~ubuntu-branches/ubuntu/maverick/audit/maverick

Committer: Bazaar Package Importer
Author(s): Mathias Gug
Date: 2007-06-29 13:05:14 UTC
mfrom: (1.1.1 upstream)
Revision ID: james.westby@ubuntu.com-20070629130514-z798cz4lebiahj5w

Tags: 1.5.4-0ubuntu1

* New upstream version.
* debian/patches/audit-1.5.1-dist.patch:
  * update so that it applies for 1.5.4.
* debian/control:
  * update Maintainer and XSBC-Original-Maintainer fields.
* debian/rules:
  * enable apparmor support: add --with-apparmor to configure options.

files added:
auparse/data_buf.c

auparse/data_buf.h

auparse/test/Makefile.am

auparse/test/Makefile.in

auparse/test/auparse_test.ref

auparse/test/tmp

auparse/test/tmp1

auparse/test/tmp2

docs/auparse_add_callback.3

docs/auparse_feed.3

docs/auparse_flush_feed.3

docs/auparse_get_filename.3

docs/auparse_get_line_number.3

init.d/audispd.conf

new_audispd

new_audispd/Makefile.am

new_audispd/audispd-builtins.c

new_audispd/audispd-builtins.h

new_audispd/audispd-config.c

new_audispd/audispd-config.h

new_audispd/audispd-llist.c

new_audispd/audispd-llist.h

new_audispd/audispd-pconfig.c

new_audispd/audispd-pconfig.h

new_audispd/audispd.c

new_audispd/configs

new_audispd/configs/Makefile.am

new_audispd/configs/af_unix.conf

new_audispd/configs/syslog.conf

new_audispd/queue.c

new_audispd/queue.h

files removed:
auparse/test/Makefile

files modified:
ChangeLog

THANKS

TODO

audit.spec

auparse/Makefile.am

auparse/auparse-defs.h

auparse/auparse.c

auparse/auparse.h

auparse/ellist.c

auparse/ellist.h

auparse/internal.h

auparse/rnode.h

auparse/test/auparse_test.c

auparse/test/auparse_test.py

auparse/typetab.h

bindings/python/auparse_python.c

config.guess

configure.ac

contrib/skeleton.c

debian/changelog

debian/control

debian/patches/audit-1.5.1-dist.patch

debian/rules

docs/Makefile.am

docs/auditctl.8

docs/auparse_init.3

docs/ausearch.8

init.d/Makefile.am

lib/audit_logging.c

lib/deprecated.c

lib/fieldtab.h

lib/libaudit.c

lib/libaudit.h

lib/msg_typetab.h

src/auditctl.c

src/auditd-config.c

src/aureport-options.c

src/aureport-output.c

src/ausearch-parse.c

swig/auditswig.i

Show diffs side-by-side

added added

removed removed

docs/auditctl.8

\fB\-p\fP [\fBr\fP|\fBw\fP|\fBx\fP|\fBa\fP]

Set permissions filter for a file system watch. \fBr\fP=read, \fBw\fP=write, \fBx\fP=execute, \fBa\fP=attribute change. These permissions are not the standard file permissions, but rather the kind of syscall that would do this kind of thing. The read & write syscalls are omitted from this set since they would overwhelm the logs. But rather for reads or writes, the open flags are looked at to see what permission was requested.

.TP

.BI \-q\ mount-point,subtree

If you have an existing directory watch and bind or move mount another subtree in the watched subtree, you need to tell the kernel to make the subtree being mounted equivalent to the directory being watched. If the subtree is already mounted at the time the directory watch is issued, the subtree is automatically tagged for watching. Please note the comma separating the two values. Omitting it will cause errors.

.TP

.BI \-r\ rate

Set limit in messages/sec (\fB0\fP=none). If this \fIrate\fP is non-zero and is exceeded, the failure flag is consulted by the kernel for action. The default value is \fB0\fP.

.TP

.B \-s

Report status

.TP

.BI \-a\ list , action

.BI \-t

Trim the subtrees after a mount command.

.TP

.BI \-a\ list,action

Append rule to the end of \fIlist\fP with \fIaction\fP. Please note the comma separating the two values. Omitting it will cause errors. The following describes the valid \fIlist\fP names:

.RS

.TP 12

110

116

.B devminor

111

117

Device Minor Number

112

118

.TP

119

.B dir

120

Full Path of Directory to watch. See "\fB\-w\fP". Should only be used on exit list.

121

.TP

113

122

.B egid

114

123

Effective Group ID

115

124

.TP

Older »