audit-4.0.4 released
by Steve Grubb
Hello,
We just released a new version of the audit daemon. It can be
downloaded from
https://github.com/linux-audit/audit-userspace/releases/tag/
v4.0.4
The ChangeLog is:
- auditctl: update io_uring operations table
- update syscall table for 6.15
- auditd.cron.5: Describe time-based log rotation setup
- auditd: Broadcast a warning on startup if a system halt is possible (#435)
- Fix audisp-remote segfault on connection error (#446)
- Improve locating last event if ausearch is using checkpointing
- af_unix plugin: fix string mode support
- Remove const from audit_rule_fieldpair_data & audit_rule_interfield_comp_data
- Add various updates to the experimental ids plugin
- Add glibc memory statistics to auditd state report
This updates lookup tables, fixes a misbehaving af_unix plugin, improves
locating the last event when using the checkpoint feature of ausearch, adds
updates to the experimental ids plugin, and adds memory statistics to the
auditd state report. The idea here is to be able to detect growing memory
over time.
There was also reworking of the audit_fgets helper functions. They are used
in auditd plugins. So, if any plugins seem like something is wrong, file an
issue on github.
This clears out a backlog of updates. There are some major rewrites of
functionality that will take place over the summer. If you an inclination,
tryout the main branch from time to time to help spot any new issues.
If you notice any problems with this release, please let us know.
SHA256: 167f707d65970ea39f9088bc7a81196fd0decd76acb7980450170954bc1a587b
-Steve
1 week, 4 days
- 1
- 0
[PATCH v1 0/2] override audit silence norule for fs cases
by Richard Guy Briggs
The audit subsystem normally suppresses output when there are no rules
present to avoid overwhelming the user with unwanted messages. It could
be argued that another security subsystem would generally want to
override that default. Allow them through for fsnotify and filesystem
security violations.
Richard Guy Briggs (2):
audit: record fanotify event regardless of presence of rules
audit: record AUDIT_ANOM_* events regardless of presence of rules
include/linux/audit.h | 8 +-------
kernel/audit.c | 2 +-
kernel/auditsc.c | 2 +-
3 files changed, 3 insertions(+), 9 deletions(-)
--
2.43.5
1 week, 6 days
- 2
- 7
audit-4.0.4 beta release
by Steve Grubb
Hello,
A new version of the audit daemon has been tagged. This is a beta release. We
are doing this because we would like some help testing the new release before
it goes out as an official release.
If you are inclined, please test it and report any problems. It can be found
on the audit-userspace git repo. We hope to do an official release soon.
Thanks,
-Steve
2 weeks, 6 days
- 1
- 0
- ← Newer
- 1
- Older →