8:34 a.m.
Hi,
On the mailing list a few days ago, it was announce that Audit-3.0 alpha8 was available.
I am a little bit confused because on a RHEL 8 server I get :
rpm -q audit
audit-3.0-0.10.20180831git0047a6c.el8.x86_64
What are the link between the Rhel 8 rpm and the version audit-3.0 announced.
I can't imagine RHEL8 using an alpha version.
As the side note the Rhel 8 rpm has the following description
rpm -qi audit
Name : audit
Version : 3.0
Release : 0.10.20180831git0047a6c.el8
Architecture: x86_64
Install Date: Mon 17 Jun 2019 05:55:23 PM CEST
Group : Unspecified
Size : 678098
License : GPLv2+
Signature : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID 199e2f91fd431d51
Source RPM : audit-3.0-0.10.20180831git0047a6c.el8.src.rpm
Build Date : Wed 09 Jan 2019 06:26:29 PM CET
Build Host : x86-vm-06.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor : Red Hat, Inc.
URL : http://people.redhat.com/sgrubb/audit/
Summary : User space tools for 2.6 kernel auditing
Of course the kernel for REHL8 is :
rpm -q kernel
kernel-4.18.0-80.el8.x86_64
Any clarification is welcome
Philippe
equensWorldline is a registered trade mark and trading name owned by the Worldline Group
through its holding company.
This e-mail and the documents attached are confidential and intended solely for the
addressee. If you receive this e-mail in error, you are not authorized to copy, disclose,
use or retain it. Please notify the sender immediately and delete this email from your
systems. As emails may be intercepted, amended or lost, they are not secure.
EquensWorldline and the Worldline Group therefore can accept no liability for any errors
or their content. Although equensWorldline and the Worldline Group endeavours to maintain
a virus-free network, we do not warrant that this transmission is virus-free and can
accept no liability for any damages resulting from any virus transmitted. The risks are
deemed to be accepted by everyone who communicates with equensWorldline and the Worldline
Group by email
9:36 a.m.
Hello Philippe,
On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote:
On the mailing list a few days ago, it was announce that Audit-3.0
alpha8
was available. I am a little bit confused because on a RHEL 8 server I get
:
rpm -q audit
audit-3.0-0.10.20180831git0047a6c.el8.x86_64
What are the link between the Rhel 8 rpm and the version audit-3.0
announced.
The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches. The
package version should be a clue that this is a git snapshot. The Fedora
packaging guidelines say that if it is a pre-release git snapshot, version
must start with 0 so it can be overridden in the future, and the date + git +
last commit hash must be included so that anyone can identify exactly what
this is.
I can't imagine RHEL8 using an alpha version.
Why? Anything put into RHEL is carefully tested. (Fedora has also been
running on alpha/git snapshots for about a year, too.) Also, I stopped
feature development in audit-3.0 around August of last year. Everything going
in since then has been bugs reported or discovered or at most small patches
to support new kernel features. So, audit userspace should be considered as
becoming mature, stable code that will not be developed at the same pace as
before.
I expect that when container support lands, there will be a couple rounds of
development to make it nice to use. But then its back to listening for bug
reports.
To be honest, I think at this point anything of value is really higher up the
stack. IOW, visualizing, aggregating, or alerting at scale.
-Steve
As the side note the Rhel 8 rpm has the following description
rpm -qi audit
Name : audit
Version : 3.0
Release : 0.10.20180831git0047a6c.el8
Architecture: x86_64
Install Date: Mon 17 Jun 2019 05:55:23 PM CEST
Group : Unspecified
Size : 678098
License : GPLv2+
Signature : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID
199e2f91fd431d51 Source RPM :
audit-3.0-0.10.20180831git0047a6c.el8.src.rpm
Build Date : Wed 09 Jan 2019 06:26:29 PM CET
Build Host : x86-vm-06.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor : Red Hat, Inc.
URL : http://people.redhat.com/sgrubb/audit/
Summary : User space tools for 2.6 kernel auditing
Of course the kernel for REHL8 is :
rpm -q kernel
kernel-4.18.0-80.el8.x86_64
Any clarification is welcome
10:59 a.m.
New subject: EXT :Re: audit-3.0
Maybe what Philippe means is a carefully tested auditd shouldn't be considered
"alpha" anymore?
-----Original Message-----
From: linux-audit-bounces(a)redhat.com <linux-audit-bounces(a)redhat.com> On Behalf Of
Steve Grubb
Sent: Tuesday, June 18, 2019 10:36 AM
To: linux-audit(a)redhat.com
Cc: MAUPERTUIS, PHILIPPE <philippe.maupertuis(a)equensworldline.com>
Subject: EXT :Re: audit-3.0
Hello Philippe,
On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote:
On the mailing list a few days ago, it was announce that Audit-3.0
alpha8 was available. I am a little bit confused because on a RHEL 8
server I get
:
rpm -q audit
audit-3.0-0.10.20180831git0047a6c.el8.x86_64
What are the link between the Rhel 8 rpm and the version audit-3.0
announced.
The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches. The package
version should be a clue that this is a git snapshot. The Fedora packaging guidelines say
that if it is a pre-release git snapshot, version must start with 0 so it can be
overridden in the future, and the date + git + last commit hash must be included so that
anyone can identify exactly what this is.
I can't imagine RHEL8 using an alpha version.
Why? Anything put into RHEL is carefully tested. (Fedora has also been running on
alpha/git snapshots for about a year, too.) Also, I stopped feature development in
audit-3.0 around August of last year. Everything going in since then has been bugs
reported or discovered or at most small patches to support new kernel features. So, audit
userspace should be considered as becoming mature, stable code that will not be developed
at the same pace as before.
I expect that when container support lands, there will be a couple rounds of development
to make it nice to use. But then its back to listening for bug reports.
To be honest, I think at this point anything of value is really higher up the stack. IOW,
visualizing, aggregating, or alerting at scale.
-Steve
As the side note the Rhel 8 rpm has the following description rpm -qi
audit
Name : audit
Version : 3.0
Release : 0.10.20180831git0047a6c.el8
Architecture: x86_64
Install Date: Mon 17 Jun 2019 05:55:23 PM CEST
Group : Unspecified
Size : 678098
License : GPLv2+
Signature : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID
199e2f91fd431d51 Source RPM :
audit-3.0-0.10.20180831git0047a6c.el8.src.rpm
Build Date : Wed 09 Jan 2019 06:26:29 PM CET Build Host :
x86-vm-06.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor : Red Hat, Inc.
URL : http://people.redhat.com/sgrubb/audit/
Summary : User space tools for 2.6 kernel auditing
Of course the kernel for REHL8 is :
rpm -q kernel
kernel-4.18.0-80.el8.x86_64
Any clarification is welcome
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
11:33 a.m.
New subject: EXT :Re: audit-3.0
On Tuesday, June 18, 2019 11:59:05 AM EDT Boyce, Kevin P [US] (AS) wrote:
Maybe what Philippe means is a carefully tested auditd shouldn't
be
considered "alpha" anymore?
That's a fair point. :-)
I've considered it Alpha because it's missing container support. IOW, it's
not feature complete. Container support was listed as the main benefit for
calling this 3.0. There probably won't be a beta release. It will probably
just go straight to release after initial testing and then cleanup problems/
round out support on a 3.0.1 release.
-Steve
-----Original Message-----
From: linux-audit-bounces(a)redhat.com <linux-audit-bounces(a)redhat.com> On
Behalf Of Steve Grubb Sent: Tuesday, June 18, 2019 10:36 AM
To: linux-audit(a)redhat.com
Cc: MAUPERTUIS, PHILIPPE <philippe.maupertuis(a)equensworldline.com>
Subject: EXT :Re: audit-3.0
Hello Philippe,
On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote:
> On the mailing list a few days ago, it was announce that Audit-3.0
> alpha8 was available. I am a little bit confused because on a RHEL 8
> server I get
>
> rpm -q audit
> audit-3.0-0.10.20180831git0047a6c.el8.x86_64
> What are the link between the Rhel 8 rpm and the version audit-3.0
> announced.
The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches.
The package version should be a clue that this is a git snapshot. The
Fedora packaging guidelines say that if it is a pre-release git snapshot,
version must start with 0 so it can be overridden in the future, and the
date + git + last commit hash must be included so that anyone can identify
exactly what this is.
> I can't imagine RHEL8 using an alpha version.
Why? Anything put into RHEL is carefully tested. (Fedora has also been
running on alpha/git snapshots for about a year, too.) Also, I stopped
feature development in audit-3.0 around August of last year. Everything
going in since then has been bugs reported or discovered or at most small
patches to support new kernel features. So, audit userspace should be
considered as becoming mature, stable code that will not be developed at
the same pace as before.
I expect that when container support lands, there will be a couple rounds
of development to make it nice to use. But then its back to listening for
bug reports.
To be honest, I think at this point anything of value is really higher up
the stack. IOW, visualizing, aggregating, or alerting at scale.
-Steve
> As the side note the Rhel 8 rpm has the following description rpm -qi
> audit
> Name : audit
> Version : 3.0
> Release : 0.10.20180831git0047a6c.el8
> Architecture: x86_64
> Install Date: Mon 17 Jun 2019 05:55:23 PM CEST
> Group : Unspecified
> Size : 678098
> License : GPLv2+
> Signature : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID
> 199e2f91fd431d51 Source RPM :
> audit-3.0-0.10.20180831git0047a6c.el8.src.rpm
> Build Date : Wed 09 Jan 2019 06:26:29 PM CET Build Host :
> x86-vm-06.build.eng.bos.redhat.com
> Relocations : (not relocatable)
> Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
> Vendor : Red Hat, Inc.
> URL : http://people.redhat.com/sgrubb/audit/
> Summary : User space tools for 2.6 kernel auditing
>
> Of course the kernel for REHL8 is :
> rpm -q kernel
> kernel-4.18.0-80.el8.x86_64
>
> Any clarification is welcome
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
2013
days inactive
2013
days old
linux-audit@lists.linux-audit.osci.io
3 comments
3 participants
participants (3)
-
Boyce, Kevin P [US] (AS) -
MAUPERTUIS, PHILIPPE -
Steve Grubb