From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: audit 2.4.5 released
Date: Fri, 18 Dec 2015 14:49:25 -0500
Message-ID: <1929164.Q9DeV9IFDj@x2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from x2.localnet (vpn-55-42.rdu2.redhat.com [10.10.55.42])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id tBIJnO2f015622
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <linux-audit@redhat.com>; Fri, 18 Dec 2015 14:49:25 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Hello,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:

- Fix auditd disk flushing for data and sync modes
- Fix auditctl to not show options not supported on older OS
- Add audit.m4 file to aid adding support to other projects
- Fix C99 inline function build issue
- Add account lock and unlock event types
- Change logging loophole check to geteuid()
- Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn Alting)
- Fix ausearch to parse FEATURE_CHANGE events

This release fixes disk flushing to work as it was intended. If you use either 
the data or sync mode, you might notice a performance change.

This release also fixes a build issue when using a new compiler.

The loophole that we allow for a process to continue when it should fail was 
changed to use the euid rather than the uid. This should be more correct based 
on the capabilities man page.

Ausearch was having problems parsing AUDIT_PROCTITLE and  FEATURE_CHANGE 
events. This was cleaned up and now passed the ausearch-test test suite.

This release will also be the beginning point of a new branch, audit-2.4, that 
will be lightly maintained for a while. At this point I don't think there will 
be a 2.4.6 release, but you never know.

Going forward to the 2.5 release, I would like to make a lot of changes to the 
rules and break them up into small ones that can be assembled by augenrules. I 
will also restructure a few of the directories and get things ready to start 
doing more with the data format. The audit by process name patch will be 
applied real soon since a kernel with that work should be landing soon.

Please let me know if you run across any problems with this release.

-Steve