Hello,
I've just released a new version of the audit daemon. It can be downloaded
from
http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Fix interpretation of saddr fields when using enriched events
- In netlink_handler of auditd, ensure ack_func is initialized to NULL
- Use full path to auditctl in augenrules
- Raise the number of log files auditd allows to 999
- In auditd reconfig, update use_libwrap setting
- Fix memory leak in reconfigure
- Add EHWPOISON definition for errno lookup table if missing (Thomas Petazzoni)
- Better detect struct audit_status existence (Thomas Petazzoni)
- Rework dispatcher protocol 1 to be what it used to be
This is yet another bug fix to the 2.6 major revision. The main bug fixed is an
uninitialized function pointer that caused auditd to segfault. Another major
fix is reverting the format of protocol 1 dipatched records. It was
inadvertantly updated to protocol 2 even though the header was advertising 1.
This update also fixes a couple small memory leaks that would occur when the
audit daemon recieved a SIGHUP to reload. This also makes sure that all
variables get updated on a reconfigure. It was also found that use_libwrap was
not in auditd.conf even though the man page talked about it.
Please let me know if you run across any problems with this release.
-Steve