Re: audit 2.5.1 released

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: audit 2.5.1 released
Date: Wed, 13 Apr 2016 16:17:45 -0400	[thread overview]
Message-ID: <7902180.HVh8nUMe7u@x2> (raw)
In-Reply-To: <BY1PR09MB0887703C4DEA838ABD9CAC47C7960@BY1PR09MB0887.namprd09.prod.outlook.com>

On Wednesday, April 13, 2016 08:07:41 PM Warron S French wrote:
> 	can you please explain the versioning you use when you make these
> announcements?
> 
> I am running CentOS-6.6 and that auditd release I have is at a much lower
> revision; auditd-2.3.7-5.el6.x86_64 for the package.
> 
> Is that JUST BECAUSE I am on CentOS, and they are that far behind or is it
> because they handle RPM versioning separately from RedHat?

The version in Centos the same base source code version that is on RHEL. I 
don't know if Centos adds any additional patches or not. The enterprise 
operating systems get updated slowly in order to provide stability. RHEL 6.8 
is being updated to 2.4.5 which I believe Centos will pickup, too.

The 2.5 branch is unsuitable for an old OS like RHEL6. It supports features 
that are in newer kernels.

-Steve

> -----Original Message-----
> From: linux-audit-bounces@redhat.com [mailto:linux-audit-bounces@redhat.com]
> On Behalf Of Steve Grubb Sent: Wednesday, April 13, 2016 4:02 PM
> To: linux-audit@redhat.com
> Subject: audit 2.5.1 released
> 
> Hello,
> 
> I've just released a new version of the audit daemon. It can be downloaded
> from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
> soon. The ChangeLog is:
> 
> - Updated and added audit rules
> - Updated errno table for 4.4 kernel
> - Change interpretation of exit to use errno define rather than a number
> - Add distribute_network configuration option to auditd
> - New aggregate only mode for auditd
> - Cleanup tmp file left by augenrules --check
> - Fix initial build from svn without golang support installed
> - Update auparse interpretations for hook, action, macproto, chardev, and
> net - Update interpretations for the 4.5 kernel
> - Fix DST bug in ausearch/report time handling
> - Add optional ExecStopPost to auditd.service to clear rules on service exit
> - Update ausearch/report buffer size for locales with large time formats -
> Add auparse_feed_age_events function to auparse library
> - Use auparse_feed_age_events in zos & prelude plugins
> 
> This update includes more rules to compose into a policy. There is a new
> pci- dss set of rules, for example.
> 
> Interpretations have been updated and improved.
> 
> Auditd gained a new configuration options, distribute_network, which
> determines if events read from the network should be distributed to audispd
> for plugin analysis. This would allow for whole datacenter realtime
> analysis. The other configuration option, There is also a new option in the
> auditd.service file, ExecStopPost, which clears audit rules on shutdown.
> This allows makes shutdown more quiet like the sysVinit systems.
> 
> There is a new function in auparse library to age pending events. This is
> necessary when an event has accumulated but no new events are arriving
> which would cause aging and processing of events that time out. The example
> plugin code has been updated to show its proper use.
> 
> Please let me know if you run across any problems with this release.
> 
> -Steve
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit