From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: audit 1.6.9 released Date: Sun, 9 Mar 2008 20:06:39 -0400 Message-ID: <200803092006.39850.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: Received: from vpn-14-125.rdu.redhat.com (vpn-14-125.rdu.redhat.com [10.11.14.125]) by mail.boston.redhat.com (8.13.1/8.13.1) with ESMTP id m2A06ikB002641 for ; Sun, 9 Mar 2008 20:06:49 -0400 Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Linux Audit List-Id: linux-audit@redhat.com Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide soon. The Changelog is: - Apply hidden attribute cleanup patch (Miloslav Trmac) - Apply auparse expression interface patch (Miloslav Trmac) - Fix potential memleak in audit event dispatcher - Change default audispd queue depth to 80 - Update system-config-audit to version 0.4.6 (Miloslav Trmac) - audisp-prelude alerts now controlled by config file - Updated syscall table for 2.6.25 kernel - Apply patch correcting acct field being misencoded (Miloslav Trmac) - Added watched account login detection for prelude plugin This release adds new syscalls from the 2.6.25 kernel. it also improves the audisp-prelude plugin by giving a configuration file where individual alerts can be enable disabled as well as a custom profile name set for prelude. The plugin was also improved by adding the capability to watch for login events of admin selected accounts and send an alert. Currently this only works on successful logins, but will be updated to include some failed attempts, too. Please let me know if you run across any problems with this release. -Steve