From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: audit 2.7.5 released Date: Mon, 10 Apr 2017 14:43:41 -0400 Message-ID: <1532644.lcFAHzg6gT@x2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from x2.localnet (ovpn-121-36.rdu2.redhat.com [10.10.121.36]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4812F17AFB for ; Mon, 10 Apr 2017 18:43:36 +0000 (UTC) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - In auparse, output socket family name if unsupported but known - In auparse, store arch & syscall fields in SECCOMP records for interpretation - In auparse_normalize, create an event_kind for seccomp events - In auparse, when interpreting discard 'unknown' enriched fields This release has less development than normal. This is because I run across two bugs that I thought merit getting an updated audit daemon out sooner than later. The first bug was reported Laurent Bigonville where it was noticed that ausearch could be caused to segfault when it encountered a PF_PACKET socket address. The other bug was that SECCOMP events were not resolving the syscall when the enriched event logging format was being used. This was corrected both in the creation of records and in searching records that already had bad data in them. SHA256: 9ca4142fb6809367070a3f3449979055fa2daeb12a0a88c4874a0cfd02133922 Please let me know if you run across any problems with this release. -Steve