Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is:
- Add one more comma to ausearch csv output - Add support for KERN_MODULE event - Add selectable escaping for ausearch/report output - In auparse normalizer, always report session for syscalls - Modify systemd service file to make auditd a forking type of service - Adjust a couple of words to prevent collisions in normalizer - Change object_type to object_kind in the normalizer - Add rudementary data for AVC without a syscall record - Document auparse_normalize function This release adds initial support for the KERN_MODULE event. It fixes a systemd race condition when booting up the system that loads a policy that makes the audit rules immutable. Ausearch and aureport gained a new command line switch to allow you to control what kind of escaping it uses for the output. The options are raw, tty, shell, and shell_quote. The default is tty if nothing is passed. All the rest of the work was on the auparse_normalizer. There was one ABI change where things were renamed from obj_type to obj_kind to better match other things. Too much confusion around the word type since it is a field name, This is the last release off of the fedorahosted svn server. All future commits will be done on github and it will no longer be a mirror. Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
