audit-4.1.2 released
by Steve Grubb
Hello,
We just released a new version of the audit package. It can be downloaded
from:
https://github.com/linux-audit/audit-userspace/releases/
The ChangeLog is:
- Use runstatedir to guide the whole audit project to the run directory
- Deprecate the notion that plugins can be anything other than outbound
- Bring set_aumessage_mode back into libaudit's ABI but not API
- Add anomaly, response, and crypto reports to aureport
- Drop IPX header handling and require kernel 5.15 or later
- Resolved a number of FIXME's all over the code base
- Optimize ausearch/report log processing
- In auparse normalizer, save pids as object attributes if its a process
group
- Fix inbound protocol detection for af_unix plugin
- Add an internal queue to the af_unix plugin
- Both af_unix and remote plugin write status report to /run/audit/
This update is primarily to fix various bugs and to give everyone a much
improved performance in recent search with big or lots of logs (recent,
today, boot, this-week). A major algorithm change should make ausearch/report
faster searching anything recent. This update adds anomaly, response, and
crypto reports to aureport. The af_unix plugin got a lot of attention and
should be working better than ever.
One thing to point out, when programmers hit a problem that is complicated or
needs careful attention but its mostly solved, they sometimes post a note
with FIXME. The audit project had around 55 of those in May - we now have 13.
This release fixes many of those.
There is one big change that distribution packagers should be aware of. The
audit.pid file, the directory where everything is stored has potentially been
changed. The location is now based off of --runstatedir passed to configure.
On modern linux systems, this is /run. Legacy systems would have this as /
var/run. If the distribution uses MAC, this change needs to be updated in the
MAC security policy. Be sure to check that you set this appropriately.
If you notice any problems with this release, please let us know.
SHA256: 5c638bbeef9adb6c5715d3a60f0f5adb93e9b81633608af13d23c61f5e5db04d
-Steve
2 days
- 1
- 0
- ← Newer
- 1
- Older →