Which auditd for which kernel?

From mboxrd@z Thu Jan 1 00:00:00 1970 From: Karl Katzke Subject: Which auditd for which kernel? Date: Mon, 25 Oct 2010 09:37:34 -0500 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8982335359420429318==" Return-path: Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com [10.5.110.9]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o9PEbscc006203 for ; Mon, 25 Oct 2010 10:37:56 -0400 Received: from bluefin.freedomhealthsys.com (host-192-216-106-5.biznesshosting.net [192.216.106.5]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o9PEbbmW024769 for ; Mon, 25 Oct 2010 10:37:39 -0400 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --===============8982335359420429318== Content-type: multipart/alternative; boundary="B_3370844255_218151" > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3370844255_218151 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable We=B9re on another linux distro, where 2.6.26 is the name of the game, and th= e changelog for auditd doesn=B9t seem to specify what the required version of the kernel is for which version of auditd. What=B9s the appropriate response? Step back to the 1.x arch of autid, although I note that the redhat build is 1.7.18 and the changelog doesn=B9t seem to have been updated since 1.7.13? Thanks, Karl Katzke --B_3370844255_218151 Content-type: text/html; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable Which auditd for which kernel? We’re on another linux distro, where 2.6.26 is the name of the game,= and the changelog for auditd doesn’t seem to specify what the require= d version of the kernel is for which version of auditd.

What’s the appropriate response? Step back to the 1.x arch of autid, = although I note that the redhat build is 1.7.18 and the changelog doesn̵= 7;t seem to have been updated since 1.7.13?

Thanks,
Karl Katzke --B_3370844255_218151-- --===============8982335359420429318== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============8982335359420429318==-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Which auditd for which kernel? Date: Mon, 25 Oct 2010 10:58:13 -0400 Message-ID: <201010251058.14207.sgrubb@redhat.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com Cc: Karl Katzke List-Id: linux-audit@redhat.com On Monday, October 25, 2010 10:37:34 am Karl Katzke wrote: > What=B9s the appropriate response? You can use either 1.7.18 or 2.0.5 on a 2.6.25 kernel. However, note that t= he = audit code has been branched. The 1.7 branch is maintenance only, while act= ive = development and new features are on the 2.x branch. > Step back to the 1.x arch of autid, although I note that the redhat build= is > 1.7.18 and the changelog doesn=B9t seem to have been updated since 1.7.13? There are 2 changelogs. One for the 2.x branch and one for the 1.8 branch. = What you are seeing is the branch point where 2.x is progressing in its own = way. The other changelog is here: https://fedorahosted.org/audit/browser/branches/1.8/ChangeLog -Steve From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Which auditd for which kernel? Date: Tue, 26 Oct 2010 09:34:10 -0400 Message-ID: <201010260934.11189.sgrubb@redhat.com> References: <201010251058.14207.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <201010251058.14207.sgrubb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com Cc: Karl Katzke List-Id: linux-audit@redhat.com On Monday, October 25, 2010 10:58:13 am Steve Grubb wrote: > On Monday, October 25, 2010 10:37:34 am Karl Katzke wrote: > > What=B9s the appropriate response? > = > You can use either 1.7.18 or 2.0.5 on a 2.6.25 kernel. However, note that > the audit code has been branched. The 1.7 branch is maintenance only, > while active development and new features are on the 2.x branch. Need to make a clarification here. I realized that there were some cleanups = made to libaudit.h so that it would be more manageable going forward. I mad= e = the announcement with the release of 2.0, but forgot about it when answerin= g = your email: https://www.redhat.com/archives/linux-audit/2009-August/msg00010.html The short story is 2.0.x wants 2.6.29 or later. If you want to carry a patc= h, = you can probably add back some necessary defines not provided by your kerne= l = headers. -Steve