Aug 22 2006 Dan Walsh - 0.32-1 - - Add avc_syslog to syslog translated avc message - - Fix submitbug button +- Add avc_syslog to syslog translated avc message +- Fix submitbug button [John Dennis ] - - fix signature inflation, all data attached to a signature is now - encapsulated in a SEFaultSignatureInfo (siginfo) class. The GUI no - longer reaches into a signature looking for information, it looks - in the siginfo. The Plugin class now defines the method - get_signature() which report() calls to obtain the signature. The - default signature provided by the Plugin class includes the - analysisID, an AVC with just the src & target contexts, and the - object_path. All data accesses and parameters which had been "sig - and solution" are now done via the unified siginfo class. There is - still a bit more work to be done on this but this represents a - reasonble point to checkpoint the code in CVS. +- fix signature inflation, all data attached to a signature is now + encapsulated in a SEFaultSignatureInfo (siginfo) class. The GUI no + longer reaches into a signature looking for information, it looks + in the siginfo. The Plugin class now defines the method + get_signature() which report() calls to obtain the signature. The + default signature provided by the Plugin class includes the + analysisID, an AVC with just the src & target contexts, and the + object_path. All data accesses and parameters which had been "sig + and solution" are now done via the unified siginfo class. There is + still a bit more work to be done on this but this represents a + reasonble point to checkpoint the code in CVS. * Tue Aug 22 2006 Dan Walsh - 0.31-1 - - Fix desktop +- Fix desktop * Tue Aug 22 2006 John Dennis - 0.30-1 - - fix bug #203479, missing requires of audit-libs-python - - add support to sealert to listen on a dbus session signal to display - the gui. This is needed for when the status icon is not visible and - the user wants to see the UI. There is now a seperate program - setroubleshoot_launch_gui which emits the signal. +- fix bug #203479, missing requires of audit-libs-python +- add support to sealert to listen on a dbus session signal to display + the gui. This is needed for when the status icon is not visible and + the user wants to see the UI. There is now a seperate program + setroubleshoot_launch_gui which emits the signal. * Tue Aug 22 2006 Dan Walsh - 0.29-1 - - Add Requires: audit-libs-python - - Add translations +- Add Requires: audit-libs-python +- Add translations * Mon Aug 21 2006 Dan Walsh - 0.28-1 - - Fix allow_execmem.py file - - Add translations +- Fix allow_execmem.py file +- Add translations * Mon Aug 21 2006 John Dennis - 0.27-1 - - load_plugins() now catches exceptions when a plugin won't load, - reports the traceback in the log file, and continues with the next - plugin. Previously a bad plugin caused the entire plugin loading - to abort and no plugins were loaded. - - Add "daemon_name" to automake variables, change pid file to match - - turn off "noreplace" on config file till things settle down a bit - - browser.py now validates data, also test for missing column data in the - cell_data function to avoid exceptions. - - add stub for analyzie_logfile() rpc call - - turn off balloon notifications by default in config file, - libnotify is just plain busted at this point :-( - - only the setroubleshootd daemon creates it's log file - under /var/log now, the user app's do it in /tmp, change file - permissions on /var/log/setroubleshoot back to 0644. - - sealert now looks up the username rather than hardcoding it to "foo" - - CamelCase to lowercase_underscore clean up +- load_plugins() now catches exceptions when a plugin won't load, + reports the traceback in the log file, and continues with the next + plugin. Previously a bad plugin caused the entire plugin loading + to abort and no plugins were loaded. +- Add "daemon_name" to automake variables, change pid file to match +- turn off "noreplace" on config file till things settle down a bit +- browser.py now validates data, also test for missing column data in the + cell_data function to avoid exceptions. +- add stub for analyzie_logfile() rpc call +- turn off balloon notifications by default in config file, + libnotify is just plain busted at this point :-( +- only the setroubleshootd daemon creates it's log file + under /var/log now, the user app's do it in /tmp, change file + permissions on /var/log/setroubleshoot back to 0644. +- sealert now looks up the username rather than hardcoding it to "foo" +- CamelCase to lowercase_underscore clean up * Mon Aug 21 2006 Dan Walsh - 0.26-1 - - Zero out datbase.xml for updated browser +- Zero out datbase.xml for updated browser * Mon Aug 21 2006 Dan Walsh - 0.25-1 - - Fix 64 bit issue that caused runaway problem +- Fix 64 bit issue that caused runaway problem * Sun Aug 20 2006 Dan Walsh - 0.24-1 - - add missing runcmd +- add missing runcmd * Thu Aug 17 2006 John Dennis - 0.23-1 - - fix for bug #202206, require correct version of audit, - fixes for audit connection. +- fix for bug #202206, require correct version of audit, + fixes for audit connection. * Thu Aug 10 2006 Dan Walsh - 0.20-1 - - add html support - - remove setroubleshoot_dispatcher +- add html support +- remove setroubleshoot_dispatcher * Tue Aug 8 2006 Dan Walsh - 0.19-1 2006-08-08 Dan Walsh - - Fix up handling of mls ranges in context - - Cleanup some pychecker errors +- Fix up handling of mls ranges in context +- Cleanup some pychecker errors 2006-08-07 John Dennis - - add first seen, last seen, and report count to alert detail view - - make the seen icon work, if the alert has been displayed more - than N seconds, mark the alert as having been seen by the user - and update the icon is the list view - - change the schema for the xml data; the database now has a version, - there is a local id attached to each signature, the filter list in - the siginfo was replaced by a list of per user data, the per user - data now contains the filter, seen_flag. Modify all the code which - was operating on the filter information to use the new model. - - fix the xml serialization so that booleans can be used as a basic - type and also so that non-string types can be used in element - attributes (e.g. int, bool) and the serialization code will - automatically convert between python types and strings. +- add first seen, last seen, and report count to alert detail view +- make the seen icon work, if the alert has been displayed more + than N seconds, mark the alert as having been seen by the user + and update the icon is the list view +- change the schema for the xml data; the database now has a version, + there is a local id attached to each signature, the filter list in + the siginfo was replaced by a list of per user data, the per user + data now contains the filter, seen_flag. Modify all the code which + was operating on the filter information to use the new model. +- fix the xml serialization so that booleans can be used as a basic + type and also so that non-string types can be used in element + attributes (e.g. int, bool) and the serialization code will + automatically convert between python types and strings. * Mon Aug 7 2006 Dan Walsh - 0.18-1 - - Add dispatcher.py +- Add dispatcher.py * Sat Aug 5 2006 Dan Walsh - 0.17-1 [John Dennis ] - - clean up and rework the timestamp code in util.py so that - time zones are handled properly, there were a number of bugs. - Hopefully it's correct now because timezone handling is a pain. - - change the time format in the browser so all times are displayed - identically, the friendly time relative format was hard to compare. - - modify the plugin 'make install' to delete all existing plugin's - prior to installing the new ones - - add popup menu to status icon to choose between browser and - alert GUI (not fully connected yet). Several bug fixes related - to changing the filter_type from a string to an int. - - add filter selection to bottom pane, change filter_type from - string to integer constant. Enhance how columns are handled. - Get init_combo_box to work. Remove unused RPM and Bugzilla - fields from bottom pane. Modify the default size of the browser - window. Fix missing import in util.py. - - add ability in broswer to sort on columns, initially the report - count column and the last seen date column. The date column now - stores a TimeStamp object instead of a string. Add new method - to TimeStamp to return a friendly string relative to the current - time. The date column in the browser now has a cell data function - which invokes the friendly format method of the TimeStamp object. - - add ability fo serialize to/from xml for classes which can - inititialized from strings and serialized as strings (e.g. numbers, - TimeStamps, etc.) - - add count of how many times a signature is reported, the date - when first and last reported, add columns for report count and - last date count to browser. - - checkpoint browser code, list pane and detail pane now working. - - add initial support for browser applet, move some functions which - kept getting reused to util.py - - add reporting of environment to email alert (email alerts still - need work) +- clean up and rework the timestamp code in util.py so that + time zones are handled properly, there were a number of bugs. + Hopefully it's correct now because timezone handling is a pain. +- change the time format in the browser so all times are displayed + identically, the friendly time relative format was hard to compare. +- modify the plugin 'make install' to delete all existing plugin's + prior to installing the new ones +- add popup menu to status icon to choose between browser and + alert GUI (not fully connected yet). Several bug fixes related + to changing the filter_type from a string to an int. +- add filter selection to bottom pane, change filter_type from + string to integer constant. Enhance how columns are handled. + Get init_combo_box to work. Remove unused RPM and Bugzilla + fields from bottom pane. Modify the default size of the browser + window. Fix missing import in util.py. +- add ability in broswer to sort on columns, initially the report + count column and the last seen date column. The date column now + stores a TimeStamp object instead of a string. Add new method + to TimeStamp to return a friendly string relative to the current + time. The date column in the browser now has a cell data function + which invokes the friendly format method of the TimeStamp object. +- add ability fo serialize to/from xml for classes which can + inititialized from strings and serialized as strings (e.g. numbers, + TimeStamps, etc.) +- add count of how many times a signature is reported, the date + when first and last reported, add columns for report count and + last date count to browser. +- checkpoint browser code, list pane and detail pane now working. +- add initial support for browser applet, move some functions which + kept getting reused to util.py +- add reporting of environment to email alert (email alerts still + need work) [Dan Walsh ] - - Fix disable_trans.py set_boolean call - - Complete all boolean plugins except disable - - Change interface to use audit unix domain socket +- Fix disable_trans.py set_boolean call +- Complete all boolean plugins except disable +- Change interface to use audit unix domain socket * Mon Jul 28 2006 Dan Walsh - 0.16-1 [John Dennis ] - - modify SetFilter in server to return errors instead of - throwing an exception. Default the filter list on each alert display. - - minor tweaks to alert queue handling - - fix analyze() parameter list in ftp_is_daemon.py plugin - - sealert now responds to pending alerts more correctly, it shows - how many pending alerts are in the queue, if you filter the pending - alert status is updated, the next alert button will advance you - to the next alert in the queue - - simplify major pieces of sealert by coalescing common code - into subroutines. +- modify SetFilter in server to return errors instead of + throwing an exception. Default the filter list on each alert display. +- minor tweaks to alert queue handling +- fix analyze() parameter list in ftp_is_daemon.py plugin +- sealert now responds to pending alerts more correctly, it shows + how many pending alerts are in the queue, if you filter the pending + alert status is updated, the next alert button will advance you + to the next alert in the queue +- simplify major pieces of sealert by coalescing common code + into subroutines. [Dan Walsh ] - - Complete all boolean plugins except disable - - Make Close button work. - - Make setroubleshoot_dispatcher exit if it gets an avc about itself +- Complete all boolean plugins except disable +- Make Close button work. +- Make setroubleshoot_dispatcher exit if it gets an avc about itself * Mon Jul 26 2006 Dan Walsh - 0.15-1 [Karl MacMillan ] - - Add generic templating mechanism to Plugin - - Ported all plugins to use templating mechanism +- Add generic templating mechanism to Plugin +- Ported all plugins to use templating mechanism * Sat Jul 22 2006 Dan Walsh - 0.13-1 - - Fixes to plugins - - Fixes to dispatcher +- Fixes to plugins +- Fixes to dispatcher * Fri Jul 21 2006 Dan Walsh - 0.12-1 - - Fix problem in dispatcher +- Fix problem in dispatcher * Fri Jul 21 2006 John Dennis - 0.11-1 - - add email alerts - - stop the status icon from blinking, add notification balloon. +- add email alerts +- stop the status icon from blinking, add notification balloon. * Fri Jul 21 2006 Dan Walsh - 0.10-1 - - Fix startup order for setrobleshoot - - Fix Plugins +- Fix startup order for setrobleshoot +- Fix Plugins * Tue Jul 20 2006 Dan Walsh - 0.9-1 - - Additional Plugins plus a lot of cleanup +- Additional Plugins plus a lot of cleanup * Mon Jul 19 2006 Dan Walsh - 0.8-1 - - Added a bunch more plugins +- Added a bunch more plugins [Karl MacMillan ] - - Add allow_cvs_read_shadow.py, allow_ftp_use_cifs, allow_ftp_use_nfs, and allow_gssd_read_tmp. - - Change AVC to have additional helpers for matching messages. - - Change Plugin to work better with more than one solution. +- Add allow_cvs_read_shadow.py, allow_ftp_use_cifs, allow_ftp_use_nfs, and allow_gssd_read_tmp. +- Change AVC to have additional helpers for matching messages. +- Change Plugin to work better with more than one solution. * Mon Jul 19 2006 Dan Walsh - 0.7-1 - - Fix setroubleshoot_dispatcher to catch all information from - avc. Much cleaner interface and no longer uses audit2allow cruft. - - Remove toolbar from popup window since it did nothing, and I - think it looks better without it. - - fix allow_execmod plugin to report better data. +- Fix setroubleshoot_dispatcher to catch all information from + avc. Much cleaner interface and no longer uses audit2allow cruft. +- Remove toolbar from popup window since it did nothing, and I + think it looks better without it. +- fix allow_execmod plugin to report better data. * Mon Jun 26 2006 John Dennis - 0.3-1 - - add missing /var/log directory files section in spec file, - and add logrotate script +- add missing /var/log directory files section in spec file, + and add logrotate script * Mon Jun 26 2006 John Dennis - 0.2-1 - - clean up spec file, reduce rpmlint complaints +- clean up spec file, reduce rpmlint complaints * Fri May 19 2006 John Dennis - 0.1-1 - - Initial build. +- Initial build. diff --git a/sources b/sources index ecd1dad..b6367e4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e3c6b7be85740e3b54f59aef80ad9097 setroubleshoot-2.2.52.tar.gz +8ed43cf04023da0bfa192c0539132ea9 setroubleshoot-2.2.55.tar.gz