Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is:
- Update tables for 4.14 kernel - Fixup ipv6 server side binding - AVC report from aureport was missing result column header (#1511606) - Add SOFTWARE_UPDATE event - In ausearch/report pickup any path and new-disk fields as a file - Fix value returned by auditctl --reset-lost (Richard Guy Briggs) - In auparse, fix expr_create_timestamp_comparison_ex to be numeric field - Fix building on old systems without linux/fanotify.h - Fix shell portability issues reported by shellcheck - Auditd validate_email should not use gethostbyname This is a bug fix release that corrects several things in the 2.8 series. IPv6 support was not binding to an IPv6 socket on the server side. auditctl -- reset-lost is intended to return the current value of the lost events value. It was returning the netlink sequence number. This is now corrected. The new ausearch test suite detected a bug in auparse_search functions that was introdiced in 2.8, the date was not considered a numeric field and thus could not match dates. This is fixed. It was also discovered that on older systems without fanotify.h, the build would fail. And lastly, validate_email was using gethostby name which validated against IPv4 addresses which is wrong given that IPv6 support was introduced. This has also been fixed. SHA256: 67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
