From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Bhagwat, Shriniketan Manjunath" Subject: Upgrading audit package Date: Mon, 11 Jul 2016 08:17:50 +0000 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0251408862333872384==" Return-path: Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: "linux-audit@redhat.com" List-Id: linux-audit@redhat.com --===============0251408862333872384== Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_AT5PR84MB0147DED332FD7CB7115B5B3BFA3F0AT5PR84MB0147NAMP_" --_000_AT5PR84MB0147DED332FD7CB7115B5B3BFA3F0AT5PR84MB0147NAMP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Steve, I am using audit in my development environment. My development environment = is as below. RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit-2.2-2.el6.x86_64. SUSE 11 SP3 with kernel 3.0.76-0.11-default and audit-1.8-0.30.1 As I understand the above audit packages I am using in my environment are u= ser space audit. I want to upgrade it to the latest version. If I upgrade the audit packages to latest version 2.6.X will there be any i= ssues? Linux Audit kernel available with kernel 2.6.32-431.el6.x86_64 and 3.0.76-0= .11 are compatible with user space audit 2.6.X? In your opinion what is the suitable audit package for my environment to up= grade? If these topics are already documented please guide me to the documentation= . Regards, Ketan --_000_AT5PR84MB0147DED332FD7CB7115B5B3BFA3F0AT5PR84MB0147NAMP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Steve,

I am using audit in my development environment. My d= evelopment environment is as below.

RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit= -2.2-2.el6.x86_64.

SUSE 11 SP3 with kernel 3.0.76-0.11-default and audi= t-1.8-0.30.1

As I understand the above audit packages I am using = in my environment are user space audit. I want to upgrade it to the latest = version.

If I upgrade the audit packages to latest version 2.= 6.X will there be any issues?

Linux Audit kernel available with kernel 2.6.32-431.= el6.x86_64 and 3.0.76-0.11 are compatible with user space audit 2.6.X?=

In your opinion what is the suitable audit package f= or my environment to upgrade?

If these topics are already documented please guide = me to the documentation.

Regards,

Ketan

--_000_AT5PR84MB0147DED332FD7CB7115B5B3BFA3F0AT5PR84MB0147NAMP_-- --===============0251408862333872384== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============0251408862333872384==-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Upgrading audit package Date: Mon, 11 Jul 2016 13:17:39 -0400 Message-ID: <2301675.6eED1TSQbN@x2> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: "Bhagwat, Shriniketan Manjunath" Cc: "linux-audit@redhat.com" List-Id: linux-audit@redhat.com Hello, On Monday, July 11, 2016 8:17:50 AM EDT Bhagwat, Shriniketan Manjunath wrote: > I am using audit in my development environment. My development environment > is as below. > > RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit-2.2-2.el6.x86_64. > SUSE 11 SP3 with kernel 3.0.76-0.11-default and audit-1.8-0.30.1 > > As I understand the above audit packages I am using in my environment are > user space audit. I want to upgrade it to the latest version. RHEL5's last valid audit package would be 1.8. The 2.x branch removed functions from the ABI and changed the buffer size which means that you would have to recompile everything that has a dependency on audit-libs. If they are using any removed functions you would have to patch them to use something else. > If I upgrade the audit packages to latest version 2.6.X will there be any > issues? Probably. The audit 2.x release also has a soname number change for libaudit. Apps won't be able to find it during startup. > Linux Audit kernel available with kernel 2.6.32-431.el6.x86_64 and > 3.0.76-0.11 are compatible with user space audit 2.6.X? I have never tested that configuration. I will likely work except for the missing kernel support. The bigger issue is everything in user space that links against libaudit. > In your opinion what > is the suitable audit package for my environment to upgrade? If these topics > are already documented please guide me to the documentation. Speaking for the RHEL side of things...if its a RHEL5 system, audit-1.8 is the end of the line. After that and you are in unknown territory. -Steve From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Bhagwat, Shriniketan Manjunath" Subject: RE: Upgrading audit package Date: Wed, 13 Jul 2016 05:38:38 +0000 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2953027138792571164==" Return-path: Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: "linux-audit@redhat.com" List-Id: linux-audit@redhat.com --===============2953027138792571164== Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_AT5PR84MB014747BF10579EC4098CC733FA310AT5PR84MB0147NAMP_" --_000_AT5PR84MB014747BF10579EC4098CC733FA310AT5PR84MB0147NAMP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Steve, As requested in my previous email, I am interested in understanding the rel= ation between Linux audit kernel and user space audit. Will a audit kernel = available with Linux kernel 2.6.32 compatible with user space audit 2.6.X? I understand you might be busy with your regular schedules. :-) Regards, Ketan From: Bhagwat, Shriniketan Manjunath Sent: Monday, July 11, 2016 1:48 PM To: 'Steve Grubb' Cc: linux-audit@redhat.com Subject: Upgrading audit package Hi Steve, I am using audit in my development environment. My development environment = is as below. RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit-2.2-2.el6.x86_64. SUSE 11 SP3 with kernel 3.0.76-0.11-default and audit-1.8-0.30.1 As I understand the above audit packages I am using in my environment are u= ser space audit. I want to upgrade it to the latest version. If I upgrade the audit packages to latest version 2.6.X will there be any i= ssues? Linux Audit kernel available with kernel 2.6.32-431.el6.x86_64 and 3.0.76-0= .11 are compatible with user space audit 2.6.X? In your opinion what is the suitable audit package for my environment to up= grade? If these topics are already documented please guide me to the documentation= . Regards, Ketan --_000_AT5PR84MB014747BF10579EC4098CC733FA310AT5PR84MB0147NAMP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Steve,

As requested in my previous email, I am interested i= n understanding the relation between Linux audit kernel and user space audi= t. Will a audit kernel available with Linux kernel 2.6.32 compatible with u= ser space audit 2.6.X?

I understand you might be busy with your regular sch= edules. :-)

Regards,

Ketan

From: Bhagwat, Shriniketan Manjunath
Sent: Monday, July 11, 2016 1:48 PM
To: 'Steve Grubb' <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
Subject: Upgrading audit package