LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 8 Update: setroubleshoot-2.0.5-2.fc8 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora This is a major upgrade of setroubleshoot. The primary difference is how audit data is captured, analyzed, and stored. Security vulnerabilities, performance, usability, and robustness have been addressed in addition to general bug fixes.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2100
2008-02-28 21:14:27
--------------------------------------------------------------------------------

Name        : setroubleshoot
Product     : Fedora 8
Version     : 2.0.5
Release     : 2.fc8
URL         : https://fedorahosted.org/setroubleshoot
Summary     : Helps troubleshoot SELinux problems
Description :
setroubleshoot gui. Application that allows you to view setroubleshoot-server
messages.
Provides tools to help diagnose SELinux problems. When AVC messages
are generated an alert can be generated that will give information
about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.

--------------------------------------------------------------------------------
Update Information:

This is a major upgrade of setroubleshoot. The primary difference is  how audit
data is captured, analyzed, and stored. Security  vulnerabilities, performance,
usability, and robustness have been  addressed in addition to general bug fixes.
Important Installation Notes: The format of the persistent data store  has
changed, after installation the alert database will be newly  initialized and
previous alerts will be lost. For most users this will  not be an issue since
alerts are ephemeral and if the alerting issue  persists a new alert will be
generated in the new format the next time  it occurs. Also, some users may
experience an error dialog from  sealert during installation due to the order in
which files are  installed, this may safely be ignored and is a known issue.
After  installation the sealert desktop component should be restarted, this  can
be achieved by logging out of your desktop sesson or by issuing  the following
commands from within the desktop session.    % sealert -q  % sealert -s
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 22 2008  - 2.0.5-2
- bump rev for build
* Wed Feb  6 2008 John Dennis  - 2.0.5-1
- allow sealert -l lookup to accept * wildcard
	- add a few more audit fields needing special decode handling
* Thu Jan 31 2008  - 2.0.4-1
- Resolve bug #430421: audit_listener_database.xml:3029: parser error in xmlParseDoc()
	  rewrite the audit_msg_decode logic to beaware of specific audit fields
	- add new template substitution $SOURCE, a friendly name, $SOURCE_PATH still exists
	  and is the full path name of $SOURCE, also add 'source' attribute in AVC class,
	  fix how source and source_path are computed from audit's comm and exe fields
	- fix the computation of tpath to also look at the audit name field, formerly
	  it had only been looking at path, fixes  showing up for many targets
	- add exception handling around xml file writes (Alan Cox reports problem when /var is full)
	- add testing documentation
	- Resolve bug #430845: obsolete URL in setroubleshoot package description
	- Resolve bug #428960: Permissive message makes no sense.
	- init script now allows extra test options
	- show_browser() now opens and raises the window (e.g. presents) rather than just
	  assuring it's realized (e.g. iconified, or hidden)
	- sealert -l message in syslog converts from html before writing to syslog
	- Resolve bug #320881: export setroubleshoot_selinux_symposium in PDF format
	- add code to verify all async rpc's have been cleared from the async rpc cache
	- add code to set a default rpc method return if the interface does not define a callback
	  (methods which did not have a callback were not returning anything and hence were not
	   getting cleared from the cache)
* Fri Jan 11 2008  - 2.0.2-1
- Resolve bug #428252: Problem with update/remove old version
	- Add code to validate xml database version, if file is incompatible it is not read,
	  the next time the database is written it will be in the new version format.
	  This means the database contents are not preserved across database version upgrades.
	- Remove postun trigger from spec file used to clear database between incompatible versions
	  the new database version check during database read will handle this instead
	- bullet proof exit status in init script and rpm scriptlets
	- Resolve bug #247302: setroubleshoot's autostart .desktop file fails to start under a KDE session
	- Resolve bug #376041: Cannot check setroubleshoot service status as non-root
	- Resolve bug #332281: remove obsolete translation
	- Resolve bug #344331: No description in gnome-session-properties
	- Resolve bug #358581: missing libuser-python dependency
	- Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin
	- Resolve bug #427260: German Translation
	- enhance the sealert man page
* Fri Jan  4 2008  - 2.0.1-1
- make connection error message persist instead of timeout in browser
	- updated Brazilian Portuguese translation: Igor Pires Soares 
	- implement uid,username checks
	- rpc methods now check for authenticated state
	- fix html handling of summary string
	- add 'named' messages to status bar, make sure all messages either timeout or are named
	- fix ordering of menus, resolves bug #427418
	- add 'hide quiet' to browser view filtering, resolves bug #427421
	- tweak siginfo text formatting
	- add logon to SECommandLine so that sealert -l  works
* Fri Dec 28 2007  - 2.0.0-1
- prepare for v2 test release
	- Completed most work for version 2 of setroubleshoot, prepare for test release
	- import Dan's changes from the mainline
	  primarily allow_postfix_local_write_mail_spool plugin
	- escape html, fix siginfo.format_html(), siginfo.format_text()
	- add async-error signal
	- change identity to just username
	- make sure set_filter user validation works and reports error in browser
	- fix generation of line numbers and host when connected to audispd
	- add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode
	- resolves bug #244345: avc path information incomplete
	- get the uid,gid when a client connects to the server
	- set_filter now verifies the filter is owned by the user,
	- resolves bug #288261: setroubleshoot lack of user authentication
	- remove filter options which weren't being used
	- change '@' in audit data hostname to '.'
	- remove restart dialog
	  resolves bug #321171: sealert's dialog after update is higly confusing
	- fix rpc xml arg
	- fix handling of host value
	- tweak what fields are in signature
	- move data items which had been in 'avc' object into siginfo
	- clean up siginfo format
	- large parts of new audit data pipeline working, checkpoint
	- fix duplicate xml nodes when generating xml tree
	- audit event can now be xml serialized
	- switch from using int's for audit record types to strings
	- avoid conversion headaches and possibilty of not being
	  able to convert a new unknown type
	- add logic to allow XmlSerialize to be subclassed and init_from_xml_node to be overridden
	- add support to xml serialize classes AuditEventID, AuditEvent, AuditRecord
	- use metaclass for xml class init
	- start adding xml support to audit data classes
	- Use metaclass to wrap class init
	- move xml serialization code from signature.py to xml_serialize.py
	- simplify aspect of the serialization code
	- add unstructured xml mapping, each xml element name has its content mapped to obj.name
	- modify xml serialization to be driven by xml contents
	- general clean up
	- checkpoint conversion of serialization to use metaclasses
	- clean up class/data specifications for XmlSerializable
	- add support for client rpc testing
	- add changelog entry
	- add SubProcess class to setroubleshootd in preparation to
	- run daemon as subprocess so we can gather results and
	  compare them to the expected data we sent
	- rewrite all plugins to use new v2 audit data
	- add SubProcess class to setroubleshootd in preparation to 
          run daemon as subprocess so we can gather results and
          compare them to the expected data we sent
	- add new test support: add config section 'test', add boolean 'analyze' to
	  config test section, add class TestPluginReportReceiver which is installed
	  if test.analyze is True, it prints analysis report. In test_setroubleshootd
	  send AUDIT_EOE to assure sequential event processing so analysis results
	  have same ordering as events that are sent by test_setroubleshootd
	- alert signatures now include host information, alerts will be grouped by host
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #416351 - setroubleshoot does not escape regex chars in suggested cmds
        https://bugzilla.redhat.com/show_bug.cgi?id=416351
  [ 2 ] Bug #430421 - setroubleshoot - audit_listener_database.xml:3029: parser error in xmlParseDoc()
        https://bugzilla.redhat.com/show_bug.cgi?id=430421
  [ 3 ] Bug #430845 - obsolete URL in setroubleshoot package description
        https://bugzilla.redhat.com/show_bug.cgi?id=430845
  [ 4 ] Bug #428960 - Message makes no sense.
        https://bugzilla.redhat.com/show_bug.cgi?id=428960
  [ 5 ] Bug #320881 - Somebody just didn't get it!
        https://bugzilla.redhat.com/show_bug.cgi?id=320881
  [ 6 ] Bug #428252 - Problem with update/remove old version
        https://bugzilla.redhat.com/show_bug.cgi?id=428252
  [ 7 ] Bug #247302 - setroubleshoot's autostart .desktop file fails to start under a KDE session
        https://bugzilla.redhat.com/show_bug.cgi?id=247302
  [ 8 ] Bug #376041 - Cannot check setroubleshoot service status as non-root
        https://bugzilla.redhat.com/show_bug.cgi?id=376041
  [ 9 ] Bug #332281 - remove obsolete translation
        https://bugzilla.redhat.com/show_bug.cgi?id=332281
  [ 10 ] Bug #344331 - No description in gnome-session-properties
        https://bugzilla.redhat.com/show_bug.cgi?id=344331
  [ 11 ] Bug #358581 - missing libuser-python dependency
        https://bugzilla.redhat.com/show_bug.cgi?id=358581
  [ 12 ] Bug #426586 - Renaming translation po file from sr@Latn to sr@latin
        https://bugzilla.redhat.com/show_bug.cgi?id=426586
  [ 13 ] Bug #427260 - German Translation
        https://bugzilla.redhat.com/show_bug.cgi?id=427260
  [ 14 ] Bug #427418 - Menu layout is not GNOME HIG compliant
        https://bugzilla.redhat.com/show_bug.cgi?id=427418
  [ 15 ] Bug #427421 - Need a way to permanently ignore specific AVC logs
        https://bugzilla.redhat.com/show_bug.cgi?id=427421
  [ 16 ] Bug #231334
        https://bugzilla.redhat.com/show_bug.cgi?id=231334
  [ 17 ] Bug #244345 - missing filename in setroubleshoot (AVC.get_path() returns incomplete path)
        https://bugzilla.redhat.com/show_bug.cgi?id=244345
  [ 18 ] Bug #288261
        https://bugzilla.redhat.com/show_bug.cgi?id=288261
  [ 19 ] Bug #321171 - sealert's dialog after update is higly confusing
        https://bugzilla.redhat.com/show_bug.cgi?id=321171
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update setroubleshoot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mozilla reports user data leak from Bugzilla project
These 3-D Printed Skeleton Keys Can Pick High-Security Locks in Seconds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.