diff options
Diffstat (limited to 'framework/src/audit/ChangeLog')
-rw-r--r-- | framework/src/audit/ChangeLog | 396 |
1 files changed, 0 insertions, 396 deletions
diff --git a/framework/src/audit/ChangeLog b/framework/src/audit/ChangeLog deleted file mode 100644 index f6f05b48..00000000 --- a/framework/src/audit/ChangeLog +++ /dev/null @@ -1,396 +0,0 @@ -2.4.4 -- Fix linked list correctness in ausearch/report -- Add more cross compile fixups (Clayton Shotwell) -- Update auparse python bindings -- Update libev to 4.20 -- Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling - -2.4.3 -- Add python3 support for libaudit -- Cleanup automake warnings -- Add AuParser_search_add_timestamp_item_ex to python bindings -- Add AuParser_get_type_name to python bindings -- Correct processing of obj_gid in auditctl (Aleksander Zdyb) -- Make plugin config file parsing more robust for long lines (#1235457) -- Make auditctl status print lost field as unsigned number -- Add interpretation mode for auditctl -s -- Add python3 support to auparse library -- Make --enable-zos-remote a build time configuration option (Clayton Shotwell) -- Updates for cross compiling (Clayton Shotwell) -- Add MAC_CHECK audit event type -- Add libauparse pkgconfig file (Aleksander Zdyb) - -2.4.2 -- Ausearch should parse exe field in SECCOMP events -- Improve output for short mode interpretations in auparse -- Add CRYPTO_IKE_SA and CRYPTO_IPSEC_SA events -- If auditctl is reading rules from a file, send messages to syslog (#1144252) -- Correct lookup of ppc64le when determining machine type -- Increase time buffer for wide character numbers in ausearch/report (#1200314) -- In aureport, add USER_TTY events to tty report -- In audispd, limit reporting of queue full messages (#1203810) -- In auditctl, don't segfault when invalid options passed (#1206516) -- In autrace, remove some older unimplemented syscalls for aarch64 (#1185892) -- In auditctl, correct lookup of aarch64 in arch field (#1186313) -- Update lookup tables for 4.1 kernel - -2.4.1 -- Make python3 support easier -- Add support for ppc64le (Tony Jones) -- Add some translations for a1 of ioctl system calls -- Add command & virtualization reports to aureport -- Update aureport config report for new events -- Add account modification summary report to aureport -- Add GRP_MGMT and GRP_CHAUTHTOK event types -- Correct aureport account change reports -- Add integrity event report to aureport -- Add config change summary report to aureport -- Adjust some syslogging level settings in audispd -- Improve parsing performance in everything -- When ausearch outputs a line, use the previously parsed values (Burn Alting) -- Improve searching and interpreting groups in events -- Fully interpret the proctitle field in auparse -- Correct libaudit and auditctl support for kernel features -- Add support for backlog_time_wait setting via auditctl -- Update syscall tables for the 3.18 kernel -- Ignore DNS failure for email validation in auditd (#1138674) -- Allow rotate as action for space_left and disk_full in auditd.conf -- Correct login summary report of aureport -- Auditctl syscalls can be comma separated list now -- Update rules for new subsystems and capabilities - -2.4 -- Optionally parse loginuids, (e)uids, & (e)gids in ausearch/report -- In auvirt, anomaly events don't have uuid (#1111448) -- Fix category handling in various records (#1120286) -- Fix ausearch handling of session id on 32 bit systems -- Set systemd startup to wait until systemd-tmpfiles-setup.service (#1097314) -- Interpret a0 of socketcall and ipccall syscalls -- Add pkgconfig file for libaudit -- Add go language bindings for limited use of libaudit -- Fix ausearch handling of exit code on 32 bit systems -- Fix bug in aureport string linked list handling -- Document week-ago time setting in ausearch/report man page -- Update tables for 3.16 kernel -- In aulast, on bad logins only record user_login proof and use it -- Add libaudit API for kernel features -- If audit=0 on kernel cmnd line, skip systemd activation (Cristian Rodríguez) -- Add checkpoint --start option to ausearch (Burn Alting) -- Fix arch matching in ausearch -- Add --loginuid-immutable option to auditctl -- Fix memory leak in auditd when log_format is set to NOLOG -- Update auditctl to display features in the status command -- Add ausearch_add_timestamp_item_ex() to auparse - -2.3.7 -- Limit number of options in a rule in libaudit -- Auditctl cannot load rule with lots of syscalls (#1089713) -- In ausearch, fix checkpointing when inode is reused by new log (Burn Alting) -- Add PROCTITLE and FEATURE_CHANGE event types - -2.3.6 -- Add an option to auditctl to interpret a0 - a3 of syscall rules when listing -- Improve ARM and AARCH64 support (AKASHI Takahiro) -- Add ausearch --checkpoint feature (Burn Alting) -- Add --arch option to ausearch -- Improve too long config line in audispd, auditd, and auparse (#1071580) -- Fix aulast to accept the new AUDIT_LOGIN record format -- Remove clear_config symbol in auparse - -2.3.5 -- In CRYPTO_KEY_USER events, do not interpret the 'fp' field -- Change formatting of rules listing in auditctl to look like audit.rules -- Change auditctl to do all netlink comm and then print rules -- Add a debug option to ausearch to find skipped events -- Parse subject, auid, and ses in LOGIN events (3.14 kernel changed format) -- In auditd, when shifting logs, ignore the num_logs setting (#950158) -- Allow passing a directory as the input file for ausearch/report (LC Bruzenak) -- Interpret syscall fields in SECCOMP events -- Increase a couple buffers to handle longer input - -2.3.4 -- Parse path in CONFIG_CHANGE events -- In audisp-remote, fix retry logic for temporary network failures -- In auparse, add get_type_name function -- Add --no-config command option to aureport -- Fix interpretting MCS seliunx contexts in ausearch (#970675) -- In auparse, classify selinux contexts as MAC_LABEL field type -- In ausearch/report parse vm-ctx and img-ctx as selinux labels -- Update translation tables for the 3.14 kernel - -2.3.3 -- Documentation updates -- Add AUDIT_USER_MAC_CONFIG_CHANGE event for MAC policy changes -- Update interpreting scheduler policy names -- Update automake files to automake-1.13.4 -- Remove CAP_COMPROMISE_KERNEL interpretation -- Parse name field in AVC's (#1049916) -- Add missing typedef for auparse_type_t enumeration (#1053424) -- Fix parsing encoded filenames in records -- Parse SECCOMP events - -2.3.2 -- Put RefuseManualStop in the right systemd section (#969345) -- Add legacy restart scripts for systemd support -- Add more syscall argument interpretations -- Add 'unset' keyword for uid & gid values in auditctl -- In ausearch, parse obj in IPC records -- In ausearch, parse subj in DAEMON_ROTATE records -- Fix interpretation of MQ_OPEN and MQ_NOTIFY events -- In auditd, restart dispatcher on SIGHUP if it had previously exited -- In audispd, exit when no active plugins are detected on reconfigure -- In audispd, clear signal mask set by libev so that SIGHUP works again -- In audispd, track binary plugins and restart if binary was updated -- In audispd, make sure we send signals to the correct process -- In auditd, clear signal mask when spawning any child process -- In audispd, make builtin plugins respond to SIGHUP -- In auparse, interpret mode flags of open syscall if O_CREAT is passed -- In audisp-remote, don't make address lookup always a permanent failure -- In audisp-remote, remove EOE events more efficiently -- In auditd, log the reason when email account is not valid -- In audisp-remote, change default remote_ending action to reconnect -- Add support for Aarch64 processors - -2.3.1 -- Rearrange auditd setting enabled and pid to avoid a race (#910568) -- Interpret the ocomm field from OBJ_PID records -- Fix missing 'then' statement in sysvinit script -- Switch ausearch to use libauparse for interpretting fields -- In libauparse, interpret prctl arg0, sched_setscheduler arg1 -- In auparse, check source_list isn't NULL when opening next file (Liequan Che) -- In libauparse, interpret send* flags argument -- In libauparse, interpret level and name options for set/getsockopt -- In ausearch/report, don't flush events until last file (Burn Alting) -- Don't use systemctl to stop the audit daemon - -2.3 -- The clone(2) man page is really clone(3), fix interpretation of clone syscall -- Add systemd support for reload (#901533) -- Allow -F msgtype on the user filter -- Add legacy support for resuming logging under systemd (#830780) -- Add legacy support for rotating logs under systemd (#916611) -- In auditd, collect SIGUSR2 info for DAEMON_RESUME events -- Updated man pages -- Update libev to 4.15 -- Update syscall tables for 3.9 kernel -- Interpret MQ_OPEN events -- Add augenrules support (Burn Alting) -- Consume less stack sending audit events - -2.2.3 -- Code cleanups -- In spec file, don't own lib64/audit -- Update man pages -- Aureport no longer reads auditd.conf when stdin is used -- Don't let systemd kill auditd if auditctl errors out -- Update syscall table for 3.7 and 3.8 kernels -- Add interpretation for setns and unshare syscalls -- Code cleanup (Tyler Hicks) -- Documentation cleanups (Laurent Bigonville) -- Add dirfd interpretation to the *at functions -- Add termination signal to clone flags interpretation -- Update stig.rules -- In auditctl, when listing rules don't print numeric value of dir fields -- Add support for rng resource type in auvirt -- Fix aulast bad login output (#922508) -- In ausearch, allow negative numbers for session and auid searches -- In audisp-remote, if disk_full_action is stop then stop sending (#908977) - -2.2.2 -- In auditd, tcp_max_per_addr was allowing 1 more connection than specified -- In ausearch, fix matching of object records -- Auditctl was returning -1 when listing rules filtered on a key field -- Add interpretations for CAP_BLOCK_SUSPEND and CAP_COMPROMISE_KERNEL -- Add armv5tejl, armv5tel, armv6l and armv7l machine types (Nathaniel Husted) -- Updates for the 3.6 kernel -- Add auparse_feed_has_data function to libauparse -- Update audisp-prelude to use auparse_feed_has_data -- Add support to conditionally build auditd network listener (Tyler Hicks) -- In auditd, reset a flag after receiving USR1 signal info when rotating logs -- Add optional systemd init script support -- Add support for SECCOMP event type -- Don't interpret aN_len field in EXECVE records (#869555) -- In audisp-remote, do better job of draining queue -- Fix capability parsing in ausearch/auparse -- Interpret BPRM_FCAPS capability fields -- Add ANOM_LINK event type - -2.2.1 -- Add more interpretations in auparse for syscall parameters -- Add some interpretations to ausearch for syscall parameters -- In ausearch/report and auparse, allocate extra space for node names -- Update syscall tables for the 3.3.0 kernel -- Update libev to 4.0.4 -- Reduce the size of some applications -- In auditctl, check usage against euid rather than uid - -2.2 -- Correct all rules for clock_settime -- Fix possible segfault in auparse library -- Handle malformed socket addresses better -- Improve performance in audit_log_user_message() -- Improve performance in writing to the log file in auditd -- Syscall update for accept4 and recvmmsg -- Update autrace resource usage mode syscall list -- Improved sample rules for recent syscalls -- Add some debug info to audisp-remote startup and shutdown -- Make compiling with Python optional -- In auditd, if disk_error_action is ignore, don't syslog anything -- Fix some memory leaks -- If audispd is stopping, don't restart children -- Add support in auditctl for shell escaped filenames (Alexander) -- Add search support for virt events (Marcelo Cerri) -- Update interpretation tables -- Sync auparse's auditd config parser with auditd's parser -- In ausearch, also use cwd fields in file name searchs -- In ausearch, parse cwd in USER_CMD events -- In ausearch, correct parsing of uid in user space events -- In ausearch, update parsing of integrity events -- Apply some text cleanups from Debian (Russell Coker) -- In auditd, relax some permission checks for external apps -- Add ROLE_MODIFY event type -- In auditctl, new -c option to continue through bad rules but with failed exit -- Add auvirt program to do special reporting on virt events (Marcelo Cerri) -- Add interfield comparison support to auditctl (Peter Moody) -- Update auparse type intepretation for apparmor (Marcelo Cerri) -- Increase tcp_max_per_addr maximum to 1024. - -2.1.3 -- Fix parsing of EXECVE records to not escape argc field -- If auditd's disk is full, send the right reason to client (#715315) -- Add CAP_WAKE_ALARM to interpretations -- Some updates to audisp-remote's remote-fgets function (Mirek Trmac) -- Add detection of TTY events to audisp-prelude (Matteo Sessa) -- Updated syscall tables for the 3.0 kernel -- Update linker flags for better relro support -- Make default size of logs bigger (#727310) -- Extract obj from NETFILTER_PKT events -- Disable 2 kerberos config options in audisp-remote.conf - -2.1.2 -- In ausearch/report, fix a segfault caused by MAC_POLICY_LOAD records -- In ausearch/report, add and update parsers -- In auditd, cleanup DAEMON_ACCEPT and DAEMON_CLOSE addr fields -- In ausearch/report, parse addr field of DAEMON_ACCEPT & DAEMON_CLOSE records -- In auditd, move startup success to after events are registered -- If auditd shutsdown due to failed tcp init, write a DAEMON_ABORT event -- Update auditd to avoid the oom killer in new kernels (Andreas Jaeger) -- Parse and interpret NETFILTER_PKT events correctly -- Return error if auditctl -l fails (#709345) -- In audisp-remote, replace glibc's fgets with custom implementation - -2.1.1 -- When ausearch is interpretting, output "as is" if no = is found -- Correct socket setup in remote logging -- Adjusted a couple default settings for remote logging and init script -- Audispd was not marking restarted plugins as active -- Audisp-remote should keep a capability if local_port < 1024 -- When audispd restarts plugin, send event in its preferred format -- In audisp-remote, make all I/O asynchronous -- In audisp-remote, add sigusr1 handler to dump internal state -- Fix autrace to use correct syscalls on s390 and s390x systems -- Add shutdown syscall to remote logging teardowns -- Correct autrace rule for 32 bits systems - -2.1 -- Update auditctl man page for new field on user filter -- Fix crash in aulast when auid is foreign to the system -- Code cleanups -- Add store and forward model to audispd-remote (Mirek Trmac) -- Free memory on failed startups in audisp-prelude -- Fix memory leak in aureport -- Fix parsing state problem in libauparse -- Improve the robustness of libaudit field encoding functions -- Update capability tables -- In auditd, make failure action config checking consistent -- In auditd, check that NULL is not being passed to safe_exec -- In audisp-remote, overflow_action wasn't suspending if that action was chosen -- Update interpretations for virt events -- Improve remote logging warning and error messages -- Add interpretations for netfilter events - -2.0.6 -- ausearch/report performance improvements -- Synchronize all sample syscall rules to use action,list -- If program name provided to audit_log_acct_message, escape it -- Fix man page for the audit_encode_nv_string function (#647131) -- If value is NULL, don't segfault (#647128) -- Fix simple event parsing to not assume session id can't be last (Peng Haitao) -- Add support for new mmap audit event type -- Add ability for audispd syslog plugin to choose facility local0-7 (#593340) -- Fix autrace to use correct syscalls on i386 systems (Peng Haitao) -- On startup and reconfig, check for excess logs and unlink them -- Add a couple missing parser debug messages -- Fix error output resolving numeric address and update man page -- Add netfilter event types -- Fix spelling error in audit.rules man page (#667845) -- Improve warning in auditctl regarding immutable mode (#654883) -- Update syscall tables for the 2.6.37 kernel -- In ausearch, allow searching for auid -1 -- Add queue overflow_action to audisp-remote to control queue overflows -- Update sample rules for new syscalls and packages - -2.0.5 -- Make auparse handle empty AUSOURCE_FILE_ARRAY correctly (Miloslav Trmač) -- On i386, audit rules do not work on inode's with a large number (#554553) -- Fix displaying of inode values to be unsigned integers when listing rules -- Correct Makefile install of audispd (Jason Tang) -- Syscall table updates for 2.6.34 kernel -- Add definitions for service start and stop -- Fix handling of ignore errors in auditctl -- Fix gssapi support to build with new linker options -- Add virtualization event types -- Update aureport program help and man pages to show all options - -2.0.4 -- Make alpha processor support optional -- Add support for the arm eabi processor -- add a compatible regexp processing capability to auparse (Miloslav Trmač) -- Fix regression in parsing user space originating records in aureport -- Add tcp_max_per_addr option in auditd.conf to limit concurrent connections -- Rearrange shutdown of auditd to allow DAEMON_END event more time - -2.0.3 -- In auditd, tell libev to stop processing a connection when idle timeout -- In auditd, tell libev to stop processing a connection when shutting down -- Interpret CAPSET records in ausearch/auparse - -2.0.2 -- If audisp-remote plugin has a queue at exit, use non-zero exit code -- Fix autrace to use the exit filter -- In audisp-remote, add a sigchld handler -- In auditd, check for duplicate remote connections before accepting -- Remove trailing ':' if any are at the end of acct fields in ausearch -- Update remote logging code to do better sanity check of data -- Fix audisp-prelude to prefer files if multiple path records are encountered -- Add libaudit.conf man page -- In auditd, disconnect idle clients - -2.0.1 -- Aulast now reads daemon_start events for the kernel version of reboot -- Clarify the man pages for ausearch/report regarding locale and date formats -- Fix getloginuid for python bindings -- Disable the audispd af_unix plugin by default -- Add a couple new init script actions for LSB 3.2 -- In audisp-remote plugin, timeout network reads (#514090) -- Make some error logging in audisp-remote plugin more prominent -- Add audit.rules man page -- Interpret the session field in audit events - -2.0 -- Remove system-config-audit -- Get rid of () from userspace originating events -- Removed old syscall rules API - not needed since 2.6.16 -- Remove all use of the old rule structs from API -- Fix uninitialized variable in auditd log rotation -- Add libcap-ng support for audispd plugins -- Removed ancient defines that are part of kernel 2.6.29 headers -- Bump soname number for libaudit -- In auditctl, deprecate the entry filter and move rules to exit filter -- Parse integrity audit records in ausearch/report (Mimi Zohar) -- Updated syscall table for 2.6.31 kernel -- Remove support for the legacy negate syscall rule operator -- In auditd reset syslog warnings if disk space becomes available - -<see audit-1.8 for 1.X change history> -<see audit-1.0.12 for 1.0 change history> |