audit 1.6.5 released

[Steve Grubb]

Hi,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
soon. The Changelog is:

- Add more errno strings for use with rules
- Fix config parser to allow either 0640 or 0600 for audit logs (#427062)
- Check for audit log being writable by owner in auditd
- If auditd logging was suspended, it can be resumed with SIGUSR2 (#251639)
- Updated CAPP, LSPP, and NISPOM rules for new capabilities
- Added aulastlog utility

This release fixes up a bug where the config parser was not allowing either 
0640 or 0600 for the log file permissions. This was also fixed in auparse.

A new capability was added. When the audit daemon suspends logging and the 
admin has taken steps to free disk space again, logging can now be resumed 
with SIGUSR2. If you are using the init scripts in the audit package, it 
would be usable as "service auditd resume".

The CAPP, LSPP, and NISPOM sample rules have been updated to use the errno 
capability for exit codes and to use directory auditing when needing to audit 
many things in the same directory. For example, you do not need to watch each 
individual audit log. You can just watch /var/log/audit and it will pick up 
all changes to any audit log in that directory. This capability requires the 
kernel to support directory watches (2.6.24 vanilla for example).

This release also adds a new tool, aulastlog. It displays login information 
like lastlog does. It uses the auparse library and its source code can be 
used to see how simple writing new audit based tool can be.

Please let me know if you run across any problems with this release.

-Steve