Re: Upgrading audit package
Hello,
On Monday, July 11, 2016 8:17:50 AM EDT Bhagwat, Shriniketan Manjunath wrote:
I am using audit in my development environment. My development
environment
is as below.
RHEL 5.2 with kernel 2.6.32-431.el6.x86_64 and audit-2.2-2.el6.x86_64.
SUSE 11 SP3 with kernel 3.0.76-0.11-default and audit-1.8-0.30.1
As I understand the above audit packages I am using in my environment are
user space audit. I want to upgrade it to the latest version.
RHEL5's last valid audit package would be 1.8. The 2.x branch removed
functions from the ABI and changed the buffer size which means that you would
have to recompile everything that has a dependency on audit-libs. If they are
using any removed functions you would have to patch them to use something
else.
If I upgrade the audit packages to latest version 2.6.X will there be
any
issues?
Probably. The audit 2.x release also has a soname number change for libaudit.
Apps won't be able to find it during startup.
Linux Audit kernel available with kernel 2.6.32-431.el6.x86_64 and
3.0.76-0.11 are compatible with user space audit 2.6.X?
I have never tested that configuration. I will likely work except for the
missing kernel support. The bigger issue is everything in user space that
links against libaudit.
In your opinion what
is the suitable audit package for my environment to upgrade? If these topics
are already documented please guide me to the documentation.
Speaking for the RHEL side of things...if its a RHEL5 system, audit-1.8 is the
end of the line. After that and you are in unknown territory.
-Steve