Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is:
- Fix interpretation of saddr fields when using enriched events - In netlink_handler of auditd, ensure ack_func is initialized to NULL - Use full path to auditctl in augenrules - Raise the number of log files auditd allows to 999 - In auditd reconfig, update use_libwrap setting - Fix memory leak in reconfigure - Add EHWPOISON definition for errno lookup table if missing (Thomas Petazzoni) - Better detect struct audit_status existence (Thomas Petazzoni) - Rework dispatcher protocol 1 to be what it used to be This is yet another bug fix to the 2.6 major revision. The main bug fixed is an uninitialized function pointer that caused auditd to segfault. Another major fix is reverting the format of protocol 1 dipatched records. It was inadvertantly updated to protocol 2 even though the header was advertising 1. This update also fixes a couple small memory leaks that would occur when the audit daemon recieved a SIGHUP to reload. This also makes sure that all variables get updated on a reconfigure. It was also found that use_libwrap was not in auditd.conf even though the man page talked about it. Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
