From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: audit-2.1.2 released Date: Sun, 12 Jun 2011 09:45:47 -0400 Message-ID: <201106120945.48092.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from x2.localnet (vpn-237-171.phx2.redhat.com [10.3.237.171]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p5CDk2Ii010261 for ; Sun, 12 Jun 2011 09:46:02 -0400 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - In ausearch/report, fix a segfault caused by MAC_POLICY_LOAD records - In ausearch/report, add and update parsers - In auditd, cleanup DAEMON_ACCEPT and DAEMON_CLOSE addr fields - In ausearch/report, parse addr field of DAEMON_ACCEPT & DAEMON_CLOSE records - In auditd, move startup success to after events are registered - If auditd shutsdown due to failed tcp init, write a DAEMON_ABORT event - Update auditd to avoid the oom killer in new kernels (Andreas Jaeger) - Parse and interpret NETFILTER_PKT events correctly - Return error if auditctl -l fails (#709345) - In audisp-remote, replace glibc's fgets with custom implementation The bulk of this release is fixing up the parsers for new events. This release also updates the oom handler code for recent kernels. And reliability of logging remote events was improved. Please let me know if you run across any problems with this release. -Steve