Releases: linux-audit/audit-userspace
audit-2.8.4
This is a bugfix maintenance release. Please see ChangeLog for details.
audit-2.8.3
Fix a segfault in auditd when dns resolution isn't available, make a reload legacy service for auditd, add interpretations and new event types, Fix logging of IPv6 addresses in DAEMON_ACCEPT events, and Do not rotate auditd logs when num_logs < 2.
audit-2.8.2
This is a bugfix release which updates tables to match the 4.14 kernel, fixes ipv6 socket binding, fixes auditctl --reset-lost command, corrects the expr_create_timestamp_comparison_ex function in libauparse, and fixes building on old systems without linux/fanotify.h.
audit-2.8.1
Fix a NULL pointer dereference in audispd related to the plugin_dir setting.
audit-2.8
Lots of updates for the auparse_normalizer to improve support on many events. Added new object2 api to access a second object when available. Remote logging now supports IPv6 and other remote logging improvements. Fix bugs in auvirt that prevented locating AVC's for the VM. Add support for filesystem filter type. Add command line option to auditd & audispd for config dir path. In auparse, allow non-equality comparisons for uid & gid fields.
audit-2.7.8
This update fixes auditd for use in mixed protocol environment to calculate the right one per event. This fixes a remote logging bug. Audispd now strips out EOE events for syslog plugin. Fix a python crash when passing a FILE * to auparse_init. In auparse-normalizer, correct attr's collected for mount object.
audit 2.7.7
The major item in this release is a reworking of the auparse python bindings. The return codes are now consistent across the whole API. Aureport now reports the correct user on login report and the anomaly report was updated to support older kernels. And auparse_normalize got a few more touch ups.
v2.7.6
This release continues adding metedata and correctness fixes for the auparse_normalizer API. Fixed many robustness issues with corrupted logs. Two bugs were fixed where the auparse feed API was not using the enriched event information.
audit 2.7.5
In auparse, output socket family name if unsupported but known. This prevents a segfault under some conditions. Also, fixup SECCOMP records with respect to enriched audit events.
audit-2.7.4
This release rounds out the auparse_nomalize support. There are now python bindings for the normalizer API. Ausearch/report now has a "boot" option to ask for events since boot. And the syscall table was updated for the 4.11 kernel.