Toshaan Bharvani
2 years ago
commit
598498c420
6 changed files with 1484 additions and 0 deletions
@ -0,0 +1,217 @@ |
|||||||
|
From 4011007b445e8f8da9b0cc45eccd793b94f6b5ce Mon Sep 17 00:00:00 2001 |
||||||
|
From: Sergio Correia <scorreia@redhat.com> |
||||||
|
Date: Thu, 29 Jul 2021 19:25:43 -0300 |
||||||
|
Subject: [PATCH] Add ausysrulevalidate |
||||||
|
|
||||||
|
--- |
||||||
|
contrib/ausysrulevalidate | 198 ++++++++++++++++++++++++++++++++++++++ |
||||||
|
1 file changed, 198 insertions(+) |
||||||
|
create mode 100755 contrib/ausysrulevalidate |
||||||
|
|
||||||
|
diff --git a/contrib/ausysrulevalidate b/contrib/ausysrulevalidate |
||||||
|
new file mode 100755 |
||||||
|
index 0000000..a251b2c |
||||||
|
--- /dev/null |
||||||
|
+++ b/contrib/ausysrulevalidate |
||||||
|
@@ -0,0 +1,198 @@ |
||||||
|
+#!/usr/bin/env python3 |
||||||
|
+# -*- coding: utf-8 -*- |
||||||
|
+ |
||||||
|
+# ausysrulevalidate - A program that lets you validate the syscalls |
||||||
|
+# in audit rules. |
||||||
|
+# Copyright (c) 2021 Red Hat Inc., Durham, North Carolina. |
||||||
|
+# All Rights Reserved. |
||||||
|
+# |
||||||
|
+# This software may be freely redistributed and/or modified under the |
||||||
|
+# terms of the GNU General Public License as published by the Free |
||||||
|
+# Software Foundation; either version 2, or (at your option) any |
||||||
|
+# later version. |
||||||
|
+# |
||||||
|
+# This program is distributed in the hope that it will be useful, |
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||||
|
+# GNU General Public License for more details. |
||||||
|
+# |
||||||
|
+# You should have received a copy of the GNU General Public License |
||||||
|
+# along with this program; see the file COPYING. If not, write to the |
||||||
|
+# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor |
||||||
|
+# Boston, MA 02110-1335, USA. |
||||||
|
+# |
||||||
|
+# Authors: |
||||||
|
+# Sergio Correia <scorreia@redhat.com> |
||||||
|
+ |
||||||
|
+""" This program lets you validate syscalls in audit rules. """ |
||||||
|
+ |
||||||
|
+import argparse |
||||||
|
+import os.path |
||||||
|
+import sys |
||||||
|
+ |
||||||
|
+import audit |
||||||
|
+ |
||||||
|
+ |
||||||
|
+class AuSyscallRuleValidate: |
||||||
|
+ """AuSyscallRuleValidate validates syscalls in audit rules.""" |
||||||
|
+ |
||||||
|
+ def __init__(self): |
||||||
|
+ self.syscalls_table = {} |
||||||
|
+ self.invalid_syscalls = {} |
||||||
|
+ self.machines = { |
||||||
|
+ "b32": audit.audit_determine_machine("b32"), |
||||||
|
+ "b64": audit.audit_determine_machine("b64"), |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ if self.machines["b32"] == -1 or self.machines["b64"] == -1: |
||||||
|
+ sys.stderr.write("ERROR: Unable to determine machine type\n") |
||||||
|
+ sys.exit(1) |
||||||
|
+ |
||||||
|
+ def validate_syscall(self, arch, syscall): |
||||||
|
+ """Validates a single syscall.""" |
||||||
|
+ |
||||||
|
+ if syscall == "all": |
||||||
|
+ return True |
||||||
|
+ |
||||||
|
+ lookup = "{0}:{1}".format(arch, syscall) |
||||||
|
+ if lookup in self.syscalls_table: |
||||||
|
+ return self.syscalls_table[lookup] |
||||||
|
+ |
||||||
|
+ ret = audit.audit_name_to_syscall(syscall, self.machines[arch]) |
||||||
|
+ self.syscalls_table[lookup] = ret != -1 |
||||||
|
+ if not self.syscalls_table[lookup]: |
||||||
|
+ self.invalid_syscalls[lookup] = lookup |
||||||
|
+ |
||||||
|
+ return self.syscalls_table[lookup] |
||||||
|
+ |
||||||
|
+ def process_syscalls(self, arch, syscalls): |
||||||
|
+ """Processes a group of syscalls, validating them individually.""" |
||||||
|
+ |
||||||
|
+ scalls = syscalls.split(",") |
||||||
|
+ processed = [] |
||||||
|
+ for syscall in scalls: |
||||||
|
+ if self.validate_syscall(arch, syscall): |
||||||
|
+ processed.append(syscall) |
||||||
|
+ return ",".join(processed) |
||||||
|
+ |
||||||
|
+ def parse_line(self, line): |
||||||
|
+ """Processes a single line from the audit rules file, and returns the |
||||||
|
+ same line adjusted, if required, by removing invalid syscalls, or even |
||||||
|
+ removing the rule altogether, if no valid syscall remain after |
||||||
|
+ validation.""" |
||||||
|
+ |
||||||
|
+ if line.lstrip().startswith("#") or "-S" not in line: |
||||||
|
+ return line |
||||||
|
+ |
||||||
|
+ # We do have a rule specifying syscalls, so let's validate them. |
||||||
|
+ tokens = line.split() |
||||||
|
+ processed = [] |
||||||
|
+ is_syscall = False |
||||||
|
+ arch = None |
||||||
|
+ |
||||||
|
+ for val in tokens: |
||||||
|
+ if not is_syscall: |
||||||
|
+ processed.append(val) |
||||||
|
+ |
||||||
|
+ if val.startswith("arch="): |
||||||
|
+ archs = val.split("=") |
||||||
|
+ if len(archs) == 2: |
||||||
|
+ arch = val.split("=")[1] |
||||||
|
+ if arch not in self.machines: |
||||||
|
+ sys.stderr.write("ERROR: unexpected arch '{0}'\n".format(arch)) |
||||||
|
+ continue |
||||||
|
+ |
||||||
|
+ if val == "-S": |
||||||
|
+ is_syscall = True |
||||||
|
+ continue |
||||||
|
+ |
||||||
|
+ if is_syscall: |
||||||
|
+ is_syscall = False |
||||||
|
+ scalls = self.process_syscalls(arch, val) |
||||||
|
+ |
||||||
|
+ if len(scalls) == 0: |
||||||
|
+ processed = processed[:-1] |
||||||
|
+ continue |
||||||
|
+ processed.append(scalls) |
||||||
|
+ |
||||||
|
+ if "-S" not in processed: |
||||||
|
+ # Removing rule altogether, as we have no valid syscalls remaining. |
||||||
|
+ return None |
||||||
|
+ return " ".join(processed) |
||||||
|
+ |
||||||
|
+ def process_rules(self, rules_file): |
||||||
|
+ """Reads a file with audit rules and returns the rules after |
||||||
|
+ validation of syscalls/architecture. Invalid syscalls will be removed |
||||||
|
+ and, if there are no valid remaining syscalls, the rule itself is |
||||||
|
+ removed.""" |
||||||
|
+ |
||||||
|
+ if not os.path.isfile(rules_file): |
||||||
|
+ sys.stderr.write("ERROR: rules file '{0}' not found\n".format(rules_file)) |
||||||
|
+ sys.exit(1) |
||||||
|
+ |
||||||
|
+ with open(rules_file) as rules: |
||||||
|
+ content = rules.readlines() |
||||||
|
+ |
||||||
|
+ processed = [] |
||||||
|
+ changed = False |
||||||
|
+ for line in content: |
||||||
|
+ validated = self.parse_line(line) |
||||||
|
+ if validated is None: |
||||||
|
+ changed = True |
||||||
|
+ continue |
||||||
|
+ |
||||||
|
+ if validated.rstrip("\r\n") != line.rstrip("\r\n"): |
||||||
|
+ changed = True |
||||||
|
+ processed.append(validated.rstrip("\r\n")) |
||||||
|
+ |
||||||
|
+ invalid_syscalls = [] |
||||||
|
+ for invalid in self.invalid_syscalls: |
||||||
|
+ invalid_syscalls.append(invalid) |
||||||
|
+ |
||||||
|
+ return (processed, changed, invalid_syscalls) |
||||||
|
+ |
||||||
|
+ def update_rules(self, rules_file): |
||||||
|
+ """Reads a file with audit rules and updates it after validation of |
||||||
|
+ syscalls/architecture. Invalid syscalls will be removed and, if |
||||||
|
+ there are no valid remaining syscalls, the rule itself is removed.""" |
||||||
|
+ |
||||||
|
+ new_rules, changed, invalid_syscalls = self.process_rules(rules_file) |
||||||
|
+ if changed: |
||||||
|
+ with open(rules_file, "w") as rules: |
||||||
|
+ for line in new_rules: |
||||||
|
+ rules.write("{0}\n".format(line)) |
||||||
|
+ |
||||||
|
+ return (new_rules, changed, invalid_syscalls) |
||||||
|
+ |
||||||
|
+ |
||||||
|
+if __name__ == "__main__": |
||||||
|
+ parser = argparse.ArgumentParser(description="ausysrulevalidate") |
||||||
|
+ parser.add_argument( |
||||||
|
+ "-u", "--update", help="Update rules file if required", action="store_true" |
||||||
|
+ ) |
||||||
|
+ parser.add_argument( |
||||||
|
+ "-v", "--verbose", help="Show the resulting rules file", action="store_true" |
||||||
|
+ ) |
||||||
|
+ required_named = parser.add_argument_group("required named arguments") |
||||||
|
+ required_named.add_argument( |
||||||
|
+ "-r", "--rules-file", help="Rules file name", required=True |
||||||
|
+ ) |
||||||
|
+ args = parser.parse_args() |
||||||
|
+ |
||||||
|
+ validator = AuSyscallRuleValidate() |
||||||
|
+ |
||||||
|
+ action = validator.process_rules |
||||||
|
+ if args.update: |
||||||
|
+ action = validator.update_rules |
||||||
|
+ |
||||||
|
+ data, changed, invalid = action(args.rules_file) |
||||||
|
+ if changed: |
||||||
|
+ verb = "require" |
||||||
|
+ if args.update: |
||||||
|
+ verb += "d" |
||||||
|
+ sys.stderr.write("Rules in '{0}' {1} changes\n".format(args.rules_file, verb)) |
||||||
|
+ if len(invalid) > 0: |
||||||
|
+ sys.stderr.write("Invalid syscalls: {0}\n".format(", ".join(invalid))) |
||||||
|
+ |
||||||
|
+ if args.verbose: |
||||||
|
+ print(*data, sep="\n") |
||||||
|
-- |
||||||
|
2.31.1 |
||||||
|
|
@ -0,0 +1,77 @@ |
|||||||
|
From 36beaefbb4ecb0a222ac68ec9f17f854a82f7235 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Steve Grubb <sgrubb@redhat.com> |
||||||
|
Date: Mon, 14 Feb 2022 15:30:09 -0500 |
||||||
|
Subject: [PATCH] Adjust compile flags |
||||||
|
|
||||||
|
--- |
||||||
|
audisp/plugins/remote/Makefile.am | 2 +- |
||||||
|
auparse/Makefile.am | 2 +- |
||||||
|
configure.ac | 15 +++++++++++++++ |
||||||
|
src/Makefile.am | 2 +- |
||||||
|
4 files changed, 18 insertions(+), 3 deletions(-) |
||||||
|
|
||||||
|
diff --git a/audisp/plugins/remote/Makefile.am b/audisp/plugins/remote/Makefile.am |
||||||
|
index 217d477c5..1ac77ee8d 100644 |
||||||
|
--- a/audisp/plugins/remote/Makefile.am |
||||||
|
+++ b/audisp/plugins/remote/Makefile.am |
||||||
|
@@ -36,7 +36,7 @@ TESTS = $(check_PROGRAMS) |
||||||
|
|
||||||
|
audisp_remote_DEPENDENCIES = ${top_builddir}/common/libaucommon.la |
||||||
|
audisp_remote_SOURCES = audisp-remote.c remote-config.c queue.c |
||||||
|
-audisp_remote_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -Wundef |
||||||
|
+audisp_remote_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -Wundef ${WFLAGS} |
||||||
|
audisp_remote_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now |
||||||
|
audisp_remote_LDADD = $(CAPNG_LDADD) $(gss_libs) ${top_builddir}/common/libaucommon.la |
||||||
|
|
||||||
|
diff --git a/auparse/Makefile.am b/auparse/Makefile.am |
||||||
|
index b34b6c042..1eb5352cf 100644 |
||||||
|
--- a/auparse/Makefile.am |
||||||
|
+++ b/auparse/Makefile.am |
||||||
|
@@ -26,7 +26,7 @@ SUBDIRS = test |
||||||
|
EXTRA_DIST = expression-design.txt |
||||||
|
CLEANFILES = $(BUILT_SOURCES) |
||||||
|
CONFIG_CLEAN_FILES = *.loT *.rej *.orig |
||||||
|
-AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG} -Wno-pointer-sign -Wno-enum-compare -Wno-switch |
||||||
|
+AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG} -Wno-pointer-sign -Wno-enum-compare -Wno-switch ${WFLAGS} |
||||||
|
AM_CPPFLAGS = -I. -I${top_srcdir} -I${top_srcdir}/src -I${top_srcdir}/lib -I${top_srcdir}/common |
||||||
|
LIBS = |
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac |
||||||
|
index e40d41e14..e74fd7036 100644 |
||||||
|
--- a/configure.ac |
||||||
|
+++ b/configure.ac |
||||||
|
@@ -341,6 +341,21 @@ else |
||||||
|
fi |
||||||
|
],WARNS="$ALLWARNS") |
||||||
|
|
||||||
|
+WFLAGS="" |
||||||
|
+AC_MSG_CHECKING(for -Wformat-truncation) |
||||||
|
+TMPCFLAGS="${CFLAGS}" |
||||||
|
+CFLAGS="${CFLAGS} -Wformat-truncation" |
||||||
|
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[WFLAGS="-Wno-format-truncation" |
||||||
|
+ AC_MSG_RESULT(yes)], |
||||||
|
+ [AC_MSG_RESULT(no)]) |
||||||
|
+CFLAGS="${TMPCFLAGS}" |
||||||
|
+CFLAGS="${CFLAGS} -Wunused-but-set-variable" |
||||||
|
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[WFLAGS="${WFLAGS} -Wno-unused-but-set-variable" |
||||||
|
+ AC_MSG_RESULT(yes)], |
||||||
|
+ [AC_MSG_RESULT(no)]) |
||||||
|
+CFLAGS="${TMPCFLAGS}" |
||||||
|
+AC_SUBST(WFLAGS) |
||||||
|
+ |
||||||
|
withval="" |
||||||
|
AC_MSG_CHECKING(whether to include arm eabi processor support) |
||||||
|
AC_ARG_WITH(arm, |
||||||
|
diff --git a/src/Makefile.am b/src/Makefile.am |
||||||
|
index 9c68b42db..2bebf8d50 100644 |
||||||
|
--- a/src/Makefile.am |
||||||
|
+++ b/src/Makefile.am |
||||||
|
@@ -25,7 +25,7 @@ CONFIG_CLEAN_FILES = *.rej *.orig |
||||||
|
SUBDIRS = test |
||||||
|
AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src/libev -I${top_srcdir}/auparse -I${top_srcdir}/audisp -I${top_srcdir}/common |
||||||
|
sbin_PROGRAMS = auditd auditctl aureport ausearch autrace |
||||||
|
-AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign |
||||||
|
+AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign ${WFLAGS} |
||||||
|
noinst_HEADERS = auditd-config.h auditd-event.h auditd-listen.h ausearch-llist.h ausearch-options.h auditctl-llist.h aureport-options.h ausearch-parse.h aureport-scan.h ausearch-lookup.h ausearch-int.h auditd-dispatch.h ausearch-string.h ausearch-nvpair.h ausearch-common.h ausearch-avc.h ausearch-time.h ausearch-lol.h auditctl-listing.h ausearch-checkpt.h |
||||||
|
|
||||||
|
auditd_SOURCES = auditd.c auditd-event.c auditd-config.c auditd-reconfig.c auditd-sendmail.c auditd-dispatch.c |
@ -0,0 +1,31 @@ |
|||||||
|
From becc1c297279f757835943e2cad63992134511f9 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Sergio Correia <scorreia@redhat.com> |
||||||
|
Date: Mon, 7 Mar 2022 13:11:09 -0300 |
||||||
|
Subject: [PATCH] auparse: fix off-by-one issue in path_norm() (#242) |
||||||
|
|
||||||
|
When defining dest = rpath + 1, we end up having the first char of |
||||||
|
`dest' as NULL -- since `rpath' points to `working', which is a static |
||||||
|
buffer. |
||||||
|
|
||||||
|
With the first char as NULL, path_norm() ends up producing an empty string. |
||||||
|
|
||||||
|
This commit fixes the issue reported in this [1] mailing list post. |
||||||
|
|
||||||
|
[1] https://listman.redhat.com/archives/linux-audit/2022-February/018844.html |
||||||
|
--- |
||||||
|
auparse/interpret.c | 2 +- |
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/auparse/interpret.c b/auparse/interpret.c |
||||||
|
index c8a0d96dd..df593c44c 100644 |
||||||
|
--- a/auparse/interpret.c |
||||||
|
+++ b/auparse/interpret.c |
||||||
|
@@ -895,7 +895,7 @@ static char *path_norm(const char *name) |
||||||
|
return strdup(name); |
||||||
|
|
||||||
|
rpath = working; |
||||||
|
- dest = rpath + 1; |
||||||
|
+ dest = rpath; |
||||||
|
rpath_limit = rpath + PATH_MAX; |
||||||
|
|
||||||
|
for (start = name; *start; start = end) { |
@ -0,0 +1,26 @@ |
|||||||
|
From c426507a501efde0367a09a81e917d1d10722b78 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Sergio Correia <scorreia@redhat.com> |
||||||
|
Date: Thu, 31 Mar 2022 15:00:57 -0300 |
||||||
|
Subject: [PATCH] Drop ProtectHome from auditd.service as it interferes with |
||||||
|
rules |
||||||
|
|
||||||
|
Upstream: https://github.com/linux-audit/audit-userspace/commit/12cf14ed |
||||||
|
--- |
||||||
|
init.d/auditd.service | 1 - |
||||||
|
1 file changed, 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/init.d/auditd.service b/init.d/auditd.service |
||||||
|
index e801281..0a4c498 100644 |
||||||
|
--- a/init.d/auditd.service |
||||||
|
+++ b/init.d/auditd.service |
||||||
|
@@ -36,7 +36,6 @@ MemoryDenyWriteExecute=true |
||||||
|
LockPersonality=true |
||||||
|
ProtectControlGroups=true |
||||||
|
ProtectKernelModules=true |
||||||
|
-ProtectHome=true |
||||||
|
RestrictRealtime=true |
||||||
|
|
||||||
|
[Install] |
||||||
|
-- |
||||||
|
2.35.1 |
||||||
|
|
@ -0,0 +1,631 @@ |
|||||||
|
|
||||||
|
Summary: User space tools for kernel auditing |
||||||
|
Name: audit |
||||||
|
Version: 3.0.7 |
||||||
|
Release: 101%{?dist}.2 |
||||||
|
License: GPLv2+ |
||||||
|
URL: http://people.redhat.com/sgrubb/audit/ |
||||||
|
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz |
||||||
|
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt |
||||||
|
|
||||||
|
Patch1: 0001-Add-ausysrulevalidate.patch |
||||||
|
Patch2: audit-3.0.7-gcc-flags.patch |
||||||
|
Patch3: audit-3.0.8-auparse-path-norm.patch |
||||||
|
Patch4: audit-3.0.8-drop-protecthome.patch |
||||||
|
|
||||||
|
BuildRequires: make gcc swig |
||||||
|
BuildRequires: openldap-devel |
||||||
|
BuildRequires: krb5-devel libcap-ng-devel |
||||||
|
BuildRequires: kernel-headers >= 2.6.29 |
||||||
|
BuildRequires: systemd |
||||||
|
BuildRequires: autoconf automake libtool |
||||||
|
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release} |
||||||
|
Requires(post): systemd coreutils |
||||||
|
Requires(preun): systemd initscripts-service |
||||||
|
Requires(postun): systemd coreutils initscripts-service |
||||||
|
|
||||||
|
# Placing this here under the assumption that anything using the |
||||||
|
# python libraries expects the system to have an audit daemon |
||||||
|
Obsoletes: python2-audit < %{version}-%{release} |
||||||
|
|
||||||
|
%description |
||||||
|
The audit package contains the user space utilities for |
||||||
|
storing and searching the audit records generated by |
||||||
|
the audit subsystem in the Linux 2.6 and later kernels. |
||||||
|
|
||||||
|
%package libs |
||||||
|
Summary: Dynamic library for libaudit |
||||||
|
License: LGPLv2+ |
||||||
|
|
||||||
|
%description libs |
||||||
|
The audit-libs package contains the dynamic libraries needed for |
||||||
|
applications to use the audit framework. |
||||||
|
|
||||||
|
%package libs-devel |
||||||
|
Summary: Header files for libaudit |
||||||
|
License: LGPLv2+ |
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release} |
||||||
|
Requires: kernel-headers >= 2.6.29 |
||||||
|
|
||||||
|
%description libs-devel |
||||||
|
The audit-libs-devel package contains the header files needed for |
||||||
|
developing applications that need to use the audit framework libraries. |
||||||
|
|
||||||
|
%package -n python3-audit |
||||||
|
Summary: Python3 bindings for libaudit |
||||||
|
License: LGPLv2+ |
||||||
|
BuildRequires: python3-devel |
||||||
|
BuildRequires: make |
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release} |
||||||
|
Provides: audit-libs-python3 = %{version}-%{release} |
||||||
|
Provides: audit-libs-python3%{?_isa} = %{version}-%{release} |
||||||
|
Obsoletes: audit-libs-python3 < %{version}-%{release} |
||||||
|
|
||||||
|
%description -n python3-audit |
||||||
|
The python3-audit package contains the bindings so that libaudit |
||||||
|
and libauparse can be used by python3. |
||||||
|
|
||||||
|
%package -n audispd-plugins |
||||||
|
Summary: Plugins for the audit event dispatcher |
||||||
|
License: GPLv2+ |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release} |
||||||
|
|
||||||
|
%description -n audispd-plugins |
||||||
|
The audispd-plugins package provides plugins for the real-time |
||||||
|
interface to the audit system, audispd. These plugins can do things |
||||||
|
like relay events to remote machines. |
||||||
|
|
||||||
|
%package -n audispd-plugins-zos |
||||||
|
Summary: z/OS plugin for the audit event dispatcher |
||||||
|
License: GPLv2+ |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release} |
||||||
|
Requires: openldap |
||||||
|
|
||||||
|
%description -n audispd-plugins-zos |
||||||
|
The audispd-plugins-zos package provides a plugin that will forward all |
||||||
|
incoming audit events, as they happen, to a configured z/OS SMF (Service |
||||||
|
Management Facility) database, through an IBM Tivoli Directory Server |
||||||
|
(ITDS) set for Remote Audit service. |
||||||
|
|
||||||
|
%prep |
||||||
|
%setup -q |
||||||
|
cp %{SOURCE1} . |
||||||
|
%patch1 -p1 |
||||||
|
%patch2 -p1 |
||||||
|
%patch3 -p1 |
||||||
|
%patch4 -p1 |
||||||
|
autoreconf -fv --install |
||||||
|
|
||||||
|
# Remove the ids code, its not ready |
||||||
|
sed -i 's/ ids / /' audisp/plugins/Makefile.in |
||||||
|
|
||||||
|
%build |
||||||
|
%configure --with-python=no \ |
||||||
|
--with-python3=yes \ |
||||||
|
--enable-gssapi-krb5=yes --with-arm --with-aarch64 \ |
||||||
|
--with-libcap-ng=yes --enable-zos-remote \ |
||||||
|
--enable-systemd --enable-experimental |
||||||
|
|
||||||
|
make CFLAGS="%{optflags}" %{?_smp_mflags} |
||||||
|
|
||||||
|
%install |
||||||
|
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audit/plugins.d,etc/audit/rules.d} |
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8} |
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_lib} |
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit |
||||||
|
mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit |
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit |
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_datadir} |
||||||
|
make DESTDIR=$RPM_BUILD_ROOT install |
||||||
|
|
||||||
|
# Validate sample rules shipped. |
||||||
|
for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do |
||||||
|
PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \ |
||||||
|
%{_builddir}/%{name}-%{version}/contrib/ausysrulevalidate \ |
||||||
|
--update --rules-file "${r}" |
||||||
|
done |
||||||
|
|
||||||
|
# Remove these items so they don't get picked up. |
||||||
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a |
||||||
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a |
||||||
|
|
||||||
|
find $RPM_BUILD_ROOT -name '*.la' -delete |
||||||
|
find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.a' -delete |
||||||
|
|
||||||
|
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp |
||||||
|
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf |
||||||
|
touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz |
||||||
|
|
||||||
|
%check |
||||||
|
make check |
||||||
|
# Get rid of make files so that they don't get packaged. |
||||||
|
rm -f rules/Makefile* |
||||||
|
|
||||||
|
%post |
||||||
|
# Copy default rules into place on new installation |
||||||
|
files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` |
||||||
|
if [ "$files" -eq 0 ] ; then |
||||||
|
if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then |
||||||
|
cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules |
||||||
|
else |
||||||
|
touch /etc/audit/rules.d/audit.rules |
||||||
|
fi |
||||||
|
chmod 0600 /etc/audit/rules.d/audit.rules |
||||||
|
fi |
||||||
|
%systemd_post auditd.service |
||||||
|
|
||||||
|
%preun |
||||||
|
%systemd_preun auditd.service |
||||||
|
if [ $1 -eq 0 ]; then |
||||||
|
/sbin/service auditd stop > /dev/null 2>&1 |
||||||
|
fi |
||||||
|
|
||||||
|
%postun |
||||||
|
if [ $1 -ge 1 ]; then |
||||||
|
/sbin/service auditd condrestart > /dev/null 2>&1 || : |
||||||
|
fi |
||||||
|
|
||||||
|
%files libs |
||||||
|
%{!?_licensedir:%global license %%doc} |
||||||
|
%license lgpl-2.1.txt |
||||||
|
%{_libdir}/libaudit.so.1* |
||||||
|
%{_libdir}/libauparse.* |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf |
||||||
|
%{_mandir}/man5/libaudit.conf.5.gz |
||||||
|
|
||||||
|
%files libs-devel |
||||||
|
%doc contrib/plugin |
||||||
|
%{_libdir}/libaudit.so |
||||||
|
%{_libdir}/libauparse.so |
||||||
|
%{_includedir}/libaudit.h |
||||||
|
%{_includedir}/auparse.h |
||||||
|
%{_includedir}/auparse-defs.h |
||||||
|
%{_datadir}/aclocal/audit.m4 |
||||||
|
%{_libdir}/pkgconfig/audit.pc |
||||||
|
%{_libdir}/pkgconfig/auparse.pc |
||||||
|
%{_mandir}/man3/* |
||||||
|
|
||||||
|
%files -n python3-audit |
||||||
|
%attr(755,root,root) %{python3_sitearch}/* |
||||||
|
|
||||||
|
%files |
||||||
|
%doc README ChangeLog init.d/auditd.cron |
||||||
|
%{!?_licensedir:%global license %%doc} |
||||||
|
%license COPYING |
||||||
|
%attr(755,root,root) %{_datadir}/%{name} |
||||||
|
%attr(644,root,root) %{_datadir}/%{name}/sample-rules/* |
||||||
|
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/aureport.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/autrace.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/aulast.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz |
||||||
|
%attr(755,root,root) %{_sbindir}/auditctl |
||||||
|
%attr(755,root,root) %{_sbindir}/auditd |
||||||
|
%attr(755,root,root) %{_sbindir}/ausearch |
||||||
|
%attr(755,root,root) %{_sbindir}/aureport |
||||||
|
%attr(750,root,root) %{_sbindir}/autrace |
||||||
|
%attr(755,root,root) %{_sbindir}/augenrules |
||||||
|
%attr(755,root,root) %{_bindir}/aulast |
||||||
|
%attr(755,root,root) %{_bindir}/aulastlog |
||||||
|
%attr(755,root,root) %{_bindir}/ausyscall |
||||||
|
%attr(755,root,root) %{_bindir}/auvirt |
||||||
|
%attr(644,root,root) %{_unitdir}/auditd.service |
||||||
|
%attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd |
||||||
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/condrestart |
||||||
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/reload |
||||||
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/restart |
||||||
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/resume |
||||||
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate |
||||||
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state |
||||||
|
%attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop |
||||||
|
%attr(750,root,root) %{_libexecdir}/audit-functions |
||||||
|
%ghost %{_localstatedir}/run/auditd.state |
||||||
|
%attr(-,root,-) %dir %{_var}/log/audit |
||||||
|
%attr(750,root,root) %dir /etc/audit |
||||||
|
%attr(750,root,root) %dir /etc/audit/rules.d |
||||||
|
%attr(750,root,root) %dir /etc/audit/plugins.d |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf |
||||||
|
%ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules |
||||||
|
%ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf |
||||||
|
|
||||||
|
%files -n audispd-plugins |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf |
||||||
|
%attr(750,root,root) %{_sbindir}/audisp-remote |
||||||
|
%attr(750,root,root) %{_sbindir}/audisp-syslog |
||||||
|
%attr(750,root,root) %{_sbindir}/audisp-statsd |
||||||
|
%attr(700,root,root) %dir %{_var}/spool/audit |
||||||
|
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz |
||||||
|
|
||||||
|
%files -n audispd-plugins-zos |
||||||
|
%attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz |
||||||
|
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf |
||||||
|
%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf |
||||||
|
%attr(750,root,root) %{_sbindir}/audispd-zos-remote |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Thu Mar 31 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101.2 |
||||||
|
- Drop ProtectHome from auditd.service as it interferes with rules |
||||||
|
Resolves: rhbz#2070706 - Default systemd service config blocks audit watch rules in some directories (rhel 9.0) |
||||||
|
|
||||||
|
* Tue Mar 08 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101.1 |
||||||
|
- Fix path normalization in auparse |
||||||
|
Resolves: rhbz#2061731 - auparse missing information when used with --format-text (rhel-9.0) |
||||||
|
|
||||||
|
* Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101 |
||||||
|
- Adjust sample-rules dir permissions |
||||||
|
Resolves: rhbz#2054432 - /usr/share/audit/sample-rules is no longer readable by non-root users |
||||||
|
|
||||||
|
* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-100 |
||||||
|
- New upstream release, 3.0.7 |
||||||
|
Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages |
||||||
|
|
||||||
|
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-5 |
||||||
|
- auparse: refact nvlist cleanup code |
||||||
|
Resolves: rhbz#2008965 |
||||||
|
|
||||||
|
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-4 |
||||||
|
- When interpreting, if val is NULL return an empty string |
||||||
|
Resolves: rhbz#2004420 |
||||||
|
|
||||||
|
* Wed Nov 03 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-3 |
||||||
|
- Update dependency to initscripts-service instead of initscripts |
||||||
|
Resolves: rhbz#2000933 |
||||||
|
|
||||||
|
* Tue Aug 17 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-2 |
||||||
|
- Fix timestamp parsing |
||||||
|
Related: rhbz#1938680 |
||||||
|
|
||||||
|
* Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.5-1 |
||||||
|
- New upstream release, 3.0.5 |
||||||
|
Related: rhbz#1938680 |
||||||
|
|
||||||
|
* Mon Aug 16 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-3 |
||||||
|
- Validates the sample rules we ship |
||||||
|
Resolves: rhbz#1985630 |
||||||
|
|
||||||
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-2 |
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags |
||||||
|
Related: rhbz#1991688 |
||||||
|
|
||||||
|
* Tue Jun 22 2021 Sergio Correia <scorreia@redhat.com> - 3.0.2-1 |
||||||
|
- New upstream release, 3.0.2. |
||||||
|
Fix issues detected by static analyzers |
||||||
|
Resolves: rhbz#1938680 |
||||||
|
|
||||||
|
* Mon Jun 21 2021 Sergio Correia <scorreia@redhat.com> - 3.0.1-4 |
||||||
|
- Enable default RHEL configuration |
||||||
|
This enables syscall auditing by default. |
||||||
|
Resolves: rhbz#1924561 |
||||||
|
|
||||||
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.1-3 |
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 |
||||||
|
|
||||||
|
* Thu Feb 18 2021 Steve Grubb <sgrubb@redhat.com> 3.0.1-2 |
||||||
|
- Add patch fixing segafult in the audisp-statsd plugin |
||||||
|
|
||||||
|
* Fri Feb 12 2021 Steve Grubb <sgrubb@redhat.com> 3.0.1-1 |
||||||
|
- New upstream feature and bugfix release |
||||||
|
- Enable building the audisp-statsd plugin |
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Dec 16 2020 Steve Grubb <sgrubb@redhat.com> 3.0-1 |
||||||
|
- New upstream feature and bugfix release |
||||||
|
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.21.20191104git1c2f876 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.20.20191104git1c2f876 |
||||||
|
- Rebuilt for Python 3.9 |
||||||
|
|
||||||
|
* Thu Mar 12 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.19.20191104git1c2f876 |
||||||
|
- Add Obsolete python2-audit (#1783061) |
||||||
|
|
||||||
|
* Wed Jan 29 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.18.20191104git1c2f876 |
||||||
|
- Fix multiple definition of `event_node_list' (#1794446) |
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.17.20191104git1c2f876 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Nov 22 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.16.20191104git1c2f876 |
||||||
|
- Drop python2 subpackage (#1775076) |
||||||
|
|
||||||
|
* Mon Nov 04 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.14.20191104git1c2f876 |
||||||
|
- New upstream git snapshot prerelease |
||||||
|
|
||||||
|
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.14.20190507gitf58ec40 |
||||||
|
- Rebuilt for Python 3.8.0rc1 (#1748018) |
||||||
|
|
||||||
|
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 3.0-0.13.20190507gitf58ec40 |
||||||
|
- Rebuilt for Python 3.8 |
||||||
|
|
||||||
|
* Wed Jul 31 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.12.20190507gitf58ec40 |
||||||
|
- Fix 1734953 - audit: FTBFS in Fedora rawhide/f31 |
||||||
|
|
||||||
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.11.20190507gitf58ec40 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jul 05 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.10.20190507gitf58ec40 |
||||||
|
- Add initscripts package to the requires (bz #1727058) |
||||||
|
|
||||||
|
* Mon Jun 10 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.9.20190507gitf58ec40 |
||||||
|
- New upstream git snapshot prerelease which fixes several problems |
||||||
|
- Fixed 1698130 - removing audit.rpm doesn't stop auditd |
||||||
|
|
||||||
|
* Tue Mar 26 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.7.20190326git03e7489 |
||||||
|
- New upstream git snapshot prerelease which fixes a memory leak |
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-0.6.20181218gitbdb72c0 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Dec 18 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.5.20181218gitbdb72c0 |
||||||
|
- New upstream git snapshot prerelease |
||||||
|
- Remove historical ldconfig scriptlet (#1644056) |
||||||
|
|
||||||
|
* Fri Aug 31 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.4.20180831git0047a6c |
||||||
|
- New upstream feature prerelease |
||||||
|
|
||||||
|
* Wed Aug 08 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.2.20180808git77fbcf3 |
||||||
|
- New upstream feature prerelease |
||||||
|
|
||||||
|
* Tue Jul 17 2018 Steve Grubb <sgrubb@redhat.com> 3.0-0.1.20180717gitacd53d1 |
||||||
|
- New upstream feature prerelease |
||||||
|
|
||||||
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Jul 4 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.8.4-3 |
||||||
|
- Remove unused sys V initscripts legacy bits |
||||||
|
|
||||||
|
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8.4-2 |
||||||
|
- Rebuilt for Python 3.7 |
||||||
|
|
||||||
|
* Tue Jun 19 2018 Steve Grubb <sgrubb@redhat.com> 2.8.4-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8.3-4 |
||||||
|
- Rebuilt for Python 3.7 |
||||||
|
|
||||||
|
* Tue Apr 10 2018 Pete Walter <pwalter@fedoraproject.org> - 2.8.3-3 |
||||||
|
- Rename Python 2 and 3 subpackages to python2-audit and python3-audit as per guidelines |
||||||
|
|
||||||
|
* Mon Mar 26 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-2 |
||||||
|
- Fix Obsoletion of audit-libs-python not handled properly (#1559674) |
||||||
|
|
||||||
|
* Sat Mar 10 2018 Steve Grubb <sgrubb@redhat.com> 2.8.3-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.2-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Feb 05 2018 Steve Grubb <sgrubb@redhat.com> 2.8.2-3 |
||||||
|
- Add a Provides audit-libs-python (#1537864) |
||||||
|
- Remove tcp_wrappers support? |
||||||
|
|
||||||
|
* Thu Dec 14 2017 Steve Grubb <sgrubb@redhat.com> 2.8.2-2 |
||||||
|
- Rename things from python to python2 |
||||||
|
|
||||||
|
* Thu Dec 14 2017 Steve Grubb <sgrubb@redhat.com> 2.8.2-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Thu Oct 12 2017 Steve Grubb <sgrubb@redhat.com> 2.8.1-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Tue Oct 10 2017 Steve Grubb <sgrubb@redhat.com> 2.8-1 |
||||||
|
- New upstream feature release |
||||||
|
|
||||||
|
* Mon Sep 18 2017 Steve Grubb <sgrubb@redhat.com> 2.7.8-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.7-5 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.7-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jul 14 2017 Steve Grubb <sgrubb@redhat.com> 2.7.7-3 |
||||||
|
- undo scratch build |
||||||
|
|
||||||
|
* Fri Jun 16 2017 Steve Grubb <sgrubb@redhat.com> 2.7.7-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Wed Apr 19 2017 Steve Grubb <sgrubb@redhat.com> 2.7.6-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Mon Apr 10 2017 Steve Grubb <sgrubb@redhat.com> 2.7.5-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Tue Mar 28 2017 Steve Grubb <sgrubb@redhat.com> 2.7.4-1 |
||||||
|
- New upstream feature and bugfix release |
||||||
|
|
||||||
|
* Fri Feb 24 2017 Steve Grubb <sgrubb@redhat.com> 2.7.3-1 |
||||||
|
- New upstream feature and bugfix release |
||||||
|
|
||||||
|
* Mon Feb 13 2017 Steve Grubb <sgrubb@redhat.com> 2.7.2-2 |
||||||
|
- Fix ausearch csv output |
||||||
|
|
||||||
|
* Mon Feb 13 2017 Steve Grubb <sgrubb@redhat.com> 2.7.2-1 |
||||||
|
- New upstream feature and bugfix release |
||||||
|
|
||||||
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jan 13 2017 Steve Grubb <sgrubb@redhat.com> 2.7.1-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 2.7-2 |
||||||
|
- Rebuild for Python 3.6 |
||||||
|
|
||||||
|
* Thu Dec 15 2016 Steve Grubb <sgrubb@redhat.com> 2.7-1 |
||||||
|
- New upstream feature release |
||||||
|
|
||||||
|
* Sun Sep 11 2016 Steve Grubb <sgrubb@redhat.com> 2.6.7-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Mon Aug 01 2016 Steve Grubb <sgrubb@redhat.com> 2.6.6-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.5-3 |
||||||
|
- https://fedoraproject.org/wiki/Changes/golang1.7 |
||||||
|
|
||||||
|
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.5-2 |
||||||
|
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages |
||||||
|
|
||||||
|
* Thu Jul 14 2016 Steve Grubb <sgrubb@redhat.com> 2.6.5-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Fri Jul 08 2016 Steve Grubb <sgrubb@redhat.com> 2.6.4-2 |
||||||
|
- Correct size information of dispatched event |
||||||
|
|
||||||
|
* Fri Jul 08 2016 Steve Grubb <sgrubb@redhat.com> 2.6.4-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Tue Jul 05 2016 Steve Grubb <sgrubb@redhat.com> 2.6.3-2 |
||||||
|
- Fix sockaddr event interpretation |
||||||
|
|
||||||
|
* Tue Jul 05 2016 Steve Grubb <sgrubb@redhat.com> 2.6.3-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Fri Jul 01 2016 Steve Grubb <sgrubb@redhat.com> 2.6.2-1 |
||||||
|
- New upstream bugfix release |
||||||
|
- Fixes 1351954 - prevents virtual machine from starting up in GNOME Boxes |
||||||
|
|
||||||
|
* Tue Jun 28 2016 Steve Grubb <sgrubb@redhat.com> 2.6.1-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Wed Jun 22 2016 Steve Grubb <sgrubb@redhat.com> 2.6-3 |
||||||
|
- New upstream release |
||||||
|
|
||||||
|
* Fri Apr 29 2016 Steve Grubb <sgrubb@redhat.com> 2.5.2-1 |
||||||
|
- New upstream release |
||||||
|
|
||||||
|
* Thu Apr 28 2016 Steve Grubb <sgrubb@redhat.com> 2.5.1-2 |
||||||
|
- Refactor plugins to split out zos-remote to lower dependencies |
||||||
|
|
||||||
|
* Wed Apr 13 2016 Steve Grubb <sgrubb@redhat.com> 2.5.1-1 |
||||||
|
- New upstream release |
||||||
|
|
||||||
|
* Fri Mar 18 2016 Steve Grubb <sgrubb@redhat.com> 2.5-4 |
||||||
|
- Fixes #1313152 - post script fails on dnf --setopt=tsflags=nodocs install |
||||||
|
|
||||||
|
* Mon Feb 22 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5-3 |
||||||
|
- https://fedoraproject.org/wiki/Changes/golang1.6 |
||||||
|
|
||||||
|
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Jan 11 2016 Steve Grubb <sgrubb@redhat.com> 2.5-1 |
||||||
|
- New upstream release |
||||||
|
- Fixes #1241565 - still logs way too much |
||||||
|
- Fixes #1238051 - audit.rules should be generated from by augenrules |
||||||
|
|
||||||
|
* Fri Dec 18 2015 Steve Grubb <sgrubb@redhat.com> 2.4.4-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 2.4.4-3 |
||||||
|
- Rebuilt for Python3.5 rebuild |
||||||
|
|
||||||
|
* Wed Sep 16 2015 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.4-2 |
||||||
|
- Fix FTBFS with hardened flags by using the distro CFLAGS |
||||||
|
- Tighten deps with the _isa macro |
||||||
|
- Use goarches macro to define supported GO architectures |
||||||
|
- Minor cleanups |
||||||
|
|
||||||
|
* Thu Aug 13 2015 Steve Grubb <sgrubb@redhat.com> 2.4.4-1 |
||||||
|
- New upstream bugfix release |
||||||
|
- Fixes CVE-2015-5186 Audit: log terminal emulator escape sequences handling |
||||||
|
|
||||||
|
* Thu Jul 16 2015 Steve Grubb <sgrubb@redhat.com> 2.4.3-1 |
||||||
|
- New upstream bugfix release |
||||||
|
- Adds python3 support |
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Apr 28 2015 Steve Grubb <sgrubb@redhat.com> 2.4.2-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.4.1-2 |
||||||
|
- Rebuilt for Fedora 23 Change |
||||||
|
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code |
||||||
|
|
||||||
|
* Tue Oct 28 2014 Steve Grubb <sgrubb@redhat.com> 2.4.1-1 |
||||||
|
- New upstream feature and bugfix release |
||||||
|
|
||||||
|
* Mon Oct 06 2014 Karsten Hopp <karsten@redhat.com> 2.4-2 |
||||||
|
- bump release and rebuild for upgradepath |
||||||
|
|
||||||
|
* Sun Aug 24 2014 Steve Grubb <sgrubb@redhat.com> 2.4-1 |
||||||
|
- New upstream feature and bugfix release |
||||||
|
|
||||||
|
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.8-0.3.svn20140803 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Aug 4 2014 Peter Robinson <pbrobinson@fedoraproject.org> 2.3.8-0.2.svn20140803 |
||||||
|
- aarch64/PPC/s390 don't have golang |
||||||
|
|
||||||
|
* Sat Aug 02 2014 Steve Grubb <sgrubb@redhat.com> 2.3.8-0.1.svn20140803 |
||||||
|
- New upstream svn snapshot |
||||||
|
|
||||||
|
* Tue Jul 22 2014 Steve Grubb <sgrubb@redhat.com> 2.3.7-4 |
||||||
|
- Bug 1117953 - Per fesco#1311, please disable syscall auditing by default |
||||||
|
|
||||||
|
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> - 2.3.7-3 |
||||||
|
- mark license files properly |
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.7-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Jun 03 2014 Steve Grubb <sgrubb@redhat.com> 2.3.7-1 |
||||||
|
- New upstream bugfix release |
||||||
|
|
||||||
|
* Fri Apr 11 2014 Steve Grubb <sgrubb@redhat.com> 2.3.6-1 |
||||||
|
- New upstream bugfix/enhancement release |
||||||
|
|
||||||
|
* Mon Mar 17 2014 Steve Grubb <sgrubb@redhat.com> 2.3.5-1 |
||||||
|
- New upstream bugfix/enhancement release |
||||||
|
|
||||||
|
* Thu Feb 27 2014 Steve Grubb <sgrubb@redhat.com> 2.3.4-1 |
||||||
|
- New upstream bugfix/enhancement release |
||||||
|
|
||||||
|
* Thu Jan 16 2014 Steve Grubb <sgrubb@redhat.com> 2.3.3-1 |
||||||
|
- New upstream bugfix/enhancement release |
||||||
|
|
||||||
|
* Mon Jul 29 2013 Steve Grubb <sgrubb@redhat.com> 2.3.2-1 |
||||||
|
- New upstream bugfix/enhancement release |
||||||
|
|
||||||
|
* Fri Jun 21 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-3 |
||||||
|
- Drop prelude support |
||||||
|
|
||||||
|
* Fri May 31 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-2 |
||||||
|
- Fix unknown lvalue in auditd.service (#969345) |
||||||
|
|
||||||
|
* Thu May 30 2013 Steve Grubb <sgrubb@redhat.com> 2.3.1-1 |
||||||
|
- New upstream bugfix/enhancement release |
||||||
|
|
||||||
|
* Fri May 03 2013 Steve Grubb <sgrubb@redhat.com> 2.3-2 |
||||||
|
- If no rules exist, copy shipped rules into place |
||||||
|
|
Loading…
Reference in new issue