From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: libprelude in RHEL 6
Date: Sun, 16 Jan 2011 11:56:00 -0500
Message-ID: <201101161156.00948.sgrubb@redhat.com>
References: <FD62958A-7080-4539-ABD5-C363FB57CEC1@nall.com>
	<201101160933.23870.sgrubb@redhat.com>
	<625A7D0C-45E7-49A0-90BF-C99A329D99DD@nall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <625A7D0C-45E7-49A0-90BF-C99A329D99DD@nall.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Joe Nall <joe@nall.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Sunday, January 16, 2011 10:43:46 am Joe Nall wrote:
> On Jan 16, 2011, at 8:33 AM, Steve Grubb wrote:
> > On Saturday, January 15, 2011 03:09:05 pm Joe Nall wrote:
> >> I can find libprelude-devel.x86_64 in the RHEL 6 repos, but not
> >> libprelude or the i686 versions. Did I miss a rename, repackage or a
> >> repo?
> >
> > 
> >
> > I can't find 'libprelude-*' in any RHEL6 variant. The spec file for the
> > audit daemon on  RHEL6 also makes no "BuildRequires" statements on
> > libprelude-*. Fedora, on the otherhand, is different.
> 
> Ok, I found libprelude-devel-0.9.24.1-1.el6.x86_64.rpm in one of our repos,
> so that explains where it came from.
> 
> So no Prelude in RHEL 6?

Nope.

> Is the functionality incorporated into some other RH offering?

Not that I know of. But just to give you some idea of what I am thinking about...I am 
on the editorial board of CEE.  http://cee.mitre.org/  The main developer of rsyslog 
is also on that board. He has been working on an implementation: 
http://blog.gerhards.net/2010/10/cee-library-will-be-named-libee.html. And 
http://doc.libee.org.

What I am thinking about is making a plugin that can take native audit events and put 
them into CEE events. That would open the Linux Audit system to future SCAP tools. Its 
a lot of work and that's why we started open-scap a couple years ago. I don't expect a 
CEE based system to materialize over night. There are still lots of standards work to 
do.

-Steve