From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: audit 1.6.3 released
Date: Thu, 27 Dec 2007 17:22:00 -0500
Message-ID: <200712271722.00122.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from vpn-14-136.rdu.redhat.com (vpn-14-136.rdu.redhat.com
	[10.11.14.136])
	by mail.boston.redhat.com (8.13.1/8.13.1) with ESMTP id lBRMMBPH012793
	for <linux-audit@redhat.com>; Thu, 27 Dec 2007 17:22:11 -0500
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hi,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
soon. The Changelog is:

- Add kernel release string to DEAMON_START events
- Log warning if audit event from kernel is too big
- Fix keep_logs when num_logs option disabled (#325561)
- Auditd commandline option to decide whether to enable kernel auditing on
  startup (Tony Jones)
- Fix auparse to handle node fields for syscall records
- Updates for auparse to uninterpret text search values (Miloslav Trmac)
- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
- Add keyword week-ago to aureport & ausearch start/end times
- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
- Get "make check" working for auparse
- Add RACF zos remote audispd plugin (Klaus Kiwi)
- Add event queue overflow action to audispd
- Make sure we are reading right amount of pipe in audispd

Please let me know if you run across any problems with this release.

-Steve