audit 1.6.7 released

Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide soon. The Changelog is: - In ausearch/report, prefer -if to stdin - In ausearch/report, add new command line option --input-logs (#428860) - Updated audisp-prelude based on feedback from prelude-devel - Added prelude alert for promiscuous socket being opened - Added prelude alert for SE Linux policy enforcement changes - Added prelude alerts for Forbidden Login Locations and Time - Applied patch to auparse fixing error handling of searching by interpreted value (Miloslav Trmac) Based on feedback from the prelude-devel list, I changed the analyzer name of the prelude plugin to auditd. This means that you will have to re-register the audisp-prelude plugin and use the new name. I have put instructions in the prelude HOWTO that you can find here: http://people.redhat.com/sgrubb/audit/prelude.txt This release completes the initial development for the audisp-prelude plugin. It adds alerts for logins from forbidden locations and times, promiscuous socket open/close, and changes to SE Linux policy enforcement. This release also fills in more fields to better meet IDMEF standards. The SE Linix AVC alert now has the actual AVC in it. I will work more on this plugin later this spring, I need to spend some time on remote logging. Please let me know if you run across any problems with this release. -Steve