audit-3.0
Steve Grubb
sgrubb at redhat.com
Tue Jun 18 14:36:22 UTC 2019
Hello Philippe,
On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote:
> On the mailing list a few days ago, it was announce that Audit-3.0 alpha8
> was available. I am a little bit confused because on a RHEL 8 server I get
> :
> rpm -q audit
> audit-3.0-0.10.20180831git0047a6c.el8.x86_64
> What are the link between the Rhel 8 rpm and the version audit-3.0
> announced.
The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches. The
package version should be a clue that this is a git snapshot. The Fedora
packaging guidelines say that if it is a pre-release git snapshot, version
must start with 0 so it can be overridden in the future, and the date + git +
last commit hash must be included so that anyone can identify exactly what
this is.
> I can't imagine RHEL8 using an alpha version.
Why? Anything put into RHEL is carefully tested. (Fedora has also been
running on alpha/git snapshots for about a year, too.) Also, I stopped
feature development in audit-3.0 around August of last year. Everything going
in since then has been bugs reported or discovered or at most small patches
to support new kernel features. So, audit userspace should be considered as
becoming mature, stable code that will not be developed at the same pace as
before.
I expect that when container support lands, there will be a couple rounds of
development to make it nice to use. But then its back to listening for bug
reports.
To be honest, I think at this point anything of value is really higher up the
stack. IOW, visualizing, aggregating, or alerting at scale.
-Steve
> As the side note the Rhel 8 rpm has the following description
> rpm -qi audit
> Name : audit
> Version : 3.0
> Release : 0.10.20180831git0047a6c.el8
> Architecture: x86_64
> Install Date: Mon 17 Jun 2019 05:55:23 PM CEST
> Group : Unspecified
> Size : 678098
> License : GPLv2+
> Signature : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID
> 199e2f91fd431d51 Source RPM :
> audit-3.0-0.10.20180831git0047a6c.el8.src.rpm
> Build Date : Wed 09 Jan 2019 06:26:29 PM CET
> Build Host : x86-vm-06.build.eng.bos.redhat.com
> Relocations : (not relocatable)
> Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
> Vendor : Red Hat, Inc.
> URL : http://people.redhat.com/sgrubb/audit/
> Summary : User space tools for 2.6 kernel auditing
>
> Of course the kernel for REHL8 is :
> rpm -q kernel
> kernel-4.18.0-80.el8.x86_64
>
> Any clarification is welcome
More information about the Linux-audit
mailing list