From: Steve Grubb <sgrubb@redhat.com>
To: Linux Audit <linux-audit@redhat.com>
Subject: audit 1.7.5 released
Date: Mon, 25 Aug 2008 14:14:38 -0400 [thread overview]
Message-ID: <200808251414.38396.sgrubb@redhat.com> (raw)
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- Update system-config-audit to 0.4.8 (Miloslav Trmac)
- Don't free const fcntl strings in auparse (Miloslav Trmac)
- Fix priority_boost_parse and freq_parse functions INT_MAX compares (Chu Li)
- Fix parsing in ausearch user records for acct field (Peng Haitao)
- Allow only 1 add or delete operation per auditctl rule (Yu Zhiguo)
- Delay freeing file path in auditd-config.c and audispd-pconfig.c (wangf)
- Update IDMEF node classifications
- Apply cleanup of auditctl.c main(). (Yu Zhiguo)
- Fix parsing of exec options to some auditd actions (Chu Li)
- Correct permission test on dispatcher and exe name (Chu Li)
- Disallow using exit field on the entry filter (Zhang Xiliang)
- Correct the calculation of nlmsg_len (Yu Zhiguo)
- Fix parsing of CONFIG_CHANGE events so that search on keys work (Peng
Haitao)
- Fix parsing of filter,action in auditctl
- Fix format string of audit status in auditctl (Yu Zhiguo)
- Better checking of field & filter combinations (Zhang Xiliang)
- Call prelude_deinit when shutting down prelude plugin
- Make sure value is given after the operator in auditctl rules (Zhang
Xiliang)
- Error when rule require numeric value and one is not given (Zhang Xiliang)
- Remove unnecessary base name code (Chu Li)
- Cleanup checking of field name & operator (Zhang Xiliang)
- Add audit_number_to_errmsg() function for error strings (Zhang Xiliang)
- Reimplement auditd main loop using libev (DJ Delorie)
- Update unknown uid/gid messages in audit rule parsing (Cai Xianchao)
- Don't allow negative uid/gid in audtictl rules (Cai Xianchao)
- Add TCP listener and managed remote protocol features (DJ Delorie)
- Allow config_change audit records with no auid to parse in ausearch/report
- Attempt to solve scheduler issue where queues overflow
- Strip the newline off events converted to string in audispd
This is a huge changelog and is probably one of the more significant code
cleanups in very long time. Thanks to the Fujitsu people for submitting all
the patches!
The other significant item in this release is the receive code for the remote
audit logging. See this email thread for details:
https://www.redhat.com/archives/linux-audit/2008-August/msg00118.html
I will probably follow this release up with another release in about 2-3 weeks
that finishes the remote logging and updates the syscall tables for the
2.6.27 kernel.
Please let me know if you run across any problems with this release.
-Steve
next reply other threads:[~2008-08-25 18:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-25 18:14 Steve Grubb [this message]
2008-08-25 18:25 ` audit 1.7.5 released Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200808251414.38396.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox