audit-4.1 released
by Steven Grubb
We just released a new version of the audit daemon. It can be
downloaded from
https://github.com/linux-audit/audit-userspace/releases/
The ChangeLog is:
- Fix auditd -s enable hang issue (Yan Zhu)
- Optimize event formatting in auditd
- af_unix plugin: Restore terminating newlines
- Add support for "exec" action in max_log_file_action in auditd
- Refactor auparse code to be multi-thread safe
- Add memory pool to netlink event processing to reduce memory churn
- Make all plugins ignore SIGTERM if not from auditd (issue #469)
- Add libauplugin, refactor audisp-filter, ids, and audisp-statsd to use it
- In auditd, safely reconfigure the network settings after SIGHUP
- Make test suite machine independent
- Persistent queue support with metrics helpers
This is a big release with many changes in critical areas. I will write
more about this release at a later time. See the release announcement on
github for more information.
If you notice any problems with this release, please let us know.
SHA256: 5911200423909b141e45bb1ae9d1608b1c974e5a5a52226d2f21501eb4ca809c
-Steve
1 week, 3 days
- 1
- 0
the example auditd plugin (contrib/plugin/audisp-example.c) cores
when i integrate it with my code
by nupurdeora@gmail.com
retval= select(1, &read_mask, NULL, NULL, &tv);
} else {
retval= select(1, &read_mask, NULL, NULL, NULL); >>>>>> here it cores
}
how do we know without much logs the cause of it receiving SIGABORT ? Any suggestions ? the backtrace is showing EBADF
I see you made a recent change to handle SIGTERM
1 week, 3 days
- 1
- 0
oldstyle permission vs. newstyle syscalls
by Ede Wolf
Hi,
we would like to convert out old style syntax, like
-w /etc/crontab -p wa -l some_label
to the newstyle
-a exit,always. -S unlink...
Just wondering, is there a table, that translates the permission
(r,w,x,a) into their respective syscalls?
Thanks
Ede
1 week, 6 days
- 1
- 0
- ← Newer
- 1
- Older →