From: Steve Grubb <sgrubb@redhat.com>
To: Linux Audit <linux-audit@redhat.com>
Subject: audit 1.7.12 released
Date: Tue, 24 Feb 2009 18:10:33 -0500 [thread overview]
Message-ID: <200902241810.33800.sgrubb@redhat.com> (raw)
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- Add definitions for crypto events
- Fix regression where msgtype couldn't be used as a range in audit rules
- In libaudit, extend time spent checking reply
- In acct events, prefer id over acct if given
- In aulast, try id and acct in USER_LOGIN events
- When in immutable mode, have auditctl tell user instead of sending rules
- Add option to sysconfig to disable audit system on auditd stop
- Add tcp_wrappers config option to auditd
- Aulastlog can now take input from stdin
- Update libaudit python bindings to throw exceptions on error
- Adjust formatting of TTY data in libauparse to be like ausearch/report
- Add more key mappings to TTY interpretations
- Add internal queue to audisp-remote
- Fix failure action code to allow executables in audisp-remote (Chu Li)
- Fix memory leak when NOLOG log_format option given to auditd
- Quieten some of the reconnect text being sent to syslog in audisp-remote
- Apply some libev fixups to auditd
- Cleanup shutdown sequence of auditd
- Allow auditd log rotation via SIGUSR1 when NOLOG log format option given
This is mostly a bugfix release. There was a regression introduced into
auditctl where the msgtype field was no longer able to be used for a range of
audit records. There was also a bug where a heavily loaded system or one not
getting much runtime due to virtualization would not get a netlink reply
(EAGAIN) and this caused pamified services to not work. Now in immutable
mode, auditctl will output something to stderr to let you know that you can't
change the audit rules. The init scripts now have a new option to configure
in /etc/sysconfig/audit that determines whether or not to leave the audit
system enabled during shutdown.
In the remote logging category, there is a new option to auditd to
enable/disable tcp_wrappers at runtime. An internal queue was added to the
remote logger so that if the remote server goes down, events will be queued
in memory in hopes of being able to transfer them when the connection is
re-established. Failure action in the remote loggers now accept paths to
executables. When the NOLOG option is given, a memory has been fixed. Further
review of NOLOG found that sigusr1 commands were not having any effect when
NOLOG option was given.
On the TTY audit front, libauparse was updated to match the output of ausearch
and new keystroke mappings were added.
Please let me know if you run across any problems with this release.
-Steve
reply other threads:[~2009-02-24 23:10 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200902241810.33800.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox