From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: audit 2.8.2 released Date: Thu, 14 Dec 2017 13:07:42 -0500 Message-ID: <1977264.EQ9jfnC5VH@x2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from x2.localnet (ovpn-123-105.rdu2.redhat.com [10.10.123.105]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EB0C37EF70 for ; Thu, 14 Dec 2017 18:07:45 +0000 (UTC) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Linux Audit List-Id: linux-audit@redhat.com Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - Update tables for 4.14 kernel - Fixup ipv6 server side binding - AVC report from aureport was missing result column header (#1511606) - Add SOFTWARE_UPDATE event - In ausearch/report pickup any path and new-disk fields as a file - Fix value returned by auditctl --reset-lost (Richard Guy Briggs) - In auparse, fix expr_create_timestamp_comparison_ex to be numeric field - Fix building on old systems without linux/fanotify.h - Fix shell portability issues reported by shellcheck - Auditd validate_email should not use gethostbyname This is a bug fix release that corrects several things in the 2.8 series. IPv6 support was not binding to an IPv6 socket on the server side. auditctl -- reset-lost is intended to return the current value of the lost events value. It was returning the netlink sequence number. This is now corrected. The new ausearch test suite detected a bug in auparse_search functions that was introdiced in 2.8, the date was not considered a numeric field and thus could not match dates. This is fixed. It was also discovered that on older systems without fanotify.h, the build would fail. And lastly, validate_email was using gethostby name which validated against IPv4 addresses which is wrong given that IPv6 support was introduced. This has also been fixed. SHA256: 67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba Please let me know if you run across any problems with this release. -Steve