* audit 2.7.5 released
@ 2017-04-10 18:43 Steve Grubb
0 siblings, 0 replies; only message in thread
From: Steve Grubb @ 2017-04-10 18:43 UTC (permalink / raw)
To: linux-audit
Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- In auparse, output socket family name if unsupported but known
- In auparse, store arch & syscall fields in SECCOMP records for
interpretation
- In auparse_normalize, create an event_kind for seccomp events
- In auparse, when interpreting discard 'unknown' enriched fields
This release has less development than normal. This is because I run across
two bugs that I thought merit getting an updated audit daemon out sooner than
later. The first bug was reported Laurent Bigonville where it was noticed that
ausearch could be caused to segfault when it encountered a PF_PACKET socket
address.
The other bug was that SECCOMP events were not resolving the syscall when the
enriched event logging format was being used. This was corrected both in the
creation of records and in searching records that already had bad data in
them.
SHA256: 9ca4142fb6809367070a3f3449979055fa2daeb12a0a88c4874a0cfd02133922
Please let me know if you run across any problems with this release.
-Steve
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-04-10 18:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-10 18:43 audit 2.7.5 released Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.