Fedora Linux 8783 Published by

An audit update has been released for Fedora Core 4

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-544
2005-07-12
---------------------------------------------------------------------

Product : Fedora Core 4
Name : audit
Version : 0.9.15
Release : 1.FC4
Summary : User space tools for 2.6 kernel auditing.
Description :
The audit package contains the user space utilities for storing and processing the audit records generate by the audit subsystem in the Linux 2.6 kernel.



---------------------------------------------------------------------
Update Information:

This update adds interpretive mode for ausearch utility to make results easier
to read, sighup support, big performance improvements, lots of bug fixes,
more documentation in man pages, and more syslog information for failure
conditions.
---------------------------------------------------------------------
* Mon Jun 27 2005 Steve Grubb <sgrubb@redhat.com> 0.9.15-1

- Update log rotation handling to be more robust

* Fri Jun 24 2005 Steve Grubb <sgrubb@redhat.com> 0.9.14-1

- make auditctl -s work again
- make AUDITD_CLEAN_STOP test in init scripts case insensitive

* Thu Jun 23 2005 Steve Grubb <sgrubb@redhat.com> 0.9.13-1

- Remove /lib/libaudit.so & .la from audit-libs package
- In auditctl, if syscall not given, default to all

* Wed Jun 22 2005 Steve Grubb <sgrubb@redhat.com> 0.9.12-1

- Add some syslog messages for a couple exits
- Add some unlinks of the pid file in a couple error exits
- Make some options of auditctl not expect a reply
- Update support for user and watch filter lists

* Tue Jun 21 2005 Steve Grubb <sgrubb@redhat.com> 0.9.11-1

- Change packet draining to nonblocking
- Interpret id field in ausearch
- Add error message if not able to create log
- Ignore netlink acks when asking for rule & watch list

* Mon Jun 20 2005 Steve Grubb <sgrubb@redhat.com> 0.9.10-1

- Make sure the bad packet is drained when retrying user messages
- Add support for new user and watch filter lists
- Interpret flags field in ausearch

* Sun Jun 19 2005 Steve Grubb <sgrubb@redhat.com> 0.9.9-1

- Fix user messages for people with older kernels

* Fri Jun 17 2005 Steve Grubb <sgrubb@redhat.com> 0.9.8-1

- Added support for FS_INODE and USYS_CONFIG records
- More cleanup of user space message functions

* Thu Jun 16 2005 Steve Grubb <sgrubb@redhat.com> 0.9.7-1

- fixed bug in send_user_message which errored on pam logins
- Change nanosleeps over to select loops
- Change the 'e' option to auditctl -p to 'x'

* Thu Jun 16 2005 Steve Grubb <sgrubb@redhat.com> 0.9.6-1

- fix bug in incremental flush where is wrongly reported an error
- ausearch should not do uid check for -if option
- adjust ipc interpretation to not use ipc.h

* Tue Jun 14 2005 Steve Grubb <sgrubb@redhat.com> 0.9.5-1

- interpret socketcall & ipc based on a0 in ausearch
- change call sequence to make user space messages faster
- update return val for auditctl

* Sat Jun 11 2005 Steve Grubb <sgrubb@redhat.com> 0.9.4-1

- Rule and watch insert no longer automatically dumps list
- auditctl rules can now use auid instead of loginuid
- Add sighup support for daemon reconfiguration
- Move some functions into private.h

* Thu Jun 9 2005 Steve Grubb <sgrubb@redhat.com> 0.9.3-1

- Change filename handling to use linked list in ausearch
- Add man pages for audit_setloginuid & audit_getloginuid
- Fix problem where you couldn't set rule on unset loginuid's
- Adjust memory management for sighup needs
- Fix problem where netlink timeout counter wasn't being reset

* Thu Jun 2 2005 Steve Grubb <sgrubb@redhat.com> 0.9.2-1

- Step up to new glibc-kernheaders

* Thu Jun 2 2005 Steve Grubb <sgrubb@redhat.com> 0.9.1-1

- AUDITD_CLEAN_STOP config option in /etc/sysconfig/auditd
- When unknown, show raw record in ausearch.
- Add CWD message type support

* Wed May 25 2005 Steve Grubb <sgrubb@redhat.com> 0.9-1

- Translate numeric info to human readable for ausearch output
- add '-if' option to ausearch to select input file
- add '-c' option to ausearch to allow searching by comm field
- init script now deletes all rules when daemon stops
- Make auditctl display perms correctly in watch listings
- Make auditctl -D remove all watches


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

cc6d42038dc21dcb55300daecb211ec1 SRPMS/audit-0.9.15-1.FC4.src.rpm
cc5091520a266f563ac9f1193a5d20b5 ppc/audit-0.9.15-1.FC4.ppc.rpm
b5e87d550d81a6fb18c1d253b1aee61b ppc/audit-libs-0.9.15-1.FC4.ppc.rpm
a75885c58be00f0411227d358ce0ec75 ppc/audit-libs-devel-0.9.15-1.FC4.ppc.rpm
b64be373745b1e6ac3197af522fa6c43 ppc/debug/audit-debuginfo-0.9.15-1.FC4.ppc.rpm
a6f2ae2cba55da947b5c56b82b33ba58 ppc/audit-libs-0.9.15-1.FC4.ppc64.rpm
3079f8020033debecac683da604a2ef2 x86_64/audit-0.9.15-1.FC4.x86_64.rpm
46c7d148012b440d0410e4ab76f013bb x86_64/audit-libs-0.9.15-1.FC4.x86_64.rpm
f42d6e3c0d374be0c275bcdb6e982fb4 x86_64/audit-libs-devel-0.9.15-1.FC4.x86_64.rpm
044036e67bb417e38557aaec4073fe74 x86_64/debug/audit-debuginfo-0.9.15-1.FC4.x86_64.rpm
42634fd78a682010406f549eedea8cdd x86_64/audit-libs-0.9.15-1.FC4.i386.rpm
3c7c2dc1bcf56a287eb7ccb0d43633d3 i386/audit-0.9.15-1.FC4.i386.rpm
42634fd78a682010406f549eedea8cdd i386/audit-libs-0.9.15-1.FC4.i386.rpm
d7f0f1c3fc5482acc47e71e0e5faa359 i386/audit-libs-devel-0.9.15-1.FC4.i386.rpm
2e708d4a978de1513dd05f13b4cb9176 i386/debug/audit-debuginfo-0.9.15-1.FC4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.