Upgrading audit package
Steve Grubb
sgrubb at redhat.com
Mon Jul 11 17:17:39 UTC 2016
Hello,
On Monday, July 11, 2016 8:17:50 AM EDT Bhagwat, Shriniketan Manjunath wrote:
> I am using audit in my development environment. My development environment
> is as below.
>
> RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit-2.2-2.el6.x86_64.
> SUSE 11 SP3 with kernel 3.0.76-0.11-default and audit-1.8-0.30.1
>
> As I understand the above audit packages I am using in my environment are
> user space audit. I want to upgrade it to the latest version.
RHEL5's last valid audit package would be 1.8. The 2.x branch removed
functions from the ABI and changed the buffer size which means that you would
have to recompile everything that has a dependency on audit-libs. If they are
using any removed functions you would have to patch them to use something
else.
> If I upgrade the audit packages to latest version 2.6.X will there be any
> issues?
Probably. The audit 2.x release also has a soname number change for libaudit.
Apps won't be able to find it during startup.
> Linux Audit kernel available with kernel 2.6.32-431.el6.x86_64 and
> 3.0.76-0.11 are compatible with user space audit 2.6.X?
I have never tested that configuration. I will likely work except for the
missing kernel support. The bigger issue is everything in user space that
links against libaudit.
> In your opinion what
> is the suitable audit package for my environment to upgrade? If these topics
> are already documented please guide me to the documentation.
Speaking for the RHEL side of things...if its a RHEL5 system, audit-1.8 is the
end of the line. After that and you are in unknown territory.
-Steve
More information about the Linux-audit
mailing list