Releases: linux-audit/audit-userspace
audit-4.0.2
Fix musl C builds, Many code cleanups, Dont rotate audit logs when auditd is in debug mode, Correct output when displaying rules with exe/path/dir, and Update auparse normalizer for recent syscalls.
audit-3.1.5
This release fixes a couple important bugs that prevent building on some distributions. Besides that there are a variety of updates. Look at the audit-3.1-maint commit logs to see the changes.
audit-3.1.4
The main purpose of this release is to fix building on distributions where musl C is used. There are a couple more code cleanups, but no new features.
audit-4.0.1
Update TRUSTED_APP interpretation to look for known fields; in auditd plugins, allow variable amount of arguments; fix augenrules to work correctly when kernel is in immutable mode; add audisp-filter plugin; improve sorting speed of aureport --summary reports; and auditd & audit-rules.service pick up paths automatically.
audit-3.1.3
This release contains important patches backported from the main branch. See the git log for the complete list of changes.
audit-4.0
This is the next major release. One of the main features is the separation of loading rules and logging events into separate services, audit-rules.service and auditd.service. This release also drops support for python2 and SysVinit. The libaudit python bindings now only support logging events. The auvirt and autrace programs have been dropped. The nispom rules have been dropped. The legacy service functions have been rewritten in term of systemctl and new auditctl capabilities. The aureport --summary reports are now up to 5 times faster. File watches have been optimized to hook only the necessary syscalls instead of all which measurably improves whole system performance. The syscall and interpretation tables have been updated for the 6.8 kernel. And there have been many code cleanups, hardening, and refactoring.
audit-3.1.2
Various bugfixes, updated lookup tables for the 6.5 kernel, added some new python functions, and most important, change the python binding so that you cannot set audit rules from the python API due to a swig bug. No more workarounds are needed for this.
audit-3.1.1
The following are important changes in the new release:
- Add user friendly keywords for signals to auditctl
- In ausearch, parse up URINGOP and DM_CTRL records
- Harden auparse to better handle corrupt logs
- Move the audispd af_unix plugin to a standalone program
audit-3.1
Major features:
- Add new record types
- Add io_uring support
- Add support for new FANOTIFY record fields
audit-3.0.9
- In auditd, release the async flush lock on stop
- Don't allow auditd to log directly into /var/log when log_group is non-zero
- Cleanup krb5 memory leaks on error paths
- Update auditd.cron to use auditctl --signal
- In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
- In auparse, special case kernel module name interpretation
- If overflow_action is ignore, don't treat as an error