audit 0.6.11 released

[Steve Grubb]

Hello,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit   The Changelog is:

- Check log file size on start up
- Added priority_boost config item
- Reworked arch support
- Reworked how run level is changed
- Make allowances for ECONNREFUSED.

The program was not checking the logfile size on startup which could make it 
add a record before deciding to perform the log file size action.

In order to help solve the lost records problem, I've added a priority boost 
option to auditd.conf. The default is 3. you should probably check 
you /etc/auditd.conf file to see that you have the new option.

The arch support has been reworked. Thanks to Debbie Velarde for helping 
gather the syscall tables. Please give this feature a try. I think it should 
be working (except for "both"). Please report any bugs with this soon and 
I'll release a 0.6.12 to fix any problems.

The way that the run level is changed was reworked to make SE Linux policy 
better. It was invoking system() now it does execve().

People that are rolling their own kernels and not including the audit system 
were being stopped from logging by pam. I made an exception that if 
ECONNREFUSED is detected during sendto, they are using a modified kernel and 
we'll bypass logging.  ECONNREFUSED means the kernel isn't listening on the 
audit netlink socket....so I think this exception is safe.

Please give it some testing and report any problems.

-Steve