audit 1.2.1 released

audit 1.2.1 released

[Steve Grubb]

Hi,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
tomorrow. The Changelog is:

- New message type for trusted apps
- Add new keywords: today, yesterday, & now for ausearch and aureport
- Make audit_log_user_avc_message really send to syslog on error
- Updated syscall tables in auditctl
- Deprecated the 'possible' action for syscall rules in auditctl
- Update watch code to use file syscalls instead of 'all' in auditctl

This is mostly a bugfix release. Let me know if there are any problems with 
it.

-Steve

Re: audit 1.2.1 released

[Michael C Thompson]

Steve Grubb wrote:
> Hi,
> 
> I've just released a new version of the audit daemon. It can be downloaded 
> from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
> tomorrow. The Changelog is:
> 
> - New message type for trusted apps

Can you given an example of this new message type please?

> - Add new keywords: today, yesterday, & now for ausearch and aureport
> - Make audit_log_user_avc_message really send to syslog on error
> - Updated syscall tables in auditctl
> - Deprecated the 'possible' action for syscall rules in auditctl
> - Update watch code to use file syscalls instead of 'all' in auditctl
> 
> This is mostly a bugfix release. Let me know if there are any problems with 
> it.
> 
> -Steve

Re: audit 1.2.1 released

[Steve Grubb]

On Tuesday 18 April 2006 10:06, Michael C Thompson wrote:
> > - New message type for trusted apps
>
> Can you given an example of this new message type please?

It is AUDIT_TRUSTED_APP. Just use it with audit_log_user_message. This is for 
third party's that want to log something to the audit system from their 
trusted app. I think examples given were virus scanners, intrusion detection 
systems, and other such beasts. Nothing to do with LSPP or CAPP.

-Steve