Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls.

Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>

1 files changed, 0 insertions, 61 deletions

diff --git a/framework/src/audit/TODO b/framework/src/audit/TODO
deleted file mode 100644
index e568929a..00000000
--- a/framework/src/audit/TODO
+++ /dev/null
@@ -1,61 +0,0 @@
-Things that need to be done:
-===========================
-2.5
-* Add audit by process name support
-* Add support for enriched data
-
-2.5.1
-* Fix auparse to handle out of order messages
-* Add metadata in auparse for subj,obj,action,results
-* Performance improvements for auparse
-* auditctl should ignore invalid arches for rules
-* If auparse input is a pipe timeout events by wall clock
-
-2.6
-* Add cross-compile support
-* Add gzip format for logs
-* Add keywords for time: month-ago
-* Add rule verify to detect mismatch between in-kernel and on-disk rules
-* Fix SIGHUP for auditd network settings
-* Fix auvirt to report AVC's and --proof for --all-events
-
-2.6.1
-* Fix ausearch/report to handle aggregated events
-* When searching, build log time list & only read the ones that are in range
-* Change ausearch-string to be AVL based
-* Add libaudit.m4 to make audit easier to include
-* Look at adding the direction read/write to file report (threat modelling)
-* Changes in uid/gid, failed changes in credentials in aureport
-* aureport get specific reports working
-* Remove evil getopt cruft in auditctl
-* Group message types in ausearch help.
-
-2.7
-* Look at pulling audispd into auditd
-* Consider adding node/machine name to records going to rt interface in daemon    as protocol version 2.
-* Fix retry logic in distribute event, buffer is freed by the logger thread
-* interpret contexts
-* Allow -F path!=/var/my/app
-* Add ignore action for rules
-* Look at openat and why passed dir is not given
-* Add SYSLOG data source for auparse. This allows leading text before audit       messages, missing type, any line with no = gets thrown away. iow, must have     time and 1 field to be valid.
-* Update auditctl so that if syscall is not found, it checks for socket call      and suggests using it instead. Same for IPCcall.
-* Fix aureport accounting for avc in permissive mode
-* rework ausearch to use auparse
-* rework aureport to use auparse
-
-2.8
-* Consolidate parsing code between libaudit and auditd-conf.c
-* Look at variadic avc logging patch 
-* If relative file in cwd, need to build also (realpath). watch out for (null) and socket
-* Change ausearch to output name="" unless its a real null. (mount) ausearch-report.c, 523. FIXME
-* add more libaudit man pages
-* ausearch --op search
-* Fix aureport-scan to properly decide if CONFIG_CHANGE is add or del, need to optionally look for op and use remove/add to decide
-
-2.9
-Add scheduling options: strict, relaxed, loose (determines user space queueing)
-Allow users to specify message types to be kept for logging
-Allow users to specify fields to be kept for logging
-Pretty Print ausearch messages (strace style?)
-Look at modifying kernel rule matcher to do: first match & match all