audit 1.6.3 released

Steve Grubb sgrubb at redhat.com
Thu Dec 27 22:22:00 UTC 2007


Hi,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
soon. The Changelog is:

- Add kernel release string to DEAMON_START events
- Log warning if audit event from kernel is too big
- Fix keep_logs when num_logs option disabled (#325561)
- Auditd commandline option to decide whether to enable kernel auditing on
  startup (Tony Jones)
- Fix auparse to handle node fields for syscall records
- Updates for auparse to uninterpret text search values (Miloslav Trmac)
- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
- Add keyword week-ago to aureport & ausearch start/end times
- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
- Get "make check" working for auparse
- Add RACF zos remote audispd plugin (Klaus Kiwi)
- Add event queue overflow action to audispd
- Make sure we are reading right amount of pipe in audispd

Please let me know if you run across any problems with this release.

-Steve




More information about the Linux-audit mailing list