audit-3.0

Steve Grubb sgrubb at redhat.com
Tue Jun 18 14:36:22 UTC 2019 

Hello Philippe,

On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote:
> On the mailing list a few days ago, it was announce that Audit-3.0 alpha8 
> was available. I am a little bit confused because on a RHEL 8 server I get
> :
> rpm -q audit
> audit-3.0-0.10.20180831git0047a6c.el8.x86_64
> What are the link between the Rhel 8 rpm and the version audit-3.0
> announced. 

The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches. The 
package version should be a clue that this is a git snapshot. The Fedora 
packaging guidelines say that if it is a pre-release git snapshot, version 
must start with 0 so it can be overridden in the future, and the date + git + 
last commit hash must be included so that anyone can identify exactly what 
this is.

> I can't imagine RHEL8 using an alpha version.

Why? Anything put into RHEL is carefully tested. (Fedora has also been 
running on alpha/git snapshots for about a year, too.) Also, I stopped 
feature development in audit-3.0 around August of last year. Everything going 
in since then has been bugs reported or discovered or at most small patches 
to support new kernel features. So, audit userspace should be considered as 
becoming mature, stable code that will not be developed at the same pace as 
before.

I expect that when container support lands, there will be a couple rounds of 
development to make it nice to use. But then its back to listening for bug 
reports.

To be honest, I think at this point anything of value is really higher up the 
stack. IOW, visualizing, aggregating, or alerting at scale.

-Steve


> As the side note the Rhel 8 rpm has the following description
> rpm -qi audit
> Name        : audit
> Version     : 3.0
> Release     : 0.10.20180831git0047a6c.el8
> Architecture: x86_64
> Install Date: Mon 17 Jun 2019 05:55:23 PM CEST
> Group       : Unspecified
> Size        : 678098
> License     : GPLv2+
> Signature   : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID
> 199e2f91fd431d51 Source RPM  :
> audit-3.0-0.10.20180831git0047a6c.el8.src.rpm
> Build Date  : Wed 09 Jan 2019 06:26:29 PM CET
> Build Host  : x86-vm-06.build.eng.bos.redhat.com
> Relocations : (not relocatable)
> Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
> Vendor      : Red Hat, Inc.
> URL         : http://people.redhat.com/sgrubb/audit/
> Summary     : User space tools for 2.6 kernel auditing
> 
> Of course the kernel for REHL8 is :
> rpm -q kernel
> kernel-4.18.0-80.el8.x86_64
> 
> Any clarification is welcome

More information about the Linux-audit mailing list