audit-2.1.3 released

audit-2.1.3 released

[Steve Grubb]

Hi,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide  
soon. The ChangeLog is:

- Fix parsing of EXECVE records to not escape argc field
- If auditd's disk is full, send the right reason to client (#715315)
- Add CAP_WAKE_ALARM to interpretations
- Some updates to audisp-remote's remote-fgets function (Mirek Trmac)
- Add detection of TTY events to audisp-prelude (Matteo Sessa)
- Updated syscall tables for the 3.0 kernel
- Update linker flags for better relro support
- Make default size of logs bigger (#727310)
- Extract obj from NETFILTER_PKT events
- Disable 2 kerberos config options in audisp-remote.conf

This update is mostly parser and remote logging fixes. The syscall table was also 
updated for the 3.0 kernel and the resulting files were hardened further with gcc 
linker flags.

Please let me know if you run across any problems with this release.

-Steve

Re: audit-2.1.3 released

[Mr Dash Four]

> - Extract obj from NETFILTER_PKT events
>   
Would this allow filtering with ausearch/aureport based on the obj value 
(something which was impossible until now)?

Re: audit-2.1.3 released

[Steve Grubb]

On Tuesday, August 16, 2011 05:56:41 AM Mr Dash Four wrote:
> > - Extract obj from NETFILTER_PKT events
> 
> Would this allow filtering with ausearch/aureport based on the obj value 
> (something which was impossible until now)?

That is the intent.

-Steve