Tools for reviewing audit logs ?
Steve Grubb
sgrubb at redhat.com
Wed Dec 13 17:21:00 UTC 2006
On Wednesday 13 December 2006 11:36, Jonathan Abbey wrote:
> I'm guessing that was Leigh Purdie and the Snare team down at
> Intersect Alliance in oz.
It wasn't Leigh, it was someone else about a month later.
> They are providing/recommending 'audit-1.2.1-1.i386.rpm' and
> 'audit-libs-1.2.1-1.i386.rpm' in addition to their
> SnareLinux-1.0b7-1.i386.rpm,
Hopefully that is "or higher".
> but I'm not sure why that's necessary, given that RHEL4 should be providing
> those pieces (albeit with lower version numbers?) out of the box.
RHEL4 did not have the dispatcher interface in it right away. I wanted to
study the problem a little more since the API might change based on real use
scenarios.
I think we've gotten enough runtime now to see how its working out and I've
backported it - which became the 1.0.15 release. I have another set of
updates to make and I'll release a 1.0.16 version and that should make it to
the U5 release. So, that would be the first RHEL4 version that could support
such a setup.
-Steve
More information about the Linux-audit
mailing list