audit 2.8.5 released

audit 2.8.5 released

[Steve Grubb]

Hello,

I've just released a new version of the audit daemon. It can be
downloaded from http://people.redhat.com/sgrubb/audit. It will also be
in rawhide soon. The ChangeLog is:

- Fix segfault on shutdown
- Fix hang on startup (#1587995)
- Add sleep to script to dump state so file is ready when needed
- Add auparse_normalizer support for SOFTWARE_UPDATE event
- Mark netlabel events as simple events so that get processed quicker
- When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
- Add 30-ospp-v42.rules to meet new Common Criteria requirements
- Update lookup tables for the 4.18 kernel
- In aureport, fix segfault in file report
- Add auparse_normalizer support for labeled networking events
- Fix memory leak in audisp-remote plugin when using krb5 transport. 
(#1622194)
- Event aging is off by a second
- In ausearch/auparse, correct event ordering to process oldest first
- auparse_reset was not clearing everything it should
- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
- In ausearch/report, lightly parse selinux portion of USER_AVC events
- In ausearch/report, limit record size when malformed
- In auditd, fix extract_type function for network originating events
- In auditd, calculate right size and location for network originating events
- Treat all network originating events as VER2 so dispatcher doesn't format 
it
- In audisp-remote do an initial connection attempt (#1625156)
- In auditd, allow expression of space left as a percentage (#1650670)
- On PPC64LE systems, only allow 64 bit rules (#1462178)
- Make some parts of auditd state report optional based on config
- Fix ausearch when checkpointing a single file (Burn Alting)
- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
- In ausearch, do not checkpt if stdin is input source
- In libev, remove __cold__ attribute for functions to allow proper hardening
- Add tests to configure.ac for openldap support
- Make systemd support files use /run rather than /var/run (Christian Hesse)
- Fix minor memory leak in auditd kerberos credentials code
- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
- In ausearch/report fix --end to use midnight time instead of now (#1671338)

This is a big update to the maintenance branch of the audit package. All of 
the fixes included here are cherry picked fixes from the audit-3.0 development 
branch. This might be the last release for the 2.8 code base. We'll just have 
to see. 

Work on the audit-3.0 release is waiting for the audit container work to land 
and then should be released soon thereafter. (Just in case people were wonder 
what is holding up an official audit-3.0 release.)

SHA256: 0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7

Please let me know if you run across any problems with this release.

-Steve

Re: audit 2.8.5 released

[warron.french]

[-- Attachment #1.1: Type: text/plain, Size: 3507 bytes --]

Hi Steve, nice to hear from you.

I have some questions for you, if you don't mind.

   1. Are you referred to as a Release Engineer?
   2. What specifically is rawhide in the context of this email message?
   3. Is Audit-3.0 going to be the standard for Red Hat 8 variants?


Thank you for your time,
--------------------------
Warron French



On Fri, Mar 1, 2019 at 4:34 PM Steve Grubb <sgrubb@redhat.com> wrote:

> Hello,
>
> I've just released a new version of the audit daemon. It can be
> downloaded from http://people.redhat.com/sgrubb/audit. It will also be
> in rawhide soon. The ChangeLog is:
>
> - Fix segfault on shutdown
> - Fix hang on startup (#1587995)
> - Add sleep to script to dump state so file is ready when needed
> - Add auparse_normalizer support for SOFTWARE_UPDATE event
> - Mark netlabel events as simple events so that get processed quicker
> - When audispd is reconfiguring, only SIGHUP plugins with valid pid
> (#1614833)
> - Add 30-ospp-v42.rules to meet new Common Criteria requirements
> - Update lookup tables for the 4.18 kernel
> - In aureport, fix segfault in file report
> - Add auparse_normalizer support for labeled networking events
> - Fix memory leak in audisp-remote plugin when using krb5 transport.
> (#1622194)
> - Event aging is off by a second
> - In ausearch/auparse, correct event ordering to process oldest first
> - auparse_reset was not clearing everything it should
> - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
> - In ausearch/report, lightly parse selinux portion of USER_AVC events
> - In ausearch/report, limit record size when malformed
> - In auditd, fix extract_type function for network originating events
> - In auditd, calculate right size and location for network originating
> events
> - Treat all network originating events as VER2 so dispatcher doesn't
> format
> it
> - In audisp-remote do an initial connection attempt (#1625156)
> - In auditd, allow expression of space left as a percentage (#1650670)
> - On PPC64LE systems, only allow 64 bit rules (#1462178)
> - Make some parts of auditd state report optional based on config
> - Fix ausearch when checkpointing a single file (Burn Alting)
> - Fix scripting in 31-privileged.rules wrt filecap (#1662516)
> - In ausearch, do not checkpt if stdin is input source
> - In libev, remove __cold__ attribute for functions to allow proper
> hardening
> - Add tests to configure.ac for openldap support
> - Make systemd support files use /run rather than /var/run (Christian
> Hesse)
> - Fix minor memory leak in auditd kerberos credentials code
> - Fix auditd regression where keep_logs is limited by rotate_logs 2 file
> test
> - In ausearch/report fix --end to use midnight time instead of now
> (#1671338)
>
> This is a big update to the maintenance branch of the audit package. All
> of
> the fixes included here are cherry picked fixes from the audit-3.0
> development
> branch. This might be the last release for the 2.8 code base. We'll just
> have
> to see.
>
> Work on the audit-3.0 release is waiting for the audit container work to
> land
> and then should be released soon thereafter. (Just in case people were
> wonder
> what is holding up an official audit-3.0 release.)
>
> SHA256: 0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7
>
> Please let me know if you run across any problems with this release.
>
> -Steve
>
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>

[-- Attachment #1.2: Type: text/html, Size: 4891 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: audit 2.8.5 released

[Lenny Bruzenak]

On 3/1/19 2:33 PM, Steve Grubb wrote:

> Hello,
>
> I've just released a new version of the audit daemon. It can be
> downloaded from http://people.redhat.com/sgrubb/audit. It will also be
> in rawhide soon. The ChangeLog is:
> ...
>
> This is a big update to the maintenance branch of the audit package. All of 
> the fixes included here are cherry picked fixes from the audit-3.0 development 
> branch. This might be the last release for the 2.8 code base. We'll just have 
> to see. 


Wow; this is a lot of fixes. Thanks Steve (and bug fixers)!

LCB

-- 
Lenny Bruzenak
MagitekLTD

Re: Re: audit 2.8.5 released

[litaibaichina]

Hi Guys,

The download link is pointing to 2.8.3 ?   Anyone tried ?

https://people.redhat.com/sgrubb/audit/audit-2.8.3.tar.gz

 
From: Lenny Bruzenak
Date: 2019-03-05 02:14
To: linux-audit
Subject: Re: audit 2.8.5 released
On 3/1/19 2:33 PM, Steve Grubb wrote:
 
> Hello,
>
> I've just released a new version of the audit daemon. It can be
> downloaded from http://people.redhat.com/sgrubb/audit. It will also be
> in rawhide soon. The ChangeLog is:
> ...
>
> This is a big update to the maintenance branch of the audit package. All of
> the fixes included here are cherry picked fixes from the audit-3.0 development
> branch. This might be the last release for the 2.8 code base. We'll just have
> to see.
 
 
Wow; this is a lot of fixes. Thanks Steve (and bug fixers)!
 
LCB
 
--
Lenny Bruzenak
MagitekLTD
 
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Re: audit 2.8.5 released

[Steve Grubb]

Hello,

On Tuesday, March 5, 2019 4:24:52 AM EST litaibaichina@gmail.com wrote:
> The download link is pointing to 2.8.3 ?   Anyone tried ?

Thanks for reporting this. Link is fixed now.

-Steve

> https://people.redhat.com/sgrubb/audit/audit-2.8.3.tar.gz
> 
>  
> From: Lenny Bruzenak
> Date: 2019-03-05 02:14
> To: linux-audit
> Subject: Re: audit 2.8.5 released
>  
> 
> On 3/1/19 2:33 PM, Steve Grubb wrote:
> > Hello,
> > 
> > I've just released a new version of the audit daemon. It can be
> > downloaded from http://people.redhat.com/sgrubb/audit. It will also be
> > in rawhide soon. The ChangeLog is:
> > ...
> > 
> > This is a big update to the maintenance branch of the audit package. All
> > of the fixes included here are cherry picked fixes from the audit-3.0
> > development branch. This might be the last release for the 2.8 code
> > base. We'll just have to see.
> 
>  
>  
> Wow; this is a lot of fixes. Thanks Steve (and bug fixers)!
>  
> LCB
>  
> --
> Lenny Bruzenak
> MagitekLTD
>  
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit