I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is:
- Add an option to auditctl to interpret a0 - a3 of syscall rules when listing - Improve ARM and AARCH64 support (AKASHI Takahiro) - Add ausearch --checkpoint feature (Burn Alting) - Add --arch option to ausearch - Improve too long config line in audispd, auditd, and auparse (#1071580) - Fix aulast to accept the new AUDIT_LOGIN record format - Remove clear_config symbol in auparse I decided to go ahead and release this one because of some concern about an unintended symbol popping up in the auparse ABI. This release include a bunch of new stuff. You can now add a '-i' to the listing command of auditctl and it will interpret a0-a3 if they are included in any rules. There is new support for arm as mentioned in an email a few weeks ago. If you were compiling --with-armeb, you now need to change to --with-arm. Cross compile support is not yet in place. There is a new checkpoint feature to ausearch. What it does is give you all the events that have occurred since the last checkpoint. Ausearch now has a --arch search option just in case you needed to find i386 events on a x86_64 machine. There were a number of cleanups to the code as well. Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
