* audit 1.6.7 released
@ 2008-01-31 22:40 Steve Grubb
0 siblings, 0 replies; only message in thread
From: Steve Grubb @ 2008-01-31 22:40 UTC (permalink / raw)
To: Linux Audit
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- In ausearch/report, prefer -if to stdin
- In ausearch/report, add new command line option --input-logs (#428860)
- Updated audisp-prelude based on feedback from prelude-devel
- Added prelude alert for promiscuous socket being opened
- Added prelude alert for SE Linux policy enforcement changes
- Added prelude alerts for Forbidden Login Locations and Time
- Applied patch to auparse fixing error handling of searching by
interpreted value (Miloslav Trmac)
Based on feedback from the prelude-devel list, I changed the analyzer name of
the prelude plugin to auditd. This means that you will have to re-register
the audisp-prelude plugin and use the new name. I have put instructions in
the prelude HOWTO that you can find here:
http://people.redhat.com/sgrubb/audit/prelude.txt
This release completes the initial development for the audisp-prelude plugin.
It adds alerts for logins from forbidden locations and times, promiscuous
socket open/close, and changes to SE Linux policy enforcement. This release
also fills in more fields to better meet IDMEF standards. The SE Linix AVC
alert now has the actual AVC in it. I will work more on this plugin later
this spring, I need to spend some time on remote logging.
Please let me know if you run across any problems with this release.
-Steve
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-01-31 22:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-31 22:40 audit 1.6.7 released Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox