From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: audit-2.0.4 released
Date: Tue, 8 Dec 2009 10:59:02 -0500
Message-ID: <200912081059.02265.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from x2.localnet (vpn-8-183.rdu.redhat.com [10.11.8.183])
	by int-mx03.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id nB8Fxboo029662
	for <linux-audit@redhat.com>; Tue, 8 Dec 2009 10:59:37 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Hi,

I've just released a new version of the audit daemon. It can be downloade=
d=20
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide =20
soon. The ChangeLog is:

- Make alpha processor support optional
- Add support for the arm eabi processor
- add a compatible regexp processing capability to auparse (Miloslav Trma=
=C4=8D)
- Fix regression in parsing user space originating records in aureport
- Add tcp_max_per_addr option in auditd.conf to limit concurrent connecti=
ons
- Rearrange shutdown of auditd to allow DAEMON_END event more time

This release drops support for the alpha processor unless you re-add "--w=
ith-
alpha" to the ./configure line. This release also adds support for the ar=
m eabi=20
processor when you add "--with-armeb" to the ./configure line. Please not=
e that=20
the 2.6.32 kernel does not actually work for auditing on ARM systems.=20
Hopefully someone will write the 4-5 lines of code to make it work.

A new regexp processing capability was added to libauparse. And there wer=
e=20
several bug fixes. The first was that I noticed on 2.0.x systems that use=
 of=20
authentication mechanisms was not showing up in aureport even though they=
 were=20
in the logs. The problem was traced to not applying a patch that correcte=
d=20
parsing with the slight format change in the 2.0.x series. A new config o=
ption=20
was added to auditd.conf to set the maximum number of concurrent system=20
connections. The default is 1 which should work for most installations. A=
nd=20
lastly, the shutdown sequence was altered slightly to give remote logged =
audit=20
events a little more time to get sent before the audit daemon starts=20
terminating child processes.

Please let me know if you run across any problems with this release.

-Steve