Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is:
- Remove config file permission checks in auparse - Audisp-remote should detect normal socket close and mark remote_ended - Allow auditctl to list rules if no capabilities but root euid - In libaudit, use the last word of the syscall bit mask - In auditd, write_logs option was not correctly handled (#1382397) - In libaudit, allow filtering on new exclude filter fields (Richard Guy Briggs) - In auditd, fix looping when checking active connections - In auparse, the auparse_state_t pointer to keep escape_mode information - In libaudit, add support for rules using sessionid (Richard Guy Briggs) - Remove entry filter support - Add auparse_destroy_ext function - Improve ENRICHED logging format performance in auditd - Fix regex rule file matching in augenrules (#1396792) - Add numeric field/record accessors to auparse - Fix auditd freeing in middle of reply buffer when nolog is used - Switch auparse uid/gid cache to lru to limit growth - Prevent ausearch from clobbering type field on loginuid search - Add audit_get_session function to libaudit - Add session and uid to most audit events - Add auparse_classify code interface for subj, obj, action, results The main goal of this update is to land the auparse_classify interface to auparse. This will unlock many new capabilities in subsequent releases of the 2.7 series. If you are a programmer and do stuff with R or machine learning, let me know. This is aimed squarely at transforming data into knowledge. Aside from that, this fixes remote logging, and logging with the nolog and write_logs = no option, it allows audit rules on the new exclude filter fields and rules that use sessionid. The entry filter support has been dropped. It was deprecated a couple years ago. There are performance enhancements and correctness fixes. Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
