Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit It will also be in rawhide tomorrow. The Changelog is: - NEW audit dispatcher program & plugin framework - Correct hidden variables in libauparse - Added NISPOM sample rules - Verify accessibility of files passed in auparse_init - Fix bug in parser library interpreting socketcalls - Add support for stdio FILE pointer in auparse_init - Adjust init script to allow anyone to status auditd (#230626) The main feature of this update is a new audit event dispatcher that is written in C. It should allow more plugins to be attached to it than the old one. There will be more information about writing plugins later. Please let me know if there are any problems with this release. -Steve