From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Paris Subject: Re: audit 1.6.4 released Date: Sun, 30 Dec 2007 11:24:41 -0500 Message-ID: <1199031881.3716.2.camel@localhost.localdomain> References: <200712291044.10368.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <200712291044.10368.sgrubb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: Linux Audit List-Id: linux-audit@redhat.com On Sat, 2007-12-29 at 10:44 -0500, Steve Grubb wrote: > Hi, > > I've just released a new version of the audit daemon. It can be downloaded > from http://people.redhat.com/sgrubb/audit It will also be in rawhide > soon. The Changelog is: > > - fchmod of log file was on wrong variable > - Allow use of errno strings for exit codes in audit rules > > This release fixes a major bug that got introduced in the last release. The > code that fixes a permission problem was using the wrong variable. It happens > that the result was applied to /dev/null instead of the audit log. If you had > selinux in enforcing mode - nothing happened, for everyone else.../dev/null > probably got messed up. Oopsie. close, so close. Now auditd is fchmoding /var/log/audit/audit.log to 600 and everything works fine. But run 'service auditd restart' or just reboot and audit will refuse to start! Dec 30 11:53:43 dhcp231-146 auditd: /var/log/audit/audit.log permissions should be 0640 But at least this time it isn't breaking the whole system :) -Eric