Hi, audit package may benefit from a version bump, ChangeLog and statistics below: 1.6.6 - Add prelude IDS plugin for IDMEF alerts - Add --user option to aulastlog command - Spec file cleanups 1.6.5 - Add more errno strings - Fix config parser to allow either 0640 or 0600 for audit logs (#427062) - Check for audit log being writable by owner in auditd - If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639) - Updated CAPP, LSPP, and NISPOM rules for new capabilities - Added aulastlog utility 1.6.4 - fchmod of log file was on wrong variable (#426934) - Allow use of errno strings for exit codes in audit rules 1.6.3 - Add kernel release string to DEAMON_START events - Log warning if audit event from kernel is too big - Fix keep_logs when num_logs option disabled (#325561) - Auditd commandline option to decide whether to enable kernel auditing on startup (Tony Jones) - Fix auparse to handle node fields for syscall records - Updates for auparse to uninterpret text search values (Miloslav Trmac) - Update system-config-audit to version 0.4.5 (Miloslav Trmac) - Add keyword week-ago to aureport & ausearch start/end times - Fix audit log permissions on rotate. If group is root 0400, otherwise 0440 - Get "make check" working for auparse - Add RACF zos remote audispd plugin (Klaus Kiwi) - Add event queue overflow action to audispd - Make sure we are reading right amount of pipe in audispd $ diffstat audit-1.6.2--audit-1.6.6.patch ChangeLog | 33 Makefile.am | 8 TODO | 33 audisp/Makefile.am | 3 audisp/audispd-config.c | 29 audisp/audispd-config.h | 3 audisp/audispd.c | 25 audisp/plugins/Makefile.am | 9 audisp/plugins/ids/Makefile | 523 +++++++ audisp/plugins/ids/Makefile.am | 12 audisp/plugins/ids/Makefile.in | 523 +++++++ audisp/plugins/ids/audisp-ids.c | 4 audisp/plugins/ids/ids-config.c | 383 +++++ audisp/plugins/ids/ids-config.h | 42 audisp/plugins/ids/ids.conf | 7 audisp/plugins/prelude/Makefile.am | 45 audisp/plugins/prelude/au-prelude.conf | 12 audisp/plugins/prelude/audisp-prelude.c | 918 +++++++++++++ audisp/plugins/remote/Makefile | 374 +++++ audisp/plugins/remote/Makefile.in | 374 +++++ audisp/plugins/zos-remote/Makefile.am | 52 audisp/plugins/zos-remote/audispd-zos-remote.conf | 14 audisp/plugins/zos-remote/policy/audispd-zos-remote.fc | 2 audisp/plugins/zos-remote/policy/audispd-zos-remote.if | 58 audisp/plugins/zos-remote/policy/audispd-zos-remote.te | 54 audisp/plugins/zos-remote/policy/build.sh | 3 audisp/plugins/zos-remote/policy/install.sh | 4 audisp/plugins/zos-remote/zos-remote-config.c | 442 ++++++ audisp/plugins/zos-remote/zos-remote-config.h | 48 audisp/plugins/zos-remote/zos-remote-ldap.c | 608 ++++++++ audisp/plugins/zos-remote/zos-remote-ldap.h | 312 ++++ audisp/plugins/zos-remote/zos-remote-log.c | 109 + audisp/plugins/zos-remote/zos-remote-log.h | 58 audisp/plugins/zos-remote/zos-remote-plugin.c | 558 ++++++++ audisp/plugins/zos-remote/zos-remote-queue.c | 144 ++ audisp/plugins/zos-remote/zos-remote-queue.h | 38 audisp/plugins/zos-remote/zos-remote.conf | 10 audisp/queue.c | 71 - audisp/queue.h | 4 audit-1.6.6.tar | 1 audit.spec | 179 ++ auparse/Makefile.am | 2 auparse/auditd-config.c | 23 auparse/auparse-defs.h | 15 auparse/auparse.c | 170 ++ auparse/auparse.h | 4 auparse/ellist.c | 28 auparse/rlist.c | 10 auparse/rlist.h | 14 auparse/test/Makefile.am | 11 auparse/test/Makefile.in | 14 auparse/test/README | 2 auparse/test/tmp | 788 ----------- auparse/test/tmp1 | 775 ----------- auparse/test/tmp2 | 788 ----------- auparse/typetab.h | 1 bindings/python/auparse_python.c | 134 + configure.ac | 24 contrib/capp.rules | 104 - contrib/lspp.rules | 131 - contrib/nispom.rules | 76 - contrib/skeleton.c | 24 docs/Makefile.am | 10 docs/audisp-prelude.8 | 30 docs/audispd-zos-remote.8 | 239 +++ docs/audispd.conf.5 | 15 docs/auditctl.8 | 13 docs/auditd.8 | 9 docs/auparse_find_field.3 | 1 docs/auparse_next_record.3 | 4 docs/aureport.8 | 2 docs/ausearch.8 | 2 docs/ausearch_add_interpreted_item.3 | 56 docs/ausearch_add_item.3 | 6 docs/ausearch_add_timestamp_item.3 | 50 docs/autrace.8 | 3 docs/zos-remote.conf.5 | 69 + init.d/audispd.conf | 1 init.d/auditd.init | 30 lib/Makefile.am | 2 lib/deprecated.c | 20 lib/errtab.h | 154 ++ lib/libaudit.c | 19 lib/libaudit.h | 3 lib/lookup_table.c | 50 lib/msg_typetab.h | 3 lib/netlink.c | 10 src/auditctl.c | 5 src/auditd-config.c | 21 src/auditd-event.c | 20 src/auditd-event.h | 3 src/auditd.c | 147 +- src/aureport-options.c | 60 src/aureport.c | 2 src/ausearch-match.c | 5 src/ausearch-options.c | 60 src/ausearch-parse.c | 19 src/ausearch-report.c | 1 src/ausearch-time.c | 67 src/ausearch-time.h | 18 src/ausearch.c | 4 src/mt/Makefile.am | 4 system-config-audit/ChangeLog | 27 system-config-audit/NEWS | 7 system-config-audit/aclocal.m4 | 14 system-config-audit/configure | 213 ++- system-config-audit/configure.ac | 2 system-config-audit/po/POTFILES.in | 1 system-config-audit/po/cs.po | 1034 +++++++-------- system-config-audit/src/.libs/system-config-audit-server | 79 - system-config-audit/src/rule_dialog.py | 2 system-config-audit/src/server.c | 4 system-config-audit/src/settings.py | 2 system-config-audit/system-config-audit.desktop | 10 tools/Makefile.am | 24 tools/Makefile.in | 518 +++++++ tools/aulastlog/Makefile.am | 32 tools/aulastlog/aulastlog-llist.c | 148 ++ tools/aulastlog/aulastlog-llist.h | 65 tools/aulastlog/aulastlog.8 | 22 tools/aulastlog/aulastlog.c | 163 ++ 121 files changed, 9388 insertions(+), 3483 deletions(-)
1.6.8 in the tree
