Skip to content

Releases: elastic/go-libaudit

2.1.0

08 Dec 22:48
@andrewstucki andrewstucki
v2.1.0
9aafaf3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2.1.0

Added

  • ECS 1.7 configuration categorization. #80

Changed

  • Use ingress/egress instead of inbound/outbound for ECS 1.7. #80
Loading

2.0.2

19 Aug 15:00
@leehinman leehinman
v2.0.2
8bcb06e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2.0.2

Changed

  • Use ECS recommended values for network direction. #75 #76

Removed

  • Remove github.com/Sirupsen/logrus dependency from examples. #73
Loading

2.0.1

20 Jul 11:57
@andrewkroh andrewkroh
v2.0.1
44b0875

Choose a tag to compare

View all tags
2.0.1

Changed

  • Fixed syscall lookup for ppc64 and ppc64le. #71
Loading

v2.0.0

18 Jun 20:28
@andrewkroh andrewkroh
v2.0.0
05fbb4e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.0.0

Added

  • Added SetImmutable to the audit client for marking the audit settings as immutable within the kernel. #55 #68
  • Added Vagrantfile for development ease. #61
  • Added enrichment of arch, syscall, and sig to type=SECCOMP messages. #64
  • Added support for big endian. #48

Changed

  • Added semantic versioning support via go modules. #61
  • Added ECS categorization support for events by record type and syscall. #62
  • Fixed a typo in the action value associated with ROLE_REMOVE messages. #65
  • Fixed a typo in the action value associated with ANOM_LINK messages. #66
  • Fixed spelling of anomaly in aucoalesce package. #67
Loading

v0.4.0

18 Jun 20:10
@andrewkroh andrewkroh
v0.4.0
39073a2

Choose a tag to compare

View all tags
v0.4.0

Added

  • Added method to convert kernel rules to text format in order to display them.

Changed

  • aucoalesce - Made the user/group ID cache thread-safe. #42 #45
Loading

v0.3.0

25 May 13:53
@andrewkroh andrewkroh
v0.3.0
c18782e

Choose a tag to compare

View all tags
v0.3.0

Added

  • Added support for setting the kernel's backlog wait time via the new
    SetBacklogWaitTime function. #34
  • New method GetStatusAsync to perform asynchronous status checks. #37

Changed

  • AuditClient Close() is now safe to call more than once. #35
Loading

v0.2.1

03 May 13:40
@andrewkroh andrewkroh
v0.2.1
55225d0

Choose a tag to compare

View all tags
v0.2.1

Added

  • Added better error messages for when NewAuditClient fails due to the
    Linux kernel not supporting auditing (CONFIG_AUDIT=n). #32
Loading

v0.2.0

30 Apr 14:09
@andrewkroh andrewkroh
v0.2.0
7839a62

Choose a tag to compare

View all tags
v0.2.0

Changed

  • auparse - Fixed parsing of apparmor AVC messages. #25
  • auparse - Update syscall and audit message type tables for Linux 4.16. #30
  • aucoalesce - Cache UID/GID values for one minute. #24
Loading

v0.1.1

05 Apr 19:22
@andrewkroh andrewkroh
v0.1.1
bc9f53e

Choose a tag to compare

View all tags
v0.1.1

Added

  • rules - Detect s390 or s390x as the runtime architecture (GOOS) and
    automatically use the appropriate syscall name to number table without
    requiring the rule to explicitly specify an arch (-F arch=s390x). #23
Loading

v0.1.0

28 Mar 14:52
@andrewkroh andrewkroh
v0.1.0
4a806ed

Choose a tag to compare

View all tags
v0.1.0

Changed

  • auparse - Fixed an issue where the name value was not being hex decoded from
    PATH records. #20
Loading