Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - Code cleanups - In spec file, don't own lib64/audit - Update man pages - Aureport no longer reads auditd.conf when stdin is used - Don't let systemd kill auditd if auditctl errors out - Update syscall table for 3.7 and 3.8 kernels - Add interpretation for setns and unshare syscalls - Code cleanup (Tyler Hicks) - Documentation cleanups (Laurent Bigonville) - Add dirfd interpretation to the *at functions - Add termination signal to clone flags interpretation - Update stig.rules - In auditctl, when listing rules don't print numeric value of dir fields - Add support for rng resource type in auvirt - Fix aulast bad login output (#922508) - In ausearch, allow negative numbers for session and auid searches - In audisp-remote, if disk_full_action is stop then stop sending (#908977) This is almost entirely a bugfix release. The new capabilities is that the syscall tables were updated and some interpretations were updated. Ausearch now allows using a negative number for auid and session search options. Aside from that - lots of bug fixes. Please let me know if you run across any problems with this release. -Steve