audit-3.0.6-150400.4.13.1<>,dip9|cgR%_# ŏt55ۦJkۇu&4$PDH ^? d[:PfPO:0 ;eR@zASiʆne[0@7ˊBIIh<>YC`.bÌnA[.ENQ2A \2yf^?rcL?d  A *< Rd[[ [ [ [ 1 [ 1[3\[5#[67[889:(;8; %9;%:>k%=v>~?@FG[H[I[XY\,[][^ybcd'e,f/l1uD[vwd[x[y<9z 04<@DLPTZCaudit3.0.6150400.4.13.1User Space Tools for Kernel AuditingThe audit package contains the user space utilities for storing and processing the audit records generated by the audit subsystem in the Linux kernel.diibs-centriq-6(MSUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/System/Monitoringhttps://people.redhat.com/sgrubb/audit/linuxaarch64 if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in auditd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in augenrules.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi# Save existing audit files if any (from old locations) if [ -f /etc/auditd.conf ]; then mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new mv /etc/auditd.conf /etc/audit/auditd.conf fi if [ -f /etc/audit.rules ]; then mv /etc/audit.rules /etc/audit/audit.rules elif [ ! -f /etc/audit/audit.rules ]; then cp /etc/audit/rules.d/audit.rules /etc/audit/audit.rules fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in auditd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in augenrules.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable auditd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop auditd.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable augenrules.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop augenrules.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in auditd.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart auditd.service ) || : fi fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in augenrules.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart augenrules.service ) || : fi fi/f @]MG/n:Q20C'#FFV+`XFHtR6 QDA聤A聠A聠큤AA큤A큤A큤A聠Adadad`dad]d]d]dadadadadadadadadadadadadadad`d`dadadad`dadadadad`dadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadadgaW9aW9aW9dgaW9d`d`d`d`d`d`d^d^d`d`d^d`d^dadadac90c9e248efa3381f9344c507450cdf21849945f775d7c59291b6ab54dad830cd9953f20b2be7c063e714b8d2a4895472733fc3d94bcf866e40529afc91b8726b7c3e851e8901bc6b2895a6be8abe38887ea4bf8bcc9bf2699bf940c7974b5672526e4ae01cd81c3ab2d59bfcc8bf3f6828d1e5eb3bd791d009b869f97d1f20c6706201085e33dc29725b0bfa2c7b7d1f2e4083fda0c6b3297b70099e9fec3e92f469f4289e1861ba50da54e9a73c1ebccc72e7d19b60bbdcd4b5e80c3832293e0ad99bde6226f9d4388ef54930b681c5255b52c70d66093e8d39333cd67ffe1c6747614a024cb846c595783d5f11e69ec721c4fdaf0538cd569627da8ddf0dee2b64df8a60751c1da9a8b29e789563e34579984b62fbedfcdfce9a212fd396551d62df5e723db2210611ee522194539437522e969ae6a22294136d28f1c0316d097e9557c8e779146638c65fefcbd6362694e39a4ee81000e257b32450e697a426aca4d45d42c01b8a64b87fff660125dc399cf1f003b293f2cdef07a7795afee3443751ac91a7eb3b615a3ccc56cc4b5a627b3d5b73e27d14d6d6a2e59d54f8a093e627413c5e6fcf6e7986e512017e9d3586feb1b53c02f3547c463beb523703e57e8cd6f64bdb5631b18ffdc18cce824c6e9879f82d90b4c3a001ede77569db77ae3fda850eb5ed6ff5c3e2bb47ba9119c062486e4d6835204863d32c1d98a001078b88c209b8bba951ded8d3ae9d2d97ec7296dc74b47503e9daadfea43962016f210862f19e8fa29a02d613ad89c29906a9029244814e75009a61ab30a54c2cebdaadfb928f7327cc066218e38743f0ff94d02fe162a7a415e148d23a86706201085e33dc29725b0bfa2c7b7d1f2e4083fda0c6b3297b70099e9fec3e95aba151df1a4026ac2bdb4da8652d47c083b63fc5db96ecbbeaf98223ea7db2f5fe258398c4e2a79a1a4a996c262df303c497c444fc29b630028c6bcff8a0680206f8340e59187c1a75b161796d6a5711bb9fcc72784b33dfd9c035a9d127b5ada083a4565d649a86f0fa56d1ed0b686ba78da80a24b290924b9da9ff30743d4d8a12f8a49f111b7aac15f6cac6bc38926d7dc9611691cc290ad23c7b877f3410aca9a37a27583d8bb49d99b6a30f28e04958ac656d35f9b217a4ffaf7c48042d51b846cfb48c1f6eabc2969db872dccfef2a942beafdab7fcb5e79e35b6778195d76e614f68398ad13b48a0f523306aa0bb38aaea285b88d4225fdf69069cf67bc05cbcfde0664abc759bad2fa8577681007d1db77b0bf5a562b1d52f8b0c79c97448ae2dcdbedb4c50464bfcec2a56886314d1ba8ee002f6bf63ec093b1b6bdc6f182ce7a0195e63f1ce60e0812c601e38de022fb8baf03ad6560e78fd73cacaeb9a7f4bb77ab89027f11789e02eb6e9b4f2fc4346eeaea25efe1730d83fe67883a1f395d181e5da850ff77b3a6c69eec5ab68d24e71da1b8f5b5212954599d8267adb81be2e6fffb0b86341297ef0806261113fc59e29a7bf87a4e5dea0d81eb6a682e840cb04f611ab5f768b65d1f41c898e11ad3c6d0545d03562c03ad02c4e9dbd58405bc275e7e187d6ec2eb9436aa54073f557b83ef6e4a06a55fc53ddd91b8bb35bb9559163c6402ebcd3b06e7ecf84a1bb6d5aed89a3f94f4109cd3cf174b6005bfe0fa6cc3aa256bc96a7d335bb9cd554dbc8dda3c916a8f497de1d6a69c3d93637b3bc427c10717d2fc9a6a786b97f33b718c4ce34c2ebe61cb57eb41a6aaf6737c2571b6424fae7fa53af4b41a9115b6c5732a5778ccd9900adc57e70e8785c8465bd22d1cf832c6c1d2c29c67afdb10ec2e338de556e18da83a6d974558dae7b6d24edf083a0d72bb8d15ac463da0717fcd854235168390033c8e5cc97e0b04dce3524a534a85f7005066a284a2d38a104a2f87072d83e3830f36c7a49f882792bb7a15d2d9d388117d14fe09cfc25712972930db6663fe89476b309408dd3ca1876baaecb0117fec0f76b6fd8bcc968e2cc616d95dacbcba2b932715f5989044c0e238fb88ccb5caa39f9554f992bc38cc8ddba55c622c3f30b7754e8ee41c0f579e828502b9d19cceac1db18ef740a80589e59cd35dfc1a534bf22df5c3e2121b431913a3afe6397e30b24453a7ecb7844b17799984895eb88fe75a3bcb807fad74cd020e6e04347f7dbd3ef16de314c0c6a976cdde0dda093222d0d49483ff9c6a3dc9879992e7f61404efb65373eaab12a4b87ef3da02a0761b60c49e34bb46ce344d84d120d62f27d593774d34ef1eddbc85b7a8b15ea5fc54d4981a480e15bc6e1f7e703eeca446cc5b95cc424459c24c40013020d1d52e95855b574e7230ae69fa1ae088a9d582ba7bb493b473d5f10e67f658ae77200e0926039f166a9f8d5b0b825e33358c7f2c1ccc6f86067ba2f684c26d13f95c06136de99e9a6628e4c5a2b007c4f028fcfcef23830a5e58557a7520d8c7a27154100806c1128a8d0456c95bb70f934dc9ceab2e9b6ecb92f764eb8d4924b128655d58e59eb7420d5182aa76017daf40452ebabc1a5131de0a7320aeeee236832b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670902053bbf311b19370f1dcdecd18e5e887882cfe3a2c1fd862926035349efea39ea670026166dd6f362ed954032f06afead4b8e6f121feaf5933be59fe64c57027ac54ae2bf30b7909e61f161154dc2baa0ef43b84b429fc65d028acc32d297411babfd1ab764971df44a1c75b56fb7ee14fca48bc73fe566c3bd88dd52ec595a3debc88bdd2339fde1ae1aa838c437e2af73d9a2f43d0505fb0b1af92c26995e37139d148e3c0e0a3d29e60969dfd591b9e4b1c03a9a6ef1579bce90f56aafbea420ca865e0439c4e9bfb9e9d1d64044f0d93327d7aca25e069916ace89096925317334b644bc5376842459b8050569caf3b203ca48e9c52acb5277d20fe28a10d6c6a953211c26260362afddd07d16b3d246c75893e11af3c245fa1c6fd2a5fa2c911501e9a26d563edf62bb9a5158113e94134bcbe7489fbc5cdbf0518c91ed5560e3ed3b584df4356527afee3116c1f3b8cb12f43d5e0c69e124e4e31230bf0850732938dbe685495d0da757e691198d7533d76273495136adad413f2c530b366481917bf01b313e0c5ba2a3450e517f4b4cd9400a1db6b1a13498ca0330/usr/sbin/audisp-syslog/usr/sbin/auditctl/usr/sbin/auditd/usr/sbin/augenrules/usr/sbin/aureport/usr/sbin/ausearch/usr/sbin/autraceservice@@Qrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootauditauditrootaudit-secondary-3.0.6-150400.4.13.1.src.rpmauditaudit(aarch-64)config(audit) @@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/sh/bin/shaudit-libsconfig(audit)coreutilsgroup(audit)ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libaudit.so.1()(64bit)libauparse.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcap-ng.so.0()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)libwrap.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.63.0.6-150400.4.13.13.0.4-14.6.0-14.0-15.2-14.14.3dhdhdq@bT@b?@b=b; aaaim@af@aHwaC1aS@a`D`@`@_ǁ_@^[\|[.6@[&M@ZlZZZz@ZyZ_:ZC@YYYu@Ym@VbUematsumiya@suse.deematsumiya@suse.deematsumiya@suse.dejengelh@inai.decoolo@suse.comematsumiya@suse.comdmueller@suse.comfvogt@suse.comgmbr3@opensuse.orggmbr3@opensuse.orgematsumiya@suse.comematsumiya@suse.comematsumiya@suse.commeissner@suse.comematsumiya@suse.comematsumiya@suse.comdimstar@opensuse.orgematsumiya@suse.comabergmann@suse.comlnussel@suse.detonyj@suse.comjengelh@inai.deantoine.belvire@opensuse.organtoine.belvire@opensuse.orgkukuk@suse.detonyj@suse.commeissner@suse.comtchvatal@suse.comnormand@linux.vnet.ibm.comtchvatal@suse.commpluskal@suse.comaavindraa@gmail.comdimstar@opensuse.orgjengelh@inai.detonyj@suse.comtchvatal@suse.comtonyj@suse.com- Update audit-secondary.spec: create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519).- Fix rules not loaded when restarting auditd.service(bsc#1204844)- Check for AF_UNIX unnamed sockets (bsc#1210004) * add check-for-AF_UNIX-unnamed-sockets.patch- Drop buildrequire on C++ compiler. - Modernize specfile constructs.- Fix buildrequire for openldap2-devel - audit doesn't require the (outdated) C++ binding, but the C headers that happen to be pulled in by buildrequiring the C++ devel package- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645) * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch - Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517) * add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch- add audit-userspace-517-compat.patch- Use %autosetup - Don't include sample rules as %doc, they're already installed as normal files - Fix create-augenrules-service.patch: * auditd.service needs to require augenrules.service, not the other way around - Fix documentation for enable-stop-rules.patch- Update to version 3.0.6: * fixes a segfault on some SELINUX_ERR records * makes IPX packet interpretation dependent on the ipx header file existing * adds b32/b64 support to ausyscall * adds support for armv8l * fixes auditctl list of syscalls on PPC * auditd.service now restarts auditd under some conditions- Add CONFIG parameter to %sysusers_generate_pre- Create separate service for augenrules (bsc#1191614, bsc#1181400) * add create-augenrules-service.patch Remove ReadWritePaths=/etc/audit from auditd.service, also removes augenrules call from ExecStartPost. Create augenrules.service with the ReadWritePaths directive above. This makes /etc/audit only accessible by augenrules.service and let auditd.service (and daemon) to be sandboxed again. - Update audit-secondary.spec to accomodate the new service file.- Fix hardened auditd.service (bsc#1181400) * add fix-hardened-service.patch Make /etc/audit read-write from the service. Remove PrivateDevices=true to expose /dev/* to auditd.service. - Enable stop rules for audit.service (cf. bsc#1190227) * add enable-stop-rules.patch- Change default log_format from ENRICHED to RAW (bsc#1190500): * add change-default-log_format.patch (SUSE-specific patch) - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs- harden_auditd.service.patch: automatic hardening applied to systemd services- Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists - use https source urls- Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomáš Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Removes audit-fno-common.patch: fixed in upstream - Removes audit-python3.patch: fixed in upstream- Do not explicitly provide group(audit) in system-users-audit: this is automatically handled by rpm/providers.- Create new "audit" group for read access to logs (bsc#1178154) * add change-default-log_group.patch * update audit-secondary.spec- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)- prepare usrmerge (boo#1029961)- Update to version 2.8.5: * Fix segfault on shutdown * Fix hang on startup (#1587995) * Add sleep to script to dump state so file is ready when needed * Add auparse_normalizer support for SOFTWARE_UPDATE event * Mark netlabel events as simple events so that get processed quicker * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) * Add 30-ospp-v42.rules to meet new Common Criteria requirements * Update lookup tables for the 4.18 kernel * In aureport, fix segfault in file report * Add auparse_normalizer support for labeled networking events * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) * Event aging is off by a second * In ausearch/auparse, correct event ordering to process oldest first * auparse_reset was not clearing everything it should * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events * In ausearch/report, lightly parse selinux portion of USER_AVC events * In ausearch/report, limit record size when malformed * In auditd, fix extract_type function for network originating events * In auditd, calculate right size and location for network originating events * Treat all network originating events as VER2 so dispatcher doesn't format it * In audisp-remote do an initial connection attempt (#1625156) * In auditd, allow expression of space left as a percentage (#1650670) * On PPC64LE systems, only allow 64 bit rules (#1462178) * Make some parts of auditd state report optional based on config * Fix ausearch when checkpointing a single file (Burn Alting) * Fix scripting in 31-privileged.rules wrt filecap (#1662516) * In ausearch, do not checkpt if stdin is input source * In libev, remove __cold__ attribute for functions to allow proper hardening * Add tests to configure.ac for openldap support * Make systemd support files use /run rather than /var/run (Christian Hesse) * Fix minor memory leak in auditd kerberos credentials code * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test * In ausearch/report fix --end to use midnight time instead of now (#1671338) - Fix build errors when using gcc-10 no-common default (bsc#1160384) New patch: audit-fno-common.patch - Refresh audit-allow-manual-stop.patch- Reduce scriptlets' hard dependency on systemd.- Update to version 2.8.4: * Generate checkpoint file even when not results are returned (Burn Alting). * Fix log file creation when file logging is disabled entirely (Vlad Glagolev). * Use SIGCONT to dump auditd internal state (rh#1504251). * Fix parsing of virtual timestamp fields in ausearch_expression (rh#1515903). * Fix parsing of uid & success for ausearch. * Hide lru symbols in auparse. * Fix aureport summary time range reporting. * Allow unlimited retries on startup for remote logging. * Add queue_depth to remote logging stats and increase default queue_depth size.- Update to version 2.8.3: * Correct msg function name in lru debug code. * Fix a segfault in auditd when dns resolution isn't available. * Make a reload legacy service for auditd. * In auparse python bindings, expose some new types that were missing. * In normalizer, pickup subject kind for user_login events. * Fix interpretation of unknown ioctcmds (rh#1540507). * Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, & RESP_ORIGIN_BLOCK_TIMED events. * In auparse_normalize for USER_LOGIN events, map acct for subj_kind. * Fix logging of IPv6 addresses in DAEMON_ACCEPT events (rh#1534748). * Do not rotate auditd logs when num_logs < 2 (brozs).- Use %license instead of %doc [bsc#1082318]- Change openldap dependency to client only (bsc#1085003) - Resolve issue with previous change if both Python2 and Python3 are present, tests were failing as python2 bindings are preferred in this case.- reverted -j1 force ppc specific only- Add patch to fix test run without python2 interpreter: * audit-python3.patch - Update to 2.8.2 release: * Update tables for 4.14 kernel * Fixup ipv6 server side binding * AVC report from aureport was missing result column header (#1511606) * Add SOFTWARE_UPDATE event * In ausearch/report pickup any path and new-disk fields as a file * Fix value returned by auditctl --reset-lost (Richard Guy Briggs) * In auparse, fix expr_create_timestamp_comparison_ex to be numeric field * Fix building on old systems without linux/fanotify.h * Fix shell portability issues reported by shellcheck * Auditd validate_email should not use gethostbyname- force -j1 for PowerPC make check to avoid build failure (lookup_test.o: file not recognized: File truncated)- Add conditions around python plugins to allow us to conditionalize them in enviroment without python2- Rename python binding packages to match current python packaging standards - Update python build dependencies to resolve future split of python2/3- Update to version 2.8.1. See audit.spec (libaudit1) for upstream changelog - Remove audit-implicit-writev.patch (fixed upstream across 2 commits) * 3b30db20ad983274989ce9a522120c3c225436b3 * 07132c22314e9abbe64d1031fd8734243285bb3f - Cleanup with spec-cleaner- Add audit-implicit-writev.patch: include sys/uio.h to ensure readv and writev are declared.- Rectify RPM groups, diversify descriptions. - Remove mentions of static libraries because they are not built.- Update to version 2.7.7. See audit.spec (libaudit1) for upstream changelog Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking service (bsc#1042781). Add config: audit-stop.rules Refresh patch: audit-allow-manual-stop.patch Refresh patch: audit-no-gss.patch- Version update to 2.5. See audit.spec (libaudit1) for upstream changelog - Cleanup with spec-cleaner - Sort out bit /sbin /usr/sbin/ installation - Install the rules as documentation - Remove needless %py_requires from python subpkgs- Update to version 2.4.4. See audit.spec (libaudit1) for upstream changelog - Add python3 bindings for libaudit and libauparse - Remove patch 'audit-no_m4_dir.patch' (added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com) No idea what earlier 'automake' build error this was trying to fix but it broke the handling of "--without-libcap-ng". Anyways, no build error occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build/bin/sh/bin/sh/bin/sh/bin/shibs-centriq-6 1692262249  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[3.0.6-150400.4.13.13.0.6-150400.4.13.13.0.6-150400.4.13.1 auditaudit.rulesaudit-stop.rulesauditd.confplugins.daf_unix.confsyslog.confrules.daudit.rulesauditd.confaudisp-syslogauditctlauditdaugenrulesaureportausearchautraceaulastaulastlogausyscallauvirtauditd.serviceaugenrules.serviceaudisp-syslogauditctlauditdaugenrulesaureportausearchautracercauditdauditsample-rules10-base-config.rules10-no-audit.rules11-loginuid.rules12-cont-fail.rules12-ignore-error.rules20-dont-audit.rules21-no32bit.rules22-ignore-chrony.rules23-ignore-filesystems.rules30-nispom.rules30-ospp-v42-1-create-failed.rules30-ospp-v42-1-create-success.rules30-ospp-v42-2-modify-failed.rules30-ospp-v42-2-modify-success.rules30-ospp-v42-3-access-failed.rules30-ospp-v42-3-access-success.rules30-ospp-v42-4-delete-failed.rules30-ospp-v42-4-delete-success.rules30-ospp-v42-5-perm-change-failed.rules30-ospp-v42-5-perm-change-success.rules30-ospp-v42-6-owner-change-failed.rules30-ospp-v42-6-owner-change-success.rules30-ospp-v42.rules30-pci-dss-v31.rules30-stig.rules31-privileged.rules32-power-abuse.rules40-local.rules41-containers.rules42-injection.rules43-module-load.rules44-installers.rules70-einval.rules71-networking.rules99-finalize.rulesREADME-rulesauditChangeLogREADMEauditd.cronauditCOPYINGauditd.conf.5.gzausearch-expression.5.gzaudit.rules.7.gzauditctl.8.gzauditd.8.gzaugenrules.8.gzaulast.8.gzaulastlog.8.gzaureport.8.gzausearch.8.gzausyscall.8.gzautrace.8.gzauvirt.8.gzauditaudit.logaudit/etc//etc/audit//etc/audit/plugins.d//etc/audit/rules.d//sbin//usr/bin//usr/lib/systemd/system//usr/sbin//usr/share//usr/share/audit//usr/share/audit/sample-rules//usr/share/doc/packages//usr/share/doc/packages/audit//usr/share/licenses//usr/share/licenses/audit//usr/share/man/man5//usr/share/man/man7//usr/share/man/man8//var/log//var/log/audit//var/spool/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:30277/SUSE_SLE-15-SP4_Update/b33244660a91624af00862daaaccee6a-audit-secondary.SUSE_SLE-15-SP4_Updatedrpmxz5aarch64-suse-linux  directoryemptyASCII textELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=7e9bce74e1f3d34420fcb1102f55f7b8f2b624bf, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=f3b86e6201ecd01265bc1303733e948db674e662, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=146c1b25c86c54fd853fb28036e8a5fc2d76e742, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=ce756378f99c40a292c8b42b53419e5c7dd1b9aa, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=411ba262a7c4335e7ba438098e8c9e40c7c5129b, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=20d1c3cb015ab08a9b3eaae139bb8612a8fae7a2, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=c997559290e4639daecb2e8baabd7599a79cb4e2, for GNU/Linux 3.7.0, strippedPOSIX shell script, ASCII text executableELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=d730fbe4a28b1decfbb0395e33efee1f97f7133f, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=016c665ddafcd55093aaaf09d7570ef650dd8485, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=60a785ce5ba758db9c9f0dcbf9df3ae9f7cd0e2f, for GNU/Linux 3.7.0, strippedUTF-8 Unicode texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix) '(.4 R RR R R R RR R R RR R R RR R R R RR RR R R RR R R R R RRRR R RR R RR RR R R R R RR R R R R RR R R :l㬋~isystemdsystemdutf-86798249fcfc78639a9edb81b55894f9a1cce9a4f54c5001dd431b42afab576a6?@7zXZ !t/! ]"k%rS)q tNZa̅z7U~Ȭ})ӈ8Æ<{%mGGHj9wF]bT.v AZ btyD?V0V%w:HC~ s17y&! hP{R;þhiQaFk@_WbkQp! ~:yp燅Oƀ"_Gړ9tpy(;$(2"o$P΅BEDP3Ho IhnybSf0aMx {XRV ֟LFE@LX{OpSR+w.l7g^ё$h jw["{f哔TsqK9 \ӜjE⾴VנW۫Lfi2A]E wcS| ֹY[qt-6D *Ke;]{2s. @AAİ+iw5HX+ٮ7Ojkt2CMbb}Bn~DžmߟF/=v~5v z{?yDXyV,b"R`xfc%)^vǸ+{&![i}%ϭviBj˩N GI$a[͈[<ëCQEV<̵ Xf~,Le%eǘ9U Tk.T~EF1sRJQ 4r脿Dp\q֏ٖ%-}b[ Zz;u?ZD*L =ch;+NZH Za:{ {"OX@ǿÃt!T/ǀvD_GZSBilJd k.RCi:-.),jHog$.Q} LP%)4_*Ekje^D'nkb_4qHZ*<LohY߇~Ƚ3m٭oմ2" G"}2Z{*/^_X}c +@c1U鉟BƷ%ej4Fs =t5 U\|)Ć${KEh76ԇHH2pxZ_G,Zܡ_@ bF5Es $yxzfY%$qiYPSL1xfPy$f;EnBB3ɥC~Ba&TV 紖G:Snvs4;!AhKwmVoa:, 11: &=l A)3X>::8O!iaV)JlߙO] ,#P+G{d/o`igdJ.̝izzXM\ g 7Lu-݀0`yV>$hZd!0[F! Ŗ%'L|w:>X;Z|xI}*&os[> P7>I`Ml!E3Jj,WIxbճorL( Bx*mAvܟDb{K( x$-s8dD&=<8; qPM!?eQx:oz60BBdYQ81mS"¡;imH@OɇBۅ_|P2]!Ki}3¸GV`c3I!F;U!J|aϥ3r~]ݿߵOZ9E*FDkr:178˫C;žw`z>e9}bg4MtYL9i|F^q:{rDڐc¸,FC{L• i_ni8v. #$ǟǛw]mt;^~4nN2,-Pv2k6n6le#V¹1 mJU}tHnr8Cdɶ YZ