Hello, We just released a new version of the audit daemon. It can be downloaded from https://github.com/linux-audit/audit-userspace/releases/tag/ v4.0.3. The ChangeLog is: - Remove a RHEL4 flag table since it's been unsupported for a while - Change dependency from Requires to Wants for audit-rules.service - Disable ProtectKernelModules by default in auditd.service - Skip plugin configs that do not have .conf suffix - audisp-filter: iterate records correctly when forwarding - Update syscall table for missing syscalls - Modify ausearch checkpoint code to address 64 inode and device numbers - Fix potential segfault interpreting relative paths - Add audit_set_enabled & audit_is_enabled back to the libaudit python bindings - Log runlevel changes to console during boot (Attila Lakatos) - Add audit-tmpfiles.conf to ensure /var/log/audit exists (Colin Walters) - Propagate event format to the audisp-af_unix plugin (Attila Lakatos) - Add support for RISC-V - riscv32, riscv64 (David Abdurachmanov) Note the change in distributing the tar file. I will no longer distribute audit releases from my people page. This change is so that other team members can do official releases. If you have a tool that watches for new releases, you'll need to adjust it to watch the right place. I don't intend to delete the historical cache of releases from https://people.redhat.com/sgrubb/audit/ but at some future point in time, they may go away. This first release has a small hiccup that we'll fix next release. The downloaded tar file is v4.0.3.tar.gz. Next time its should have a longer name. Also note that it will unpack into audit-userspace-4.0.3. Any build scripts will need to take this into account. Also, since this is a pure github release, you'll need to add dependencies on autoconf, automake, and libtool. And you'll need to add the following line before the configure command: autoreconf -fv --install Aside from this, it's a normal release. I'll call out a couple items. An old RHEL4 flag table was causing some weird name collision for some build systems. Since RHEL4 is ancient, the file was dropped to prevent the collision. A segfault was fixed when parsing relative paths in the log search tools. Since this has never been reported, I suspect it's hard to naturally generate a path that triggers it. The daemon is not affected since it doesn't parse. Lastly, support was added for RISC-V hardware. It needs to be enabled by -- with-riscv. If you notice any problems with this release, please let us know. SHA256: 154b3e77b3d47be95f765376d45bb0d8952c06c361f2806b573ed0d8bd652372 -Steve