Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide soon. The Changelog is:
- Add kernel release string to DEAMON_START events - Log warning if audit event from kernel is too big - Fix keep_logs when num_logs option disabled (#325561) - Auditd commandline option to decide whether to enable kernel auditing on startup (Tony Jones) - Fix auparse to handle node fields for syscall records - Updates for auparse to uninterpret text search values (Miloslav Trmac) - Update system-config-audit to version 0.4.5 (Miloslav Trmac) - Add keyword week-ago to aureport & ausearch start/end times - Fix audit log permissions on rotate. If group is root 0400, otherwise 0440 - Get "make check" working for auparse - Add RACF zos remote audispd plugin (Klaus Kiwi) - Add event queue overflow action to audispd - Make sure we are reading right amount of pipe in audispd Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
