Upgrading audit package

[Steve Grubb]

Hello,

On Monday, July 11, 2016 8:17:50 AM EDT Bhagwat, Shriniketan Manjunath wrote:
> I am using audit in my development environment. My development environment
> is as below.
> 
> RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit-2.2-2.el6.x86_64.
> SUSE 11 SP3 with kernel 3.0.76-0.11-default and audit-1.8-0.30.1
> 
> As I understand the above audit packages I am using in my environment are
> user space audit. I want to upgrade it to the latest version.

RHEL5's last valid audit package would be 1.8. The 2.x branch removed 
functions from the ABI and changed the buffer size which means that you would 
have to recompile everything that has a dependency on audit-libs. If they are 
using any removed functions you would have to patch them to use something 
else.

> If I upgrade the audit packages to latest version 2.6.X will there be any
> issues?

Probably. The audit 2.x release also has a soname number change for libaudit. 
Apps won't be able to find it during startup.

> Linux Audit kernel available with kernel 2.6.32-431.el6.x86_64 and
> 3.0.76-0.11 are compatible with user space audit 2.6.X?

I have never tested that configuration. I will likely work except for the 
missing kernel support. The bigger issue is everything in user space that 
links against libaudit.

> In your opinion what
> is the suitable audit package for my environment to upgrade? If these topics
> are already documented please guide me to the documentation.

Speaking for the RHEL side of things...if its a RHEL5 system, audit-1.8 is the 
end of the line. After that and you are in unknown territory.

-Steve