On Thursday, October 27, 2011 10:35:55 AM Steve Grubb wrote: > I've just released a new version of the (old) audit daemon. It can be > downloaded from http://people.redhat.com/sgrubb/audit. The ChangeLog is: > > - Performance improvements for ausearch/report > - Fix debug output resolving numeric address > - Fix spelling error in audit.rules (#667845) > - Improve warning in auditctl regarding immutable mode (#654883) > - In ausearch, allow searching for auid -1 > - Fix memory leak in aureport > - Fix parsing state problem in libauparse > - Update prelude support > - Add new event types > - Update syscall tables > - On i386, audit rules do not work on inode's with a large number > - Improve the robustness of libaudit field encoding functions > - Add optional ARM processor support > - Fix autrace to use correct syscalls on i386 systems (Peng Haitao) > - In auparse, add ability to interpret session and capabilities > - Add ability for audispd syslog plugin to choose facility local0-7 > - Report server issues to remote client > - Update ausearch parsing > - Update auparse to handle virt events > - Make audisp-remote robust > - Add 2 error returns to python bindings > - Update the man pages a little > - Add some debug info to audidp-remote startup and shutdown > - In auditd, if disk_error_action is ignore, limit syslog messages to 5 > - Fix some memory leaks > > This does not even really capture all the updates to this branch. This is > intended to be the final release of the 1.x series. This release backports > everything I possibly can from trunk to the old daemon. With all these > fixes, its a big update. Please test it if you use the 1.x series. > > Please let me know if you run across any problems with this release.
And promptly found a compile problem on old systems. You might need this patch: https://fedorahosted.org/audit/changeset/601 -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
