From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Tools for reviewing audit logs ? Date: Wed, 13 Dec 2006 12:21:00 -0500 Message-ID: <200612131221.00642.sgrubb@redhat.com> References: <200612121729.04049.sgrubb@redhat.com> <20061213163604.GB5162@arlut.utexas.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20061213163604.GB5162@arlut.utexas.edu> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Jonathan Abbey Cc: linux-audit@redhat.com, "Thomas, Daniel J." , "Wieprecht, Karen M." List-Id: linux-audit@redhat.com On Wednesday 13 December 2006 11:36, Jonathan Abbey wrote: > I'm guessing that was Leigh Purdie and the Snare team down at > Intersect Alliance in oz. It wasn't Leigh, it was someone else about a month later. > They are providing/recommending 'audit-1.2.1-1.i386.rpm' and > 'audit-libs-1.2.1-1.i386.rpm' in addition to their > SnareLinux-1.0b7-1.i386.rpm, Hopefully that is "or higher". > but I'm not sure why that's necessary, given that RHEL4 should be providing > those pieces (albeit with lower version numbers?) out of the box. RHEL4 did not have the dispatcher interface in it right away. I wanted to study the problem a little more since the API might change based on real use scenarios. I think we've gotten enough runtime now to see how its working out and I've backported it - which became the 1.0.15 release. I have another set of updates to make and I'll release a 1.0.16 version and that should make it to the U5 release. So, that would be the first RHEL4 version that could support such a setup. -Steve