audit 2.5.1 released
Warron S French
warron.s.french at aero.org
Wed Apr 13 21:05:07 UTC 2016
Ah, thank you for the clarification.
Warron French, MBA, SCSA
The Aerospace Corporation
CCS> TCI> System Administrator Specialist III
A101/Rm N3417
Mailstop:CH1-210
UNCLASS: 571.304.7534
CLASS: 894-7534
-----Original Message-----
From: Steve Grubb [mailto:sgrubb at redhat.com]
Sent: Wednesday, April 13, 2016 4:18 PM
To: linux-audit at redhat.com
Cc: Warron S French <warron.s.french at aero.org>
Subject: Re: audit 2.5.1 released
On Wednesday, April 13, 2016 08:07:41 PM Warron S French wrote:
> can you please explain the versioning you use when you make these
> announcements?
>
> I am running CentOS-6.6 and that auditd release I have is at a much
> lower revision; auditd-2.3.7-5.el6.x86_64 for the package.
>
> Is that JUST BECAUSE I am on CentOS, and they are that far behind or
> is it because they handle RPM versioning separately from RedHat?
The version in Centos the same base source code version that is on RHEL. I don't know if Centos adds any additional patches or not. The enterprise operating systems get updated slowly in order to provide stability. RHEL 6.8 is being updated to 2.4.5 which I believe Centos will pickup, too.
The 2.5 branch is unsuitable for an old OS like RHEL6. It supports features that are in newer kernels.
-Steve
> -----Original Message-----
> From: linux-audit-bounces at redhat.com
> [mailto:linux-audit-bounces at redhat.com]
> On Behalf Of Steve Grubb Sent: Wednesday, April 13, 2016 4:02 PM
> To: linux-audit at redhat.com
> Subject: audit 2.5.1 released
>
> Hello,
>
> I've just released a new version of the audit daemon. It can be
> downloaded from http://people.redhat.com/sgrubb/audit. It will also be
> in rawhide soon. The ChangeLog is:
>
> - Updated and added audit rules
> - Updated errno table for 4.4 kernel
> - Change interpretation of exit to use errno define rather than a
> number
> - Add distribute_network configuration option to auditd
> - New aggregate only mode for auditd
> - Cleanup tmp file left by augenrules --check
> - Fix initial build from svn without golang support installed
> - Update auparse interpretations for hook, action, macproto, chardev,
> and net - Update interpretations for the 4.5 kernel
> - Fix DST bug in ausearch/report time handling
> - Add optional ExecStopPost to auditd.service to clear rules on
> service exit
> - Update ausearch/report buffer size for locales with large time
> formats - Add auparse_feed_age_events function to auparse library
> - Use auparse_feed_age_events in zos & prelude plugins
>
> This update includes more rules to compose into a policy. There is a
> new
> pci- dss set of rules, for example.
>
> Interpretations have been updated and improved.
>
> Auditd gained a new configuration options, distribute_network, which
> determines if events read from the network should be distributed to
> audispd for plugin analysis. This would allow for whole datacenter
> realtime analysis. The other configuration option, There is also a new
> option in the auditd.service file, ExecStopPost, which clears audit rules on shutdown.
> This allows makes shutdown more quiet like the sysVinit systems.
>
> There is a new function in auparse library to age pending events. This
> is necessary when an event has accumulated but no new events are
> arriving which would cause aging and processing of events that time
> out. The example plugin code has been updated to show its proper use.
>
> Please let me know if you run across any problems with this release.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list