Back to bug 1381601
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ondrej Moriš | 2016-10-05 08:30:59 UTC | CC | omoris | |
| Peter Vrabec | 2016-10-19 08:53:16 UTC | CC | pvrabec | |
| Paul Moore | 2016-10-22 00:38:18 UTC | CC | pmoore | |
| Miroslav Grepl | 2016-10-24 07:54:09 UTC | Blocks | 1377248 | |
| Miroslav Grepl | 2016-11-28 13:24:46 UTC | CC | mgrepl | |
| Paul Moore | 2016-11-29 20:15:50 UTC | Depends On | 1399823 | |
| Ryan Sawhill | 2016-12-21 05:27:22 UTC | CC | rsawhill | |
| Karel Srot | 2016-12-21 15:13:46 UTC | QA Contact | qe-baseos-security | omoris |
| Grzegorz Halat | 2017-02-27 12:10:25 UTC | CC | grzegorz.halat | |
| Steve Grubb | 2017-02-28 17:49:50 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | audit-2.7.3-1.el7 | |||
| errata-xmlrpc | 2017-02-28 19:17:30 UTC | Status | MODIFIED | ON_QA |
| Mirek Jahoda | 2017-03-02 13:43:22 UTC | Blocks | 1428393 | |
| Steve Grubb | 2017-03-28 14:36:38 UTC | Fixed In Version | audit-2.7.3-1.el7 | audit-2.7.4-1.el7 |
| Lenka Špačková | 2017-04-11 14:50:09 UTC | Docs Contact | mjahoda | |
| Steve Grubb | 2017-05-04 14:31:49 UTC | Doc Text | The audit package has been rebased which introduces a lot of new functionality and finalizes deprecation of an audit filter: - auditd now automatically adjusts logging directory permissions when it starts up. This aids in keeping directory permissions correct after doing a package upgrade. - ausearch has a new --format output option. One setting, "text", presents the event as an English sentence describing what is happening. Another setting, "csv", causes the logs to be normalized into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic program to view, chart, or analyze audit events. - auditctl can now reset the lost event counter in the kernel with a --reset-lost command line option. This makes checking for lost events easier since you can reset the value to zero daily. - Ausearch and aureport now have a "boot" option for the --start commandline option to find events since the system booted. - Ausearch and aureport gained a new --escape commandline option to better control what kind of escaping is done to audit fields. It currently supports raw , tty , shell , and shell_quote escaping. - Auditctl no longer allows rules with the entry filter. This filter has not been supported since RHEL 5. On RHEL 6 and 7 it previously moved any entry rule to the exit filter while issuing a warning that this is deprecated. No known source of rules has the entry filter in it. But this is being mentioned just in case. | |
| Doc Type | If docs needed, set a value | Release Note | ||
| Mirek Jahoda | 2017-05-10 13:50:27 UTC | Doc Text | The audit package has been rebased which introduces a lot of new functionality and finalizes deprecation of an audit filter: - auditd now automatically adjusts logging directory permissions when it starts up. This aids in keeping directory permissions correct after doing a package upgrade. - ausearch has a new --format output option. One setting, "text", presents the event as an English sentence describing what is happening. Another setting, "csv", causes the logs to be normalized into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic program to view, chart, or analyze audit events. - auditctl can now reset the lost event counter in the kernel with a --reset-lost command line option. This makes checking for lost events easier since you can reset the value to zero daily. - Ausearch and aureport now have a "boot" option for the --start commandline option to find events since the system booted. - Ausearch and aureport gained a new --escape commandline option to better control what kind of escaping is done to audit fields. It currently supports raw , tty , shell , and shell_quote escaping. - Auditctl no longer allows rules with the entry filter. This filter has not been supported since RHEL 5. On RHEL 6 and 7 it previously moved any entry rule to the exit filter while issuing a warning that this is deprecated. No known source of rules has the entry filter in it. But this is being mentioned just in case. | _audit_ rebased to version 2.7.4 The _audit_ package has been updated to upstream version 2.7.4, which provides a number of enhancements, new features, and bug fixes, including: * *auditd* now automatically adjusts logging directory permissions when it starts up. This aids in keeping directory permissions correct after doing a package upgrade. * *ausearch* has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * The *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, it just moved any entry rule to the exit filter while issuing a warning that it is deprecated. |
| Doc Type | Release Note | Rebase: Bug Fixes and Enhancements | ||
| Mirek Jahoda | 2017-05-18 19:15:30 UTC | Doc Text | _audit_ rebased to version 2.7.4 The _audit_ package has been updated to upstream version 2.7.4, which provides a number of enhancements, new features, and bug fixes, including: * *auditd* now automatically adjusts logging directory permissions when it starts up. This aids in keeping directory permissions correct after doing a package upgrade. * *ausearch* has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * The *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, it just moved any entry rule to the exit filter while issuing a warning that it is deprecated. | _audit_ rebased to version 2.7.4 The _audit_ packages have been updated to upstream version 2.7.4, which provides a number of enhancements, new features, and bug fixes, including: * the *auditd* service now automatically adjusts logging directory permissions when it starts up. This helps keep directory permissions correct after performing a package upgrade. * the *ausearch* utility has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * The *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, *auditctl* moved any entry rule to the exit filter and displayed a warning that the entry filter is deprecated. |
| Steve Grubb | 2017-05-18 19:19:34 UTC | Fixed In Version | audit-2.7.4-1.el7 | audit-2.7.6-1.el7 |
| Doc Text | _audit_ rebased to version 2.7.4 The _audit_ packages have been updated to upstream version 2.7.4, which provides a number of enhancements, new features, and bug fixes, including: * the *auditd* service now automatically adjusts logging directory permissions when it starts up. This helps keep directory permissions correct after performing a package upgrade. * the *ausearch* utility has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * The *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, *auditctl* moved any entry rule to the exit filter and displayed a warning that the entry filter is deprecated. | _audit_ rebased to version 2.7.6 The _audit_ packages have been updated to upstream version 2.7.6, which provides a number of enhancements, new features, and bug fixes, including: * the *auditd* service now automatically adjusts logging directory permissions when it starts up. This helps keep directory permissions correct after performing a package upgrade. * the *ausearch* utility has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * The *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, *auditctl* moved any entry rule to the exit filter and displayed a warning that the entry filter is deprecated. |
||
| Mirek Jahoda | 2017-05-18 19:36:11 UTC | Doc Text | _audit_ rebased to version 2.7.6 The _audit_ packages have been updated to upstream version 2.7.6, which provides a number of enhancements, new features, and bug fixes, including: * the *auditd* service now automatically adjusts logging directory permissions when it starts up. This helps keep directory permissions correct after performing a package upgrade. * the *ausearch* utility has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * The *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, *auditctl* moved any entry rule to the exit filter and displayed a warning that the entry filter is deprecated. | _audit_ rebased to version 2.7.6 The _audit_ packages have been updated to upstream version 2.7.6, which provides a number of enhancements, new features, and bug fixes, including: * the *auditd* service now automatically adjusts logging directory permissions when it starts up. This helps keep directory permissions correct after performing a package upgrade. * the *ausearch* utility has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * the *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, *auditctl* moved any entry rule to the exit filter and displayed a warning that the entry filter is deprecated. |
| Mirek Jahoda | 2017-06-12 11:06:26 UTC | Blocks | 1428393 | |
| Ondrej Moriš | 2017-06-14 12:12:52 UTC | Status | ON_QA | VERIFIED |
| Hardware | Unspecified | All | ||
| OS | Unspecified | Linux | ||
| Lenka Špačková | 2017-07-27 16:08:27 UTC | Doc Text | _audit_ rebased to version 2.7.6 The _audit_ packages have been updated to upstream version 2.7.6, which provides a number of enhancements, new features, and bug fixes, including: * the *auditd* service now automatically adjusts logging directory permissions when it starts up. This helps keep directory permissions correct after performing a package upgrade. * the *ausearch* utility has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * the *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, *auditctl* moved any entry rule to the exit filter and displayed a warning that the entry filter is deprecated. | _audit_ rebased to version 2.7.6 The _audit_ packages have been updated to upstream version 2.7.6, which provides a number of enhancements, new features, and bug fixes, including: * The *auditd* service now automatically adjusts logging directory permissions when it starts up. This helps keep directory permissions correct after performing a package upgrade. * The *ausearch* utility has a new "--format" output option. The "--format text" option presents an event as an English sentence describing what is happening. The "--format csv" option normalizes logs into a subject, object, action, results, and how it occurred in addition to some metadata fields which is output in the Comma Separated Value (CSV) format. This is suitable for pushing event information into a database, spreadsheet, or other analytic programs to view, chart, or analyze audit events. * The *auditctl* utility can now reset the lost event counter in the kernel through the "--reset-lost" command-line option. This makes checking for lost events easier since you can reset the value to zero daily. * *ausearch* and *aureport* now have a "boot" option for the "--start" command-line option to find events since the system booted. * *ausearch* and *aureport* provide a new "--escape" command-line option to better control what kind of escaping is done to audit fields. It currently supports `raw`, `tty`, `shell`, and `shell_quote` escaping. * *auditctl* no longer allows rules with the entry filter. This filter has not been supported since Red Hat Enterprise Linux 5. Prior to this release, on Red Hat Enterprise Linux 6 and 7, *auditctl* moved any entry rule to the exit filter and displayed a warning that the entry filter is deprecated. |
| Sham Antony | 2017-08-01 04:31:27 UTC | CC | santony | |
| errata-xmlrpc | 2017-08-01 20:53:38 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-08-01 16:53:38 UTC |
Back to bug 1381601