Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Feedback | Help | Search |
Name: audit | Distribution: Red Hat (FC-5) |
Version: 1.3 | Vendor: Red Hat, Inc. |
Release: 2.fc5 | Build date: Thu Nov 30 09:04:21 2006 |
Group: System Environment/Daemons | Build host: hs20-bc2-3.build.redhat.com |
Size: 530696 | Source RPM: audit-1.3-2.fc5.src.rpm |
Packager: Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> | |
Url: http://people.redhat.com/sgrubb/audit/ | |
Summary: User space tools for 2.6 kernel auditing |
The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel.
GPL
internal MD5: a122748b88e82e66a25920fe95fb5167
GPG
* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 1.3-2 - Fix minor parsing problem and add new msg types * Tue Nov 28 2006 Steve Grubb <sgrubb@redhat.com> 1.3-1 - ausearch & aureport implement uid/gid caching - In ausearch & aureport, extract addr when hostname is unknown - In ausearch & aureport, test audit log presence O_RDONLY - New ausearch/aureport time keywords: recent, this-week, this-month, this-year - Added --add & --delete option to aureport - Update res parsing in config change events - Increase the size on audit daemon buffers - Parse avc_path records in ausearch/aureport - ausearch has new output mode, raw, for extracting events - ausearch/aureport can now read stdin - Rework AVC processing in ausearch/aureport - Added long options to ausearch and aureport * Tue Oct 24 2006 Steve Grubb <sgrubb@redhat.com> 1.2.9-1 - In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834) - Fix some defines in libaudit.h - Some auditd config strings were not initialized in aureport (#211443) - Updated man pages - Add Netlabel event types to libaudit - Update aureports to current audit event types - Update autrace a little - Deprecated all the old audit_rule functions from public API - Drop auparse library for the moment * Sun Oct 01 2006 Steve Grubb <sgrubb@redhat.com> 1.2.8-1.fc5 - Make internal auditd buffers bigger for context info - Correct address resolving of hostname in logging functions - Do not allow multiple msgtypes in same audit rule in auditctl (#207666) - Only =, != operators for arch & inode fields in auditctl (#206427) - Updated audit message type table - Remove watches from aureport since FS_WATCH is deprecated - Add audit_log_avc back temporarily (#208152) * Wed Sep 20 2006 Steve Grubb <sgrubb@redhat.com> 1.2.7-4.fc5 - Fix auditd.conf by commenting out dispatcher line * Tue Sep 19 2006 Steve Grubb <sgrubb@redhat.com> 1.2.7-3.fc5 - Fix config file location * Tue Sep 19 2006 Steve Grubb <sgrubb@redhat.com> 1.2.7-2.fc5 - Remove the audit dispatcher since backport of setroubleshooter is not likely * Mon Sep 18 2006 Steve Grubb <sgrubb@redhat.com> 1.2.7-1 - Update to new version that is designed for 2.6.18 kernel * Mon Mar 06 2006 Steve Grubb <sgrubb@redhat.com> 1.1.5-1 - Changed audit_log_semanage_message to take new params - In aureport, add class between syscall and permission in avc report - Fix bug where fsync is called in debug mode - Add optional support for tty in SYSCALL records for ausearch/aureport - Reinstate legacy rule operator support - Add man pages - Auditd ignore most signals * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.1.4-5.1 - bump again for double-long bug on ppc(64) * Fri Feb 10 2006 Steve Grubb <sgrubb@redhat.com> 1.1.4-5 - Change audit_log_semanage_message to check strlen as well as NULL. * Thu Feb 09 2006 Steve Grubb <sgrubb@redhat.com> 1.1.4-3 - Change audit_log_semanage_message to take new params. * Wed Feb 08 2006 Steve Grubb <sgrubb@redhat.com> 1.1.4-1 - Fix bug in autrace where it didn't run on kernels without file watch support - Add syslog message to auditd saying what program was started for dispatcher - Remove audit_send_user from public api - Fix bug in USER_LOGIN messages where ausearch does not translate msg='uid=500: into acct name (#178102). - Change comm with dispatcher to socketpair from pipe - Change auditd to use custom daemonize to avoid race in init scripts - Update error message when deleting a rule that doesn't exist (#176239) - Call shutdown_dispatcher when auditd stops - Add new logging function audit_log_semanage_message * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.1.3-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Thu Jan 05 2006 Steve Grubb <sgrubb@redhat.com> 1.1.3-1 - Add timestamp to daemon_config messages (#174865) - Add error checking of year for aureport & ausearch - Treat af_unix sockets as files for searching and reporting - Update capp & lspp rules to combine syscalls for higher performance - Adjusted the chkconfig line for auditd to start a little earlier - Added skeleton program to docs for people to write their own dispatcher with - Apply patch from Ulrich Drepper that optimizes resource utilization - Change ausearch and aureport to unlocked IO * Mon Dec 05 2005 Steve Grubb <sgrubb@redhat.com> 1.1.2-1 - Add more message types * Wed Nov 30 2005 Steve Grubb <sgrubb@redhat.com> 1.1.1-1 - Add support for alpha processors - Update the audisp code - Add locale code in ausearch and aureport - Add new rule operator patch - Add exclude filter patch - Cleanup make files - Add python bindings * Wed Nov 09 2005 Steve Grubb <sgrubb@redhat.com> 1.1-1 - Add initial version of audisp. Just a placeholder at this point - Remove -t from auditctl * Mon Nov 07 2005 Steve Grubb <sgrubb@redhat.com> 1.0.12-1 - Add 2 more summary reports - Add 2 more message types
/etc/audit.rules /etc/auditd.conf /etc/rc.d/init.d/auditd /etc/sysconfig/auditd /sbin/auditctl /sbin/auditd /sbin/aureport /sbin/ausearch /sbin/autrace /usr/share/doc/audit-1.3 /usr/share/doc/audit-1.3/COPYING /usr/share/doc/audit-1.3/ChangeLog /usr/share/doc/audit-1.3/README /usr/share/doc/audit-1.3/auditd.cron /usr/share/doc/audit-1.3/capp.rules /usr/share/doc/audit-1.3/lspp.rules /usr/share/doc/audit-1.3/sample.rules /usr/share/doc/audit-1.3/skeleton.c /usr/share/man/man8/auditctl.8.gz /usr/share/man/man8/auditd.8.gz /usr/share/man/man8/auditd.conf.8.gz /usr/share/man/man8/aureport.8.gz /usr/share/man/man8/ausearch.8.gz /usr/share/man/man8/autrace.8.gz /var/log/audit
Generated by rpm2html 1.9.2
webmaster@wesmo.com, Wed Mar 21 12:13:11 2007