From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dan Gruhn <dgruhn@group-w-inc.com>
Subject: Latest Audit on RHEL 5.2
Date: Wed, 12 Nov 2008 11:16:26 -0500 (GMT-05:00)
Message-ID: <2121478848.3051226506586159.JavaMail.root@zimbra.group-w-inc.com>
Reply-To: Dan Gruhn <Dan.Gruhn@groupw.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id mACGGbYK016740
	for <linux-audit@redhat.com>; Wed, 12 Nov 2008 11:16:37 -0500
Received: from smtp.group-w-inc.com (group-w-inc.com [70.164.45.3])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id mACGGQ2X026451
	for <linux-audit@redhat.com>; Wed, 12 Nov 2008 11:16:26 -0500
Received: from smtp.group-w-inc.com (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with ESMTP id 7FF9CDA0094
	for <linux-audit@redhat.com>; Wed, 12 Nov 2008 11:16:26 -0500 (EST)
Received: from zimbra.group-w-inc.com (zimbra.group-w-inc.com [10.1.2.4])
	by smtp.group-w-inc.com (Postfix) with ESMTP id 3AC84DA0084
	for <linux-audit@redhat.com>; Wed, 12 Nov 2008 11:16:26 -0500 (EST)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Greetings,

I have some systems with RHEL 5.2 (a server and three workstations) that I'd like to put the latest audit software on to put me on the path of getting NISPOM approval. My plan is to get to the point that I will have prelude running with information display via Prewikka.

1) I have read the HowTo at http://people.redhat.com/sgrubb/audit/prelude.txt but it seems rather old as it talks about audit 1.6.6 to 1.6.7 upgrading and updates to come after things have been checked out.  Does anyone have any updates to this procedure that will be helpful?

2) The pre-reqs for audit-1.7.9-1.src.rpm says it needs glibc-kernheaders >= 3.0-14. I must not understand what this is asking for. Is this some kind of abbreviation?  Where can I find this?

Any thoughts anyone has that might help me on my path will be greatly appreciated.  There doesn't seem to be any way to search the archives of this mailing list.  Is that correct or have I missed something?

Dan Gruhn