Linux repositories inspector

audit - User space tools for 2.6 kernel auditing

The audit package contains the user space utilities for storing and searching the audit records generated by
the audit subsystem in the Linux 2.6 and later kernels.
3.0
Fedora iconFedora 29
Fedora iconFedora 30
Fedora iconFedora 31
Fedora iconFedora rawhide
2.8.5
Arch iconArch rolling
CentOS iconCentOS 7.7.1908
OpenSUSE iconOpenSUSE Tumbleweed
2.8.4
Manjaro iconManjaro rolling
2.8.3
Fedora iconFedora 28
2.8.1
OpenSUSE iconOpenSUSE Leap 15.0
OpenSUSE iconOpenSUSE Leap 15.1
OpenSUSE iconOpenSUSE Leap 15.2
2.3.6
OpenSUSE iconOpenSUSE Leap 42.3
DistributionVersionSincePackageInstalledPackager
Arch iconArch rolling core/osxz2.8.5-62019-11-14339 kiB982 kiB
CentOS iconCentOS 7.7.1908 osrpm2.8.5-4.el72020-01-07256 kiB645 kiBCentOS BuildSystem
Fedora iconFedora 28 releases/Everything-osrpm2.8.3-3.fc282019-01-14258 kiB663 kiBFedora Project
Fedora iconFedora 28 releases/Server-osrpm2.8.3-3.fc282019-01-14258 kiB663 kiBFedora Project
Fedora iconFedora 28 releases/Workstation-osrpm2.8.3-3.fc282019-01-14258 kiB663 kiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm3.0-0.4.20180831git0047a6c.fc292019-01-14225 kiB670 kiBFedora Project
Fedora iconFedora 29 releases/Server-osrpm3.0-0.4.20180831git0047a6c.fc292019-01-14225 kiB670 kiBFedora Project
Fedora iconFedora 29 releases/Workstation-osrpm3.0-0.4.20180831git0047a6c.fc292019-01-14225 kiB670 kiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm3.0-0.2.20180808git77fbcf3.fc292019-01-14224 kiB669 kiBFedora Project
Fedora iconFedora 29 releases-test/Server-osrpm3.0-0.2.20180808git77fbcf3.fc292019-01-14224 kiB669 kiBFedora Project
Fedora iconFedora 29 releases-test/Workstation-osrpm3.0-0.2.20180808git77fbcf3.fc292019-01-14224 kiB669 kiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm3.0-0.7.20190326git03e7489.fc302019-06-17228 kiB776 kiBFedora Project
Fedora iconFedora 30 releases/Server-osrpm3.0-0.7.20190326git03e7489.fc302019-06-17228 kiB776 kiBFedora Project
Fedora iconFedora 30 releases/Workstation-osrpm3.0-0.7.20190326git03e7489.fc302019-06-17228 kiB776 kiBFedora Project
Fedora iconFedora 30 releases-test/Server-osrpm3.0-0.6.20181218gitbdb72c0.fc302019-06-17227 kiB781 kiBFedora Project
Fedora iconFedora 30 releases-test/Workstation-osrpm3.0-0.6.20181218gitbdb72c0.fc302019-06-17227 kiB781 kiBFedora Project
Fedora iconFedora 31 releases/Everything-osrpm3.0-0.12.20190507gitf58ec40.fc312020-01-07250 kiB681 kiBFedora Project
Fedora iconFedora 31 releases/Server-osrpm3.0-0.12.20190507gitf58ec40.fc312020-01-07250 kiB681 kiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm3.0-0.19.20191104git1c2f876.fc332020-03-13252 kiB678 kiBFedora Project
Fedora iconFedora rawhide development/Server-osrpm3.0-0.19.20191104git1c2f876.fc332020-03-13252 kiB678 kiBFedora Project
Fedora iconFedora rawhide development/Workstation-osrpm3.0-0.12.20190507gitf58ec40.fc312019-08-03250 kiB681 kiBFedora Project
Manjaro iconManjaro rolling stable/corexz2.8.4-32019-02-19336 kiB1.03 MiB
Manjaro iconManjaro rolling testing/corexz2.8.4-32019-02-12336 kiB1.03 MiB
Manjaro iconManjaro rolling unstable/corexz2.8.4-32019-02-07336 kiB1.03 MiB
OpenSUSE iconOpenSUSE Leap 15.0 ossrpm2.8.1-lp150.3.22019-01-17227 kiB619 kiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.1 ossrpm2.8.1-lp151.4.42019-01-23226 kiB619 kiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.2 ossrpm2.8.1-lp152.5.42020-03-19224 kiB619 kiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 ossrpm2.3.6-6.12019-01-17201 kiB586 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm2.3.6-8.12019-01-21201 kiB587 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Tumbleweed ossrpm2.8.5-1.22020-03-11247 kiB727 kiBhttps://bugs.opensuse.org

Manual pages

audit_add_rule_data(3)

audit_add_rule_data - Add new audit rule

audit_add_watch(3)

audit_add_watch - create a rule layout for a watch

audit_delete_rule_data(3)

audit_delete_rule_data - Delete audit rule

audit_detect_machine(3)

audit_detect_machine - Detects the current machine type

audit_encode_nv_string(3)

audit_encode_nv_string - encode a name/value pair in a string

audit_getloginuid(3)

audit_getloginuid - Get a program’s loginuid value

audit_get_reply(3)

audit_get_reply - Get the audit system’s reply

audit_get_session(3)

audit_get_session - Get a program’s login session id value

audit_log_acct_message(3)

audit_log_acct_message - log a user account message

audit_log_semanage_message(3)

audit_log_semanage_message - log a semanage message

audit_log_user_avc_message(3)

audit_log_user_avc_message - log a user avc message

audit_log_user_command(3)

audit_log_user_command - log a user command

audit_log_user_comm_message(3)

audit_log_user_comm_message - log a user message from a console app

audit_log_user_message(3)

audit_log_user_message - log a general user message

audit_open(3)

audit_open - Open a audit netlink socket connection

audit_request_rules_list_data(3)

audit_request_rules_list_data - Request list of current audit rules

audit_request_signal_info(3)

audit_request_signal_info - Request signal info for the audit system

audit_request_status(3)

audit_request_status - Request status of the audit system

audit_setloginuid(3)

audit_setloginuid - Set a program’s loginuid value

audit_set_backlog_limit(3)

audit_set_backlog_limit - Set the audit backlog limit

audit_set_backlog_wait_time(3)

audit_set_backlog_wait_time - Set the audit backlog wait time

audit_set_enabled(3)

audit_set_enabled - Enable or disable auditing

audit_set_failure(3)

audit_set_failure - Set audit failure flag

audit_set_pid(3)

audit_set_pid - Set audit daemon process ID

audit_set_rate_limit(3)

audit_set_rate_limit - Set audit rate limit

audit_update_watch_perms(3)

audit_update_watch_perms - update permissions field of watch command

auparse_add_callback(3)

auparse_add_callback - add a callback handler for notifications

auparse_destroy(3)

auparse_destroy - release instance of parser

auparse_feed(3)

auparse_feed - feed data into parser

auparse_feed_age_events(3)

auparse_feed_age_events - check events for complete based on time.

auparse_feed_has_data(3)

auparse_feed_has_data - check if there is any data accumulating that might need flushing.

auparse_find_field(3)

auparse_find_field - search for field name

auparse_find_field_next(3)

auparse_find_field_next - find next occurrence of field name

auparse_first_field(3)

auparse_first_field - reposition field cursor

auparse_first_record(3)

auparse_first_record - reposition record cursor

auparse_flush_feed(3)

auparse_flush_feed - flush any unconsumed feed data through parser.

auparse_get_field_int(3)

auparse_get_field_int - get current field’s value as an int

auparse_get_field_name(3)

auparse_get_field_name - get current field’s name

auparse_get_field_num(3)

auparse_get_field_num - get current field cursor location

auparse_get_field_str(3)

auparse_get_field_str - get current field’s value

auparse_get_field_type(3)

auparse_get_field_type - get current field’s data type

auparse_get_filename(3)

auparse_get_filename - get the filename where record was found

auparse_get_line_number(3)

auparse_get_line_number - get line number where record was found

auparse_get_milli(3)

auparse_get_milli - get the millisecond value of the event

auparse_get_node(3)

auparse_get_node - get the event’s machine node name

auparse_get_num_fields(3)

auparse_get_num_fields - get the number of fields

auparse_get_num_records(3)

auparse_get_num_records - get the number of records

auparse_get_record_num(3)

auparse_get_record_num - get current record cursor location

auparse_get_record_text(3)

auparse_get_record_text - access unparsed record data

auparse_get_serial(3)

auparse_get_serial - get the event’s serial number

auparse_get_time(3)

auparse_get_time - get event’s time

auparse_get_timestamp(3)

auparse_get_timestamp - access timestamp of the event

auparse_get_type(3)

auparse_get_type - get record’s type

auparse_get_type_name(3)

auparse_get_type_name - get record’s type translation

auparse_goto_field_num(3)

auparse_goto_field_num - move field cursor to specific field

auparse_goto_record_num(3)

auparse_goto_record_num - move record cursor to specific record

auparse_init(3)

auparse_init - initialize an instance of the audit parsing library

auparse_interpret_field(3)

auparse_interpret_field, auparse_interpret_realpath,auparse_interpret_sock_family,auparse_interpret_sock_port,auparse_interpret_sock_address - get current field’s interpreted value

auparse_next_event(3)

auparse_next_event - get the next event

auparse_next_field(3)

auparse_next_field - move field cursor

auparse_next_record(3)

auparse_next_record - move record cursor

auparse_node_compare(3)

auparse_node_compare - compares node name values

auparse_normalize(3)

auparse_normalize - normalize the current event

auparse_reset(3)

auparse_reset - reset audit parser instance

auparse_set_escape_mode(3)

auparse_set_escape_mode - choose escape method

auparse_timestamp_compare(3)

auparse_timestamp_compare - compares timestamp values

ausearch_add_expression(3)

ausearch_add_expression - build up search expression

ausearch_add_interpreted_item(3)

ausearch_add_interpreted_item - build up search rule

ausearch_add_item(3)

ausearch_add_item - build up search rule

ausearch_add_regex(3)

ausearch_add_regex - use regular expression search rule

ausearch_add_timestamp_item(3)

ausearch_add_timestamp_item - build up search rule

ausearch_add_timestamp_item_ex(3)

ausearch_add_timestamp_item_ex - build up search rule

ausearch_clear(3)

ausearch_clear - clear search parameters

ausearch_next_event(3)

ausearch_next_event - find the next event that meets search criteria

ausearch_set_stop(3)

ausearch_set_stop - set the cursor position

get_auditfail_action(3)

get_auditfail_action - Get failure_action tunable value

set_aumessage_mode(3)

set_message_mode - Sets the message mode

audisp-remote.conf(5)

audisp-remote.conf - the audisp-remote configuration file

audispd.conf(5)

audispd.conf - the audit event dispatcher configuration file

auditd-plugins(5)

audit-plugins - realtime event receivers

auditd.conf(5)

auditd.conf - audit daemon configuration file

ausearch-expression(5)

ausearch-expression - audit search expression format

libaudit.conf(5)

libaudit.conf - libaudit configuration file

zos-remote.conf(5)

zos-remote.conf - the audisp-racf plugin configuration file

audit.rules(7)

audit.rules - a set of rules loaded in the kernel audit system

audisp-remote(8)

audisp-remote - plugin for remote logging

audispd(8)

audispd - an event multiplexor

audispd-zos-remote(8)

audispd-zos-remote - z/OS Remote-services Audit dispatcher plugin

auditctl(8)

auditctl - a utility to assist controlling the kernel’s audit system

auditd(8)

auditd - The Linux Audit daemon

augenrules(8)

augenrules - a script that merges component audit rule files

aulast(8)

aulast - a program similar to last

aulastlog(8)

aulastlog - a program similar to lastlog

aureport(8)

aureport - a tool that produces summary reports of audit daemon logs

ausearch(8)

ausearch - a tool to query audit daemon logs

ausyscall(8)

ausyscall - a program that allows mapping syscall names and numbers

autrace(8)

autrace - a program similar to strace

auvirt(8)

auvirt - a program that shows data related to virtual machines

Latest updates

OpenSUSE icon

OpenSUSE Leap 15.2 oss: Updated from 2.8.1-lp152.5.3 to 2.8.1-lp152.5.4

2020-03-19
  • Change openldap dependency to client only (bsc#1085003)
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.0-0.18.20191104git1c2f876.fc32 to 3.0-0.19.20191104git1c2f876.fc33

2020-03-13
  • Add Obsolete python2-audit (#1783061)
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.0-0.18.20191104git1c2f876.fc32 to 3.0-0.19.20191104git1c2f876.fc33

2020-03-13
  • Add Obsolete python2-audit (#1783061)
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.8.5-1.1 to 2.8.5-1.2

2020-03-11
  • Update to version 2.6.5:
    • Fix segfault on shutdown
    • Fix hang on startup (#1587995)
    • Add sleep to script to dump state so file is ready when needed
    • Add auparse_normalizer support for SOFTWARE_UPDATE event
    • Mark netlabel events as simple events so that get processed quicker
    • When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
    • Add 30-ospp-v42.rules to meet new Common Criteria requirements
    • Update lookup tables for the 4.18 kernel
    • In aureport, fix segfault in file report
    • Add auparse_normalizer support for labeled networking events
    • Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
    • Event aging is off by a second
    • In ausearch/auparse, correct event ordering to process oldest first
    • auparse_reset was not clearing everything it should
    • Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
    • In ausearch/report, lightly parse selinux portion of USER_AVC events
    • In ausearch/report, limit record size when malformed
    • In auditd, fix extract_type function for network originating events
    • In auditd, calculate right size and location for network originating events
    • Treat all network originating events as VER2 so dispatcher doesn't format it
    • In audisp-remote do an initial connection attempt (#1625156)
    • In auditd, allow expression of space left as a percentage (#1650670)
    • On PPC64LE systems, only allow 64 bit rules (#1462178)
    • Make some parts of auditd state report optional based on config
    • Fix ausearch when checkpointing a single file (Burn Alting)
    • Fix scripting in 31-privileged.rules wrt filecap (#1662516)
    • In ausearch, do not checkpt if stdin is input source
    • In libev, remove __cold__ attribute for functions to allow proper hardening
    • Add tests to configure.ac for openldap support
    • Make systemd support files use /run rather than /var/run (Christian Hesse)
    • Fix minor memory leak in auditd kerberos credentials code
    • Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
    • In ausearch/report fix --end to use midnight time instead of now (#1671338)
  • Fix build errors when using gcc-10 no-common default (bsc#1160384) New patch: audit-fno-common.patch
  • Refresh audit-allow-manual-stop.patch
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.0-0.16.20191104git1c2f876.fc32 to 3.0-0.18.20191104git1c2f876.fc32

2020-01-31
  • Fix multiple definition of `event_node_list' (#1794446)
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.0-0.16.20191104git1c2f876.fc32 to 3.0-0.18.20191104git1c2f876.fc32

2020-01-31
  • Fix multiple definition of `event_node_list' (#1794446)
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.8.4-2.3 to 2.8.5-1.1

2020-01-25
  • Update to version 2.6.5:
    • Fix segfault on shutdown
    • Fix hang on startup (#1587995)
    • Add sleep to script to dump state so file is ready when needed
    • Add auparse_normalizer support for SOFTWARE_UPDATE event
    • Mark netlabel events as simple events so that get processed quicker
    • When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
    • Add 30-ospp-v42.rules to meet new Common Criteria requirements
    • Update lookup tables for the 4.18 kernel
    • In aureport, fix segfault in file report
    • Add auparse_normalizer support for labeled networking events
    • Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
    • Event aging is off by a second
    • In ausearch/auparse, correct event ordering to process oldest first
    • auparse_reset was not clearing everything it should
    • Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
    • In ausearch/report, lightly parse selinux portion of USER_AVC events
    • In ausearch/report, limit record size when malformed
    • In auditd, fix extract_type function for network originating events
    • In auditd, calculate right size and location for network originating events
    • Treat all network originating events as VER2 so dispatcher doesn't format it
    • In audisp-remote do an initial connection attempt (#1625156)
    • In auditd, allow expression of space left as a percentage (#1650670)
    • On PPC64LE systems, only allow 64 bit rules (#1462178)
    • Make some parts of auditd state report optional based on config
    • Fix ausearch when checkpointing a single file (Burn Alting)
    • Fix scripting in 31-privileged.rules wrt filecap (#1662516)
    • In ausearch, do not checkpt if stdin is input source
    • In libev, remove __cold__ attribute for functions to allow proper hardening
    • Add tests to configure.ac for openldap support
    • Make systemd support files use /run rather than /var/run (Christian Hesse)
    • Fix minor memory leak in auditd kerberos credentials code
    • Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
    • In ausearch/report fix --end to use midnight time instead of now (#1671338)
  • Fix build errors when using gcc-10 no-common default (bsc#1160384) New patch: audit-fno-common.patch
  • Refresh audit-allow-manual-stop.patch
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.8.4-2.2 to 2.8.4-2.3

2020-01-24
  • Reduce scriptlets' hard dependency on systemd.
Fedora icon

Fedora 31 releases/Server-os: Version 3.0-0.12.20190507gitf58ec40.fc31 introduced

2020-01-07
  • Fix 1734953 - audit: FTBFS in Fedora rawhide/f31
Fedora icon

Fedora 31 releases/Everything-os: Version 3.0-0.12.20190507gitf58ec40.fc31 introduced

2020-01-07
  • Fix 1734953 - audit: FTBFS in Fedora rawhide/f31
OpenSUSE icon

OpenSUSE Leap 15.2 oss: Version 2.8.1-lp152.5.3 introduced

2020-01-07
  • Change openldap dependency to client only (bsc#1085003)
CentOS icon

CentOS 7.7.1908 os: Version 2.8.5-4.el7 introduced

2020-01-07
resolves: #1696709 - updating auditd is enabling disabled service
Fedora icon

Fedora rawhide development/Server-os: Updated from 3.0-0.15.20191104git1c2f876.fc32 to 3.0-0.16.20191104git1c2f876.fc32

2019-11-26
  • Drop python2 subpackage (#1775076)
Fedora icon

Fedora rawhide development/Everything-os: Updated from 3.0-0.15.20191104git1c2f876.fc32 to 3.0-0.16.20191104git1c2f876.fc32

2019-11-26
  • Drop python2 subpackage (#1775076)
Arch icon

Arch rolling testing/os: Version 2.8.5-6 removed

2019-11-14
Arch icon

Arch rolling core/os: Updated from 2.8.5-3 to 2.8.5-6

2019-11-14
Arch icon

Arch rolling staging/os: Version 2.8.5-7 removed

2019-11-14
Arch icon

Arch rolling staging/os: Version 2.8.5-7 introduced

2019-11-13
Arch icon

Arch rolling testing/os: Version 2.8.5-6 introduced

2019-11-10
Arch icon

Arch rolling staging/os: Version 2.8.5-6 removed

2019-11-10

Related packages

audit-audispd-plugins - Default plugins for the audit dispatcher
audit-audispd-plugins-debuginfo - Debug information for package audit-audispd-plugins
audit-debuginfo - Debug information for package audit
audit-debugsource - Debug sources for package audit
audit-devel - Header files for libaudit
audit-devel-32bit - Header files for libaudit
audit-libs - Dynamic library for libaudit
audit-libs-debuginfo - Debug information for package audit-libs
audit-libs-devel - Header files for libaudit
audit-libs-python - Python bindings for libaudit
audit-libs-python-debuginfo - Debug information for package audit-libs-python
audit-libs-static - Static version of libaudit library
audit-secondary-debugsource - Debug sources for package audit-secondary
audit-viewer - Audit event viewer
audit-viewer-debuginfo - Debug information for package audit-viewer
audit-viewer-debugsource - Debug sources for package audit-viewer
audit-visualize - Visualization tools for the audit subsystem
⇧ Top