Re: libprelude in RHEL 6

[Steve Grubb <sgrubb@redhat.com>]

On Sunday, January 16, 2011 10:43:46 am Joe Nall wrote:
> On Jan 16, 2011, at 8:33 AM, Steve Grubb wrote:
> > On Saturday, January 15, 2011 03:09:05 pm Joe Nall wrote:
> >> I can find libprelude-devel.x86_64 in the RHEL 6 repos, but not
> >> libprelude or the i686 versions. Did I miss a rename, repackage or a
> >> repo?
> >
> > 
> >
> > I can't find 'libprelude-*' in any RHEL6 variant. The spec file for the
> > audit daemon on  RHEL6 also makes no "BuildRequires" statements on
> > libprelude-*. Fedora, on the otherhand, is different.
> 
> Ok, I found libprelude-devel-0.9.24.1-1.el6.x86_64.rpm in one of our repos,
> so that explains where it came from.
> 
> So no Prelude in RHEL 6?

Nope.

> Is the functionality incorporated into some other RH offering?

Not that I know of. But just to give you some idea of what I am thinking about...I am 
on the editorial board of CEE.  http://cee.mitre.org/  The main developer of rsyslog 
is also on that board. He has been working on an implementation: 
http://blog.gerhards.net/2010/10/cee-library-will-be-named-libee.html. And 
http://doc.libee.org.

What I am thinking about is making a plugin that can take native audit events and put 
them into CEE events. That would open the Linux Audit system to future SCAP tools. Its 
a lot of work and that's why we started open-scap a couple years ago. I don't expect a 
CEE based system to materialize over night. There are still lots of standards work to 
do.

-Steve