audit 1.6.9 released
Steve Grubb
sgrubb at redhat.com
Mon Mar 10 00:06:39 UTC 2008
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- Apply hidden attribute cleanup patch (Miloslav Trmac)
- Apply auparse expression interface patch (Miloslav Trmac)
- Fix potential memleak in audit event dispatcher
- Change default audispd queue depth to 80
- Update system-config-audit to version 0.4.6 (Miloslav Trmac)
- audisp-prelude alerts now controlled by config file
- Updated syscall table for 2.6.25 kernel
- Apply patch correcting acct field being misencoded (Miloslav Trmac)
- Added watched account login detection for prelude plugin
This release adds new syscalls from the 2.6.25 kernel. it also improves the
audisp-prelude plugin by giving a configuration file where individual alerts
can be enable disabled as well as a custom profile name set for prelude. The
plugin was also improved by adding the capability to watch for login events
of admin selected accounts and send an alert. Currently this only works on
successful logins, but will be updated to include some failed attempts, too.
Please let me know if you run across any problems with this release.
-Steve
More information about the Linux-audit
mailing list