From: Steve Grubb <sgrubb@redhat.com>
To: "Bhagwat, Shriniketan Manjunath" <shriniketan.bhagwat@hpe.com>
Cc: "linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: Re: Upgrading audit package
Date: Mon, 11 Jul 2016 13:17:39 -0400 [thread overview]
Message-ID: <2301675.6eED1TSQbN@x2> (raw)
In-Reply-To: <AT5PR84MB0147DED332FD7CB7115B5B3BFA3F0@AT5PR84MB0147.NAMPRD84.PROD.OUTLOOK.COM>
Hello,
On Monday, July 11, 2016 8:17:50 AM EDT Bhagwat, Shriniketan Manjunath wrote:
> I am using audit in my development environment. My development environment
> is as below.
>
> RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit-2.2-2.el6.x86_64.
> SUSE 11 SP3 with kernel 3.0.76-0.11-default and audit-1.8-0.30.1
>
> As I understand the above audit packages I am using in my environment are
> user space audit. I want to upgrade it to the latest version.
RHEL5's last valid audit package would be 1.8. The 2.x branch removed
functions from the ABI and changed the buffer size which means that you would
have to recompile everything that has a dependency on audit-libs. If they are
using any removed functions you would have to patch them to use something
else.
> If I upgrade the audit packages to latest version 2.6.X will there be any
> issues?
Probably. The audit 2.x release also has a soname number change for libaudit.
Apps won't be able to find it during startup.
> Linux Audit kernel available with kernel 2.6.32-431.el6.x86_64 and
> 3.0.76-0.11 are compatible with user space audit 2.6.X?
I have never tested that configuration. I will likely work except for the
missing kernel support. The bigger issue is everything in user space that
links against libaudit.
> In your opinion what
> is the suitable audit package for my environment to upgrade? If these topics
> are already documented please guide me to the documentation.
Speaking for the RHEL side of things...if its a RHEL5 system, audit-1.8 is the
end of the line. After that and you are in unknown territory.
-Steve
next prev parent reply other threads:[~2016-07-11 17:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-11 8:17 Upgrading audit package Bhagwat, Shriniketan Manjunath
2016-07-11 17:17 ` Steve Grubb [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-07-13 5:38 Bhagwat, Shriniketan Manjunath
2016-07-13 12:59 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2301675.6eED1TSQbN@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=shriniketan.bhagwat@hpe.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox