* audit 1.6.6 released
@ 2008-01-19 21:57 Steve Grubb
0 siblings, 0 replies; only message in thread
From: Steve Grubb @ 2008-01-19 21:57 UTC (permalink / raw)
To: Linux Audit
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- Add prelude IDS plugin for IDMEF alerts
- Add --user option to aulastlog command
- Spec file cleanups
This release adds an audispd plugin that watches for certain audit events in
real-time and sends an IDMEF alert when it sees something notable. I will
publish a HOWTO in a couple days to show how to go about setting up prelude
and registering this plugin. The events it is currently able to send are:
logins, max falied logins, max concurrent sessions, SE Linux AVCs, and apps
that abnormally terminate. I'll add more in the future. To build this plugin,
you need to add a --with-prelude to the configure command.
Please let me know if you run across any problems with this release.
-Steve
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-01-19 21:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-19 21:57 audit 1.6.6 released Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.