From: Steve Grubb <sgrubb@redhat.com>
To: Jonathan Abbey <jonabbey@arlut.utexas.edu>
Cc: linux-audit@redhat.com, "Thomas,
Daniel J." <Daniel.Thomas@jhuapl.edu>,
"Wieprecht, Karen M." <Karen.Wieprecht@jhuapl.edu>
Subject: Re: Tools for reviewing audit logs ?
Date: Wed, 13 Dec 2006 12:21:00 -0500 [thread overview]
Message-ID: <200612131221.00642.sgrubb@redhat.com> (raw)
In-Reply-To: <20061213163604.GB5162@arlut.utexas.edu>
On Wednesday 13 December 2006 11:36, Jonathan Abbey wrote:
> I'm guessing that was Leigh Purdie and the Snare team down at
> Intersect Alliance in oz.
It wasn't Leigh, it was someone else about a month later.
> They are providing/recommending 'audit-1.2.1-1.i386.rpm' and
> 'audit-libs-1.2.1-1.i386.rpm' in addition to their
> SnareLinux-1.0b7-1.i386.rpm,
Hopefully that is "or higher".
> but I'm not sure why that's necessary, given that RHEL4 should be providing
> those pieces (albeit with lower version numbers?) out of the box.
RHEL4 did not have the dispatcher interface in it right away. I wanted to
study the problem a little more since the API might change based on real use
scenarios.
I think we've gotten enough runtime now to see how its working out and I've
backported it - which became the 1.0.15 release. I have another set of
updates to make and I'll release a 1.0.16 version and that should make it to
the U5 release. So, that would be the first RHEL4 version that could support
such a setup.
-Steve
next prev parent reply other threads:[~2006-12-13 17:21 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20061211170024.6F9DF7337D@hormel.redhat.com>
2006-12-11 17:15 ` Linux-audit Digest, Vol 27, Issue 2 Thomas, Daniel J.
2006-12-11 18:20 ` Steve Grubb
2006-12-11 19:20 ` Thomas, Daniel J.
2006-12-11 19:33 ` Steve Grubb
2006-12-11 20:32 ` Wieprecht, Karen M.
2006-12-11 23:03 ` Steve Grubb
2006-12-12 2:16 ` Wieprecht, Karen M.
2006-12-12 22:08 ` Tools for reviewing audit logs ? Wieprecht, Karen M.
2006-12-12 22:29 ` Steve Grubb
2006-12-13 16:36 ` Jonathan Abbey
2006-12-13 17:21 ` Steve Grubb [this message]
2006-12-13 20:12 ` Wieprecht, Karen M.
2006-12-13 16:45 ` Wieprecht, Karen M.
2006-12-13 17:09 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200612131221.00642.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=Daniel.Thomas@jhuapl.edu \
--cc=Karen.Wieprecht@jhuapl.edu \
--cc=jonabbey@arlut.utexas.edu \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.