From: Steve Grubb <sgrubb@redhat.com>
To: linux audit <linux-audit@redhat.com>
Subject: audit 2.4 released
Date: Sun, 24 Aug 2014 13:51:07 -0400 [thread overview]
Message-ID: <5170909.J7fEgyAB0h@x2> (raw)
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Optionally parse loginuids, (e)uids, & (e)gids in ausearch/report
- In auvirt, anomaly events don't have uuid (#1111448)
- Fix category handling in various records (#1120286)
- Fix ausearch handling of session id on 32 bit systems
- Set systemd startup to wait until systemd-tmpfiles-setup.service (#1097314)
- Interpret a0 of socketcall and ipccall syscalls
- Add pkgconfig file for libaudit
- Add go language bindings for limited use of libaudit
- Fix ausearch handling of exit code on 32 bit systems
- Fix bug in aureport string linked list handling
- Document week-ago time setting in ausearch/report man page
- Update tables for 3.16 kernel
- In aulast, on bad logins only record user_login proof and use it
- Add libaudit API for kernel features
- If audit=0 on kernel cmnd line, skip systemd activation (Cristian RodrÃguez)
- Add checkpoint --start option to ausearch (Burn Alting)
- Fix arch matching in ausearch
- Add --loginuid-immutable option to auditctl
- Fix memory leak in auditd when log_format is set to NOLOG
- Update auditctl to display features in the status command
- Add ausearch_add_timestamp_item_ex() to auparse
This release has a couple new capabilities added. We can now set the
loginuid-immutable feature with an auditctl command. The status listing
has been reformatted with one status item per line. At the end it lists the
features and their values. It turns out there is a bug in the Linux kernel
that sends the status back instead of the feature values. So, until that
gets fixed and everyone uses new kernels, auditctl will appear to list
the status items twice.
This release also adds a limited audit-libs binding for golang and a
package-config file for the audit libraries. This release also updates the
interpretation tables for the 3.16 kernel. And a new --start option was
added to ausearch for checkpointed files.
Besides that, there were quite a few bugs fixed.
Please let me know if you run across any problems with this release.
-Steve
reply other threads:[~2014-08-24 17:51 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5170909.J7fEgyAB0h@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox