Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide soon. The Changelog is:
- Add prelude IDS plugin for IDMEF alerts - Add --user option to aulastlog command - Spec file cleanups This release adds an audispd plugin that watches for certain audit events in real-time and sends an IDMEF alert when it sees something notable. I will publish a HOWTO in a couple days to show how to go about setting up prelude and registering this plugin. The events it is currently able to send are: logins, max falied logins, max concurrent sessions, SE Linux AVCs, and apps that abnormally terminate. I'll add more in the future. To build this plugin, you need to add a --with-prelude to the configure command. Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
