audit-2.1.2 released
Steve Grubb
sgrubb at redhat.com
Sun Jun 12 13:45:47 UTC 2011
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- In ausearch/report, fix a segfault caused by MAC_POLICY_LOAD records
- In ausearch/report, add and update parsers
- In auditd, cleanup DAEMON_ACCEPT and DAEMON_CLOSE addr fields
- In ausearch/report, parse addr field of DAEMON_ACCEPT & DAEMON_CLOSE records
- In auditd, move startup success to after events are registered
- If auditd shutsdown due to failed tcp init, write a DAEMON_ABORT event
- Update auditd to avoid the oom killer in new kernels (Andreas Jaeger)
- Parse and interpret NETFILTER_PKT events correctly
- Return error if auditctl -l fails (#709345)
- In audisp-remote, replace glibc's fgets with custom implementation
The bulk of this release is fixing up the parsers for new events. This release also
updates the oom handler code for recent kernels. And reliability of logging remote
events was improved.
Please let me know if you run across any problems with this release.
-Steve
More information about the Linux-audit
mailing list