Re: audit 1.6.4 released
On Sat, 2007-12-29 at 10:44 -0500, Steve Grubb wrote:
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- fchmod of log file was on wrong variable
- Allow use of errno strings for exit codes in audit rules
This release fixes a major bug that got introduced in the last release. The
code that fixes a permission problem was using the wrong variable. It happens
that the result was applied to /dev/null instead of the audit log. If you had
selinux in enforcing mode - nothing happened, for everyone else.../dev/null
probably got messed up. Oopsie.
close, so close.
Now auditd is fchmoding /var/log/audit/audit.log to 600 and everything
works fine. But run 'service auditd restart' or just reboot and audit
will refuse to start!
Dec 30 11:53:43 dhcp231-146 auditd: /var/log/audit/audit.log permissions
should be 0640
But at least this time it isn't breaking the whole system :)
-Eric