After speaking with infinity, mdeslaur, and jdstrand, we've decided to *not* split the audit package into an audit daemon with networking support and another without. Instead, we've decided to disable network listener support in the existing auditd binary package.
If we have a large number of users who depend on the auditd network listener support, then we may try to get the split package layout upstream in Debian and then merge that back into Ubuntu. However, I do not believe that the centralized logging functionality in auditd is widely used. This approach provides a nice balance of security and maintainability, while not confusing users with multiple auditd binary packages. Here's the debdiff to disable the network listener and remove libwrap and libev as build dependencies. Please see the changelog for more details. I've successfully tested auditd and some of the auditd tools with this debdiff applied. ** Patch added: "audit_2.2.2-1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1026852/+attachment/3517835/+files/audit_2.2.2-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1026852 Title: [MIR] audit (pulls in libprelude) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1026852/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
