From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: audit 2.7.3 released
Date: Fri, 24 Feb 2017 17:19:14 -0500
Message-ID: <3744671.kQdgAaxMBr@x2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from x2.localnet (vpn-234-175.phx2.redhat.com [10.3.234.175])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7ED152D653
	for <linux-audit@redhat.com>; Fri, 24 Feb 2017 22:19:16 +0000 (UTC)
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hello,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:

- Add one more comma to ausearch csv output
- Add support for KERN_MODULE event
- Add selectable escaping for ausearch/report output
- In auparse normalizer, always report session for syscalls
- Modify systemd service file to make auditd a forking type of service
- Adjust a couple of words to prevent collisions in normalizer
- Change object_type to object_kind in the normalizer
- Add rudementary data for AVC without a syscall record
- Document auparse_normalize function

This release adds initial support for the KERN_MODULE event. It fixes a systemd 
race condition when booting up the system that loads a policy that makes the 
audit rules immutable.

Ausearch and aureport gained a new command line switch to allow you to control 
what kind of escaping it uses for the output. The options are raw, tty, shell, 
and shell_quote. The default is tty if nothing is passed.

All the rest of the work was on the auparse_normalizer. There was one ABI 
change where things were renamed from obj_type to obj_kind to better match 
other things. Too much confusion around the word type since it is a field name,

This is the last release off of the fedorahosted svn server. All future commits 
will be done on github and it will no longer be a mirror. 

Please let me know if you run across any problems with this release.

-Steve