Hello,
I've just released a new version of the audit daemon. It can be downloaded
from
http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Make ausearch a little more robust to bad time values
- Aureport's login report was corrected to print the loginuid (#1448526)
- In auparse_nomalize, add SUBJ_KIND metadata
- In auparse_nomalize, adjust USER_ERR mapping
- Fix queue_error_action in audisp-remote.conf (#1455594)
- Fix aureport to identify seccomp and anom_abend events in anomaly report
- In auparse, don't do euid permission check use file permissions
- Fix auparse python binding to support AUSOURCE_DESCRIPTOR
- Rename auparse normalizer python binding function to
aup_normalize_object_kind
- Add python bindings for auparse_nomalize_subject_kind
- Fixup all auparse python bindings return codes and documentation
- Fix interpretaion of fe field of BPRM_FCAPS record. (Richard Guy Briggs)
- Various error reporting fixups in auditctl and libaudit (Richard Guy Briggs)
The major item in this release is a reworking of the auparse python bindings.
The return codes are now consistent across the whole API. Also it was found
that auparse init via python bindings did not work for descriptor sources.
Aureport now reports the correct user on login report and the anomaly report
was updated to support older kernels. And auparse_normalize got a few more
touch ups. There was various error code cleanups sent by Richard Briggs.
SHA256: 98e22549444c313187dc98c2e137f36a9882efa0874b559b0457e5f87ae178ef
Please let me know if you run across any problems with this release.
-Steve