On Fri, Dec 18, 2015 at 4:20 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
On Friday, December 18, 2015 04:08:07 PM Paul Moore wrote:
> On Fri, Dec 18, 2015 at 2:49 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
> > Hello,
> >
> > I've just released a new version of the audit daemon. It can be downloaded
> > from
http://people.redhat.com/sgrubb/audit. It will also be in rawhide
> > soon. The ChangeLog is:
> >
> > - Fix auditd disk flushing for data and sync modes
> > - Fix auditctl to not show options not supported on older OS
> > - Add audit.m4 file to aid adding support to other projects
> > - Fix C99 inline function build issue
> > - Add account lock and unlock event types
> > - Change logging loophole check to geteuid()
> > - Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn
> > Alting) - Fix ausearch to parse FEATURE_CHANGE events
>
> Perhaps I missed it, but when can we expect the audit-by-exec support?
It will be in the 2.5 release. It should be one of the first couple of things I
apply to the svn repo. I'm going to shoot for a January release of the audit
package.
Okay, thanks for the update.
In the future I'd like us to coordinate a bit better when adding new
features that span kernel and userspace; I dislike implementing new
features in the kernel that lay dormant for a release or two.
--
paul moore
www.paul-moore.com