On Sunday, January 16, 2011 10:43:46 am Joe Nall wrote: > On Jan 16, 2011, at 8:33 AM, Steve Grubb wrote: > > On Saturday, January 15, 2011 03:09:05 pm Joe Nall wrote: > >> I can find libprelude-devel.x86_64 in the RHEL 6 repos, but not > >> libprelude or the i686 versions. Did I miss a rename, repackage or a > >> repo? > > > > > > > > I can't find 'libprelude-*' in any RHEL6 variant. The spec file for the > > audit daemon on RHEL6 also makes no "BuildRequires" statements on > > libprelude-*. Fedora, on the otherhand, is different. > > Ok, I found libprelude-devel-0.9.24.1-1.el6.x86_64.rpm in one of our repos, > so that explains where it came from. > > So no Prelude in RHEL 6?
Nope. > Is the functionality incorporated into some other RH offering? Not that I know of. But just to give you some idea of what I am thinking about...I am on the editorial board of CEE. http://cee.mitre.org/ The main developer of rsyslog is also on that board. He has been working on an implementation: http://blog.gerhards.net/2010/10/cee-library-will-be-named-libee.html. And http://doc.libee.org. What I am thinking about is making a plugin that can take native audit events and put them into CEE events. That would open the Linux Audit system to future SCAP tools. Its a lot of work and that's why we started open-scap a couple years ago. I don't expect a CEE based system to materialize over night. There are still lots of standards work to do. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
