aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/audit/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/ChangeLog')
-rw-r--r--framework/src/audit/ChangeLog396
1 files changed, 0 insertions, 396 deletions
diff --git a/framework/src/audit/ChangeLog b/framework/src/audit/ChangeLog
deleted file mode 100644
index f6f05b48..00000000
--- a/framework/src/audit/ChangeLog
+++ /dev/null
@@ -1,396 +0,0 @@
-2.4.4
-- Fix linked list correctness in ausearch/report
-- Add more cross compile fixups (Clayton Shotwell)
-- Update auparse python bindings
-- Update libev to 4.20
-- Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling
-
-2.4.3
-- Add python3 support for libaudit
-- Cleanup automake warnings
-- Add AuParser_search_add_timestamp_item_ex to python bindings
-- Add AuParser_get_type_name to python bindings
-- Correct processing of obj_gid in auditctl (Aleksander Zdyb)
-- Make plugin config file parsing more robust for long lines (#1235457)
-- Make auditctl status print lost field as unsigned number
-- Add interpretation mode for auditctl -s
-- Add python3 support to auparse library
-- Make --enable-zos-remote a build time configuration option (Clayton Shotwell)
-- Updates for cross compiling (Clayton Shotwell)
-- Add MAC_CHECK audit event type
-- Add libauparse pkgconfig file (Aleksander Zdyb)
-
-2.4.2
-- Ausearch should parse exe field in SECCOMP events
-- Improve output for short mode interpretations in auparse
-- Add CRYPTO_IKE_SA and CRYPTO_IPSEC_SA events
-- If auditctl is reading rules from a file, send messages to syslog (#1144252)
-- Correct lookup of ppc64le when determining machine type
-- Increase time buffer for wide character numbers in ausearch/report (#1200314)
-- In aureport, add USER_TTY events to tty report
-- In audispd, limit reporting of queue full messages (#1203810)
-- In auditctl, don't segfault when invalid options passed (#1206516)
-- In autrace, remove some older unimplemented syscalls for aarch64 (#1185892)
-- In auditctl, correct lookup of aarch64 in arch field (#1186313)
-- Update lookup tables for 4.1 kernel
-
-2.4.1
-- Make python3 support easier
-- Add support for ppc64le (Tony Jones)
-- Add some translations for a1 of ioctl system calls
-- Add command & virtualization reports to aureport
-- Update aureport config report for new events
-- Add account modification summary report to aureport
-- Add GRP_MGMT and GRP_CHAUTHTOK event types
-- Correct aureport account change reports
-- Add integrity event report to aureport
-- Add config change summary report to aureport
-- Adjust some syslogging level settings in audispd
-- Improve parsing performance in everything
-- When ausearch outputs a line, use the previously parsed values (Burn Alting)
-- Improve searching and interpreting groups in events
-- Fully interpret the proctitle field in auparse
-- Correct libaudit and auditctl support for kernel features
-- Add support for backlog_time_wait setting via auditctl
-- Update syscall tables for the 3.18 kernel
-- Ignore DNS failure for email validation in auditd (#1138674)
-- Allow rotate as action for space_left and disk_full in auditd.conf
-- Correct login summary report of aureport
-- Auditctl syscalls can be comma separated list now
-- Update rules for new subsystems and capabilities
-
-2.4
-- Optionally parse loginuids, (e)uids, & (e)gids in ausearch/report
-- In auvirt, anomaly events don't have uuid (#1111448)
-- Fix category handling in various records (#1120286)
-- Fix ausearch handling of session id on 32 bit systems
-- Set systemd startup to wait until systemd-tmpfiles-setup.service (#1097314)
-- Interpret a0 of socketcall and ipccall syscalls
-- Add pkgconfig file for libaudit
-- Add go language bindings for limited use of libaudit
-- Fix ausearch handling of exit code on 32 bit systems
-- Fix bug in aureport string linked list handling
-- Document week-ago time setting in ausearch/report man page
-- Update tables for 3.16 kernel
-- In aulast, on bad logins only record user_login proof and use it
-- Add libaudit API for kernel features
-- If audit=0 on kernel cmnd line, skip systemd activation (Cristian Rodríguez)
-- Add checkpoint --start option to ausearch (Burn Alting)
-- Fix arch matching in ausearch
-- Add --loginuid-immutable option to auditctl
-- Fix memory leak in auditd when log_format is set to NOLOG
-- Update auditctl to display features in the status command
-- Add ausearch_add_timestamp_item_ex() to auparse
-
-2.3.7
-- Limit number of options in a rule in libaudit
-- Auditctl cannot load rule with lots of syscalls (#1089713)
-- In ausearch, fix checkpointing when inode is reused by new log (Burn Alting)
-- Add PROCTITLE and FEATURE_CHANGE event types
-
-2.3.6
-- Add an option to auditctl to interpret a0 - a3 of syscall rules when listing
-- Improve ARM and AARCH64 support (AKASHI Takahiro)
-- Add ausearch --checkpoint feature (Burn Alting)
-- Add --arch option to ausearch
-- Improve too long config line in audispd, auditd, and auparse (#1071580)
-- Fix aulast to accept the new AUDIT_LOGIN record format
-- Remove clear_config symbol in auparse
-
-2.3.5
-- In CRYPTO_KEY_USER events, do not interpret the 'fp' field
-- Change formatting of rules listing in auditctl to look like audit.rules
-- Change auditctl to do all netlink comm and then print rules
-- Add a debug option to ausearch to find skipped events
-- Parse subject, auid, and ses in LOGIN events (3.14 kernel changed format)
-- In auditd, when shifting logs, ignore the num_logs setting (#950158)
-- Allow passing a directory as the input file for ausearch/report (LC Bruzenak)
-- Interpret syscall fields in SECCOMP events
-- Increase a couple buffers to handle longer input
-
-2.3.4
-- Parse path in CONFIG_CHANGE events
-- In audisp-remote, fix retry logic for temporary network failures
-- In auparse, add get_type_name function
-- Add --no-config command option to aureport
-- Fix interpretting MCS seliunx contexts in ausearch (#970675)
-- In auparse, classify selinux contexts as MAC_LABEL field type
-- In ausearch/report parse vm-ctx and img-ctx as selinux labels
-- Update translation tables for the 3.14 kernel
-
-2.3.3
-- Documentation updates
-- Add AUDIT_USER_MAC_CONFIG_CHANGE event for MAC policy changes
-- Update interpreting scheduler policy names
-- Update automake files to automake-1.13.4
-- Remove CAP_COMPROMISE_KERNEL interpretation
-- Parse name field in AVC's (#1049916)
-- Add missing typedef for auparse_type_t enumeration (#1053424)
-- Fix parsing encoded filenames in records
-- Parse SECCOMP events
-
-2.3.2
-- Put RefuseManualStop in the right systemd section (#969345)
-- Add legacy restart scripts for systemd support
-- Add more syscall argument interpretations
-- Add 'unset' keyword for uid & gid values in auditctl
-- In ausearch, parse obj in IPC records
-- In ausearch, parse subj in DAEMON_ROTATE records
-- Fix interpretation of MQ_OPEN and MQ_NOTIFY events
-- In auditd, restart dispatcher on SIGHUP if it had previously exited
-- In audispd, exit when no active plugins are detected on reconfigure
-- In audispd, clear signal mask set by libev so that SIGHUP works again
-- In audispd, track binary plugins and restart if binary was updated
-- In audispd, make sure we send signals to the correct process
-- In auditd, clear signal mask when spawning any child process
-- In audispd, make builtin plugins respond to SIGHUP
-- In auparse, interpret mode flags of open syscall if O_CREAT is passed
-- In audisp-remote, don't make address lookup always a permanent failure
-- In audisp-remote, remove EOE events more efficiently
-- In auditd, log the reason when email account is not valid
-- In audisp-remote, change default remote_ending action to reconnect
-- Add support for Aarch64 processors
-
-2.3.1
-- Rearrange auditd setting enabled and pid to avoid a race (#910568)
-- Interpret the ocomm field from OBJ_PID records
-- Fix missing 'then' statement in sysvinit script
-- Switch ausearch to use libauparse for interpretting fields
-- In libauparse, interpret prctl arg0, sched_setscheduler arg1
-- In auparse, check source_list isn't NULL when opening next file (Liequan Che)
-- In libauparse, interpret send* flags argument
-- In libauparse, interpret level and name options for set/getsockopt
-- In ausearch/report, don't flush events until last file (Burn Alting)
-- Don't use systemctl to stop the audit daemon
-
-2.3
-- The clone(2) man page is really clone(3), fix interpretation of clone syscall
-- Add systemd support for reload (#901533)
-- Allow -F msgtype on the user filter
-- Add legacy support for resuming logging under systemd (#830780)
-- Add legacy support for rotating logs under systemd (#916611)
-- In auditd, collect SIGUSR2 info for DAEMON_RESUME events
-- Updated man pages
-- Update libev to 4.15
-- Update syscall tables for 3.9 kernel
-- Interpret MQ_OPEN events
-- Add augenrules support (Burn Alting)
-- Consume less stack sending audit events
-
-2.2.3
-- Code cleanups
-- In spec file, don't own lib64/audit
-- Update man pages
-- Aureport no longer reads auditd.conf when stdin is used
-- Don't let systemd kill auditd if auditctl errors out
-- Update syscall table for 3.7 and 3.8 kernels
-- Add interpretation for setns and unshare syscalls
-- Code cleanup (Tyler Hicks)
-- Documentation cleanups (Laurent Bigonville)
-- Add dirfd interpretation to the *at functions
-- Add termination signal to clone flags interpretation
-- Update stig.rules
-- In auditctl, when listing rules don't print numeric value of dir fields
-- Add support for rng resource type in auvirt
-- Fix aulast bad login output (#922508)
-- In ausearch, allow negative numbers for session and auid searches
-- In audisp-remote, if disk_full_action is stop then stop sending (#908977)
-
-2.2.2
-- In auditd, tcp_max_per_addr was allowing 1 more connection than specified
-- In ausearch, fix matching of object records
-- Auditctl was returning -1 when listing rules filtered on a key field
-- Add interpretations for CAP_BLOCK_SUSPEND and CAP_COMPROMISE_KERNEL
-- Add armv5tejl, armv5tel, armv6l and armv7l machine types (Nathaniel Husted)
-- Updates for the 3.6 kernel
-- Add auparse_feed_has_data function to libauparse
-- Update audisp-prelude to use auparse_feed_has_data
-- Add support to conditionally build auditd network listener (Tyler Hicks)
-- In auditd, reset a flag after receiving USR1 signal info when rotating logs
-- Add optional systemd init script support
-- Add support for SECCOMP event type
-- Don't interpret aN_len field in EXECVE records (#869555)
-- In audisp-remote, do better job of draining queue
-- Fix capability parsing in ausearch/auparse
-- Interpret BPRM_FCAPS capability fields
-- Add ANOM_LINK event type
-
-2.2.1
-- Add more interpretations in auparse for syscall parameters
-- Add some interpretations to ausearch for syscall parameters
-- In ausearch/report and auparse, allocate extra space for node names
-- Update syscall tables for the 3.3.0 kernel
-- Update libev to 4.0.4
-- Reduce the size of some applications
-- In auditctl, check usage against euid rather than uid
-
-2.2
-- Correct all rules for clock_settime
-- Fix possible segfault in auparse library
-- Handle malformed socket addresses better
-- Improve performance in audit_log_user_message()
-- Improve performance in writing to the log file in auditd
-- Syscall update for accept4 and recvmmsg
-- Update autrace resource usage mode syscall list
-- Improved sample rules for recent syscalls
-- Add some debug info to audisp-remote startup and shutdown
-- Make compiling with Python optional
-- In auditd, if disk_error_action is ignore, don't syslog anything
-- Fix some memory leaks
-- If audispd is stopping, don't restart children
-- Add support in auditctl for shell escaped filenames (Alexander)
-- Add search support for virt events (Marcelo Cerri)
-- Update interpretation tables
-- Sync auparse's auditd config parser with auditd's parser
-- In ausearch, also use cwd fields in file name searchs
-- In ausearch, parse cwd in USER_CMD events
-- In ausearch, correct parsing of uid in user space events
-- In ausearch, update parsing of integrity events
-- Apply some text cleanups from Debian (Russell Coker)
-- In auditd, relax some permission checks for external apps
-- Add ROLE_MODIFY event type
-- In auditctl, new -c option to continue through bad rules but with failed exit
-- Add auvirt program to do special reporting on virt events (Marcelo Cerri)
-- Add interfield comparison support to auditctl (Peter Moody)
-- Update auparse type intepretation for apparmor (Marcelo Cerri)
-- Increase tcp_max_per_addr maximum to 1024.
-
-2.1.3
-- Fix parsing of EXECVE records to not escape argc field
-- If auditd's disk is full, send the right reason to client (#715315)
-- Add CAP_WAKE_ALARM to interpretations
-- Some updates to audisp-remote's remote-fgets function (Mirek Trmac)
-- Add detection of TTY events to audisp-prelude (Matteo Sessa)
-- Updated syscall tables for the 3.0 kernel
-- Update linker flags for better relro support
-- Make default size of logs bigger (#727310)
-- Extract obj from NETFILTER_PKT events
-- Disable 2 kerberos config options in audisp-remote.conf
-
-2.1.2
-- In ausearch/report, fix a segfault caused by MAC_POLICY_LOAD records
-- In ausearch/report, add and update parsers
-- In auditd, cleanup DAEMON_ACCEPT and DAEMON_CLOSE addr fields
-- In ausearch/report, parse addr field of DAEMON_ACCEPT & DAEMON_CLOSE records
-- In auditd, move startup success to after events are registered
-- If auditd shutsdown due to failed tcp init, write a DAEMON_ABORT event
-- Update auditd to avoid the oom killer in new kernels (Andreas Jaeger)
-- Parse and interpret NETFILTER_PKT events correctly
-- Return error if auditctl -l fails (#709345)
-- In audisp-remote, replace glibc's fgets with custom implementation
-
-2.1.1
-- When ausearch is interpretting, output "as is" if no = is found
-- Correct socket setup in remote logging
-- Adjusted a couple default settings for remote logging and init script
-- Audispd was not marking restarted plugins as active
-- Audisp-remote should keep a capability if local_port < 1024
-- When audispd restarts plugin, send event in its preferred format
-- In audisp-remote, make all I/O asynchronous
-- In audisp-remote, add sigusr1 handler to dump internal state
-- Fix autrace to use correct syscalls on s390 and s390x systems
-- Add shutdown syscall to remote logging teardowns
-- Correct autrace rule for 32 bits systems
-
-2.1
-- Update auditctl man page for new field on user filter
-- Fix crash in aulast when auid is foreign to the system
-- Code cleanups
-- Add store and forward model to audispd-remote (Mirek Trmac)
-- Free memory on failed startups in audisp-prelude
-- Fix memory leak in aureport
-- Fix parsing state problem in libauparse
-- Improve the robustness of libaudit field encoding functions
-- Update capability tables
-- In auditd, make failure action config checking consistent
-- In auditd, check that NULL is not being passed to safe_exec
-- In audisp-remote, overflow_action wasn't suspending if that action was chosen
-- Update interpretations for virt events
-- Improve remote logging warning and error messages
-- Add interpretations for netfilter events
-
-2.0.6
-- ausearch/report performance improvements
-- Synchronize all sample syscall rules to use action,list
-- If program name provided to audit_log_acct_message, escape it
-- Fix man page for the audit_encode_nv_string function (#647131)
-- If value is NULL, don't segfault (#647128)
-- Fix simple event parsing to not assume session id can't be last (Peng Haitao)
-- Add support for new mmap audit event type
-- Add ability for audispd syslog plugin to choose facility local0-7 (#593340)
-- Fix autrace to use correct syscalls on i386 systems (Peng Haitao)
-- On startup and reconfig, check for excess logs and unlink them
-- Add a couple missing parser debug messages
-- Fix error output resolving numeric address and update man page
-- Add netfilter event types
-- Fix spelling error in audit.rules man page (#667845)
-- Improve warning in auditctl regarding immutable mode (#654883)
-- Update syscall tables for the 2.6.37 kernel
-- In ausearch, allow searching for auid -1
-- Add queue overflow_action to audisp-remote to control queue overflows
-- Update sample rules for new syscalls and packages
-
-2.0.5
-- Make auparse handle empty AUSOURCE_FILE_ARRAY correctly (Miloslav Trmač)
-- On i386, audit rules do not work on inode's with a large number (#554553)
-- Fix displaying of inode values to be unsigned integers when listing rules
-- Correct Makefile install of audispd (Jason Tang)
-- Syscall table updates for 2.6.34 kernel
-- Add definitions for service start and stop
-- Fix handling of ignore errors in auditctl
-- Fix gssapi support to build with new linker options
-- Add virtualization event types
-- Update aureport program help and man pages to show all options
-
-2.0.4
-- Make alpha processor support optional
-- Add support for the arm eabi processor
-- add a compatible regexp processing capability to auparse (Miloslav Trmač)
-- Fix regression in parsing user space originating records in aureport
-- Add tcp_max_per_addr option in auditd.conf to limit concurrent connections
-- Rearrange shutdown of auditd to allow DAEMON_END event more time
-
-2.0.3
-- In auditd, tell libev to stop processing a connection when idle timeout
-- In auditd, tell libev to stop processing a connection when shutting down
-- Interpret CAPSET records in ausearch/auparse
-
-2.0.2
-- If audisp-remote plugin has a queue at exit, use non-zero exit code
-- Fix autrace to use the exit filter
-- In audisp-remote, add a sigchld handler
-- In auditd, check for duplicate remote connections before accepting
-- Remove trailing ':' if any are at the end of acct fields in ausearch
-- Update remote logging code to do better sanity check of data
-- Fix audisp-prelude to prefer files if multiple path records are encountered
-- Add libaudit.conf man page
-- In auditd, disconnect idle clients
-
-2.0.1
-- Aulast now reads daemon_start events for the kernel version of reboot
-- Clarify the man pages for ausearch/report regarding locale and date formats
-- Fix getloginuid for python bindings
-- Disable the audispd af_unix plugin by default
-- Add a couple new init script actions for LSB 3.2
-- In audisp-remote plugin, timeout network reads (#514090)
-- Make some error logging in audisp-remote plugin more prominent
-- Add audit.rules man page
-- Interpret the session field in audit events
-
-2.0
-- Remove system-config-audit
-- Get rid of () from userspace originating events
-- Removed old syscall rules API - not needed since 2.6.16
-- Remove all use of the old rule structs from API
-- Fix uninitialized variable in auditd log rotation
-- Add libcap-ng support for audispd plugins
-- Removed ancient defines that are part of kernel 2.6.29 headers
-- Bump soname number for libaudit
-- In auditctl, deprecate the entry filter and move rules to exit filter
-- Parse integrity audit records in ausearch/report (Mimi Zohar)
-- Updated syscall table for 2.6.31 kernel
-- Remove support for the legacy negate syscall rule operator
-- In auditd reset syslog warnings if disk space becomes available
-
-<see audit-1.8 for 1.X change history>
-<see audit-1.0.12 for 1.0 change history>