Hi,
I've just released a new version of the audit daemon. It can be downloaded
from
http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- Add kernel release string to DEAMON_START events
- Log warning if audit event from kernel is too big
- Fix keep_logs when num_logs option disabled (#325561)
- Auditd commandline option to decide whether to enable kernel auditing on
startup (Tony Jones)
- Fix auparse to handle node fields for syscall records
- Updates for auparse to uninterpret text search values (Miloslav Trmac)
- Update system-config-audit to version 0.4.5 (Miloslav Trmac)
- Add keyword week-ago to aureport & ausearch start/end times
- Fix audit log permissions on rotate. If group is root 0400, otherwise 0440
- Get "make check" working for auparse
- Add RACF zos remote audispd plugin (Klaus Kiwi)
- Add event queue overflow action to audispd
- Make sure we are reading right amount of pipe in audispd
Please let me know if you run across any problems with this release.
-Steve