audit 1.6.4 released

Eric Paris eparis at redhat.com
Sun Dec 30 16:24:41 UTC 2007


On Sat, 2007-12-29 at 10:44 -0500, Steve Grubb wrote:
> Hi,
> 
> I've just released a new version of the audit daemon. It can be downloaded 
> from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
> soon. The Changelog is:
> 
> - fchmod of log file was on wrong variable
> - Allow use of errno strings for exit codes in audit rules
> 
> This release fixes a major bug that got introduced in the last release. The 
> code that fixes a permission problem was using the wrong variable. It happens 
> that the result was applied to /dev/null instead of the audit log. If you had  
> selinux in enforcing mode - nothing happened, for everyone else.../dev/null 
> probably got messed up. Oopsie.

close, so close.

Now auditd is fchmoding /var/log/audit/audit.log to 600 and everything
works fine.  But run 'service auditd restart' or just reboot and audit
will refuse to start!

Dec 30 11:53:43 dhcp231-146 auditd: /var/log/audit/audit.log permissions
should be 0640

But at least this time it isn't breaking the whole system   :)

-Eric




More information about the Linux-audit mailing list