Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - Aulast now reads daemon_start events for the kernel version of reboot - Clarify the man pages for ausearch/report regarding locale and date formats - Fix getloginuid for python bindings - Disable the audispd af_unix plugin by default - Add a couple new init script actions for LSB 3.2 - In audisp-remote plugin, timeout network reads (#514090) - Make some error logging in audisp-remote plugin more prominent - Add audit.rules man page - Interpret the session field in audit events This is mostly a bug fix release. It was noticed in aulast that all the kernel's being printed were the same. Now we extract that information from DAEMON_START events which records the uname info. The python bindings for getloginuid made an error on the uid_t data type. Ausearch now interprets ses=-1 to unset. The af_unix plugin was enabled by default since setroubleshooter was acting as a standalone daemon. It has been starting off of audispd for a while, so now there should be no known applications needing af_unix. The initscripts were not 100% LSB 3.2 compliant. They should be now. In some situations, the audisp-remote plugin was not timing out fast enough on some network errors. This has been fixed. And in the interest in helping people write audit rules, a new man page "audit.rules" has been added with a very long explanation of a lot of issues. Please let me know if you run across any problems with this release. -Steve PS - there will a release in the 1.7 branch soon rolling up a lot of bug fixes from the trunk.