audit-2.0.6 released

Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - ausearch/report performance improvements - Synchronize all sample syscall rules to use action,list - If program name provided to audit_log_acct_message, escape it - Fix man page for the audit_encode_nv_string function (#647131) - If value is NULL, don't segfault (#647128) - Fix simple event parsing to not assume session id can't be last (Peng Haitao) - Add support for new mmap audit event type - Add ability for audispd syslog plugin to choose facility local0-7 (#593340) - Fix autrace to use correct syscalls on i386 systems (Peng Haitao) - On startup and reconfig, check for excess logs and unlink them - Add a couple missing parser debug messages - Fix error output resolving numeric address and update man page - Add netfilter event types - Fix spelling error in audit.rules man page (#667845) - Improve warning in auditctl regarding immutable mode (#654883) - Update syscall tables for the 2.6.37 kernel - In ausearch, allow searching for auid -1 - Add queue overflow_action to audisp-remote to control queue overflows - Update sample rules for new syscalls and packages This release is mostly a big bug fix release. The new features are: ausearch/report now use the mmap option for fopen which increases the throughput overall. The first run of a search is about the same as always, but subsequence searches are noticably faster. We can now allow the audisp-syslog out put to go to a local facility for easier filtering. We added support for 2.6.37 syscalls, the new mmap supplimentary record, and the events sent by iptables. The last item I want to highlight is that its been around 2 or 3 years since the sample rules have been updated. This release syncs them with current software and Security Targets that might be used for Common Criteria or other security standards. Please let me know if you run across any problems with this release. -Steve