From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: audit 1.6.6 released
Date: Sat, 19 Jan 2008 16:57:39 -0500
Message-ID: <200801191657.40010.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from vpn-14-50.rdu.redhat.com (vpn-14-50.rdu.redhat.com
	[10.11.14.50])
	by mail.boston.redhat.com (8.13.1/8.13.1) with ESMTP id m0JLw7mg029435
	for <linux-audit@redhat.com>; Sat, 19 Jan 2008 16:58:07 -0500
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hi,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
soon. The Changelog is:

- Add prelude IDS plugin for IDMEF alerts
- Add --user option to aulastlog command
- Spec file cleanups

This release adds an audispd plugin that watches for certain audit events in 
real-time and sends an IDMEF alert when it sees something notable. I will 
publish a HOWTO in a couple days to show how to go about setting up prelude 
and registering this plugin. The events it is currently able to send are: 
logins, max falied logins, max concurrent sessions, SE Linux AVCs, and apps 
that abnormally terminate. I'll add more in the future. To build this plugin, 
you need to add a --with-prelude to the configure command.

Please let me know if you run across any problems with this release.

-Steve