audit 2.6.6 released

[Steve Grubb]

Hello,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:

- Interpret ioctlcmd fields
- Fix the permission of the audit logging directory
- Fix timeout in autrace better
- Add gitignore file to ignore generated files if using git (Richard Guy Briggs)
- audit_log_user_comm_message now resolves comm if NULL is passed
- Update syscall table
- Fix multi-key support in auparse which was broke in tty escape bug fix
- Add multi-key support for syscall rules

This is a bug fix release. I didn't want to wait too long after the directory 
permission problem was discovered, but I did want to give a little time in 
case there was anything else discovered. The main issue fixed in this release 
is the audit log directory permissions. If a group was given for log_group in 
auditd.conf, the audit daemon gave write permissions on the directory to the 
group. This appears to have started in the 2.6.1 release.

The autrace program was timing out too quickly waiting to check rules. It now 
uses the select syscall to wait on rules.

The multi-key support that was added for IDS purposes with prelude was found 
to have been broken by the tty escape bug fix. In troubleshooting that, I found 
that it was not supported on the "new style" audit rules. So, that has been 
fixed so that you can put multiple keys on syscall rules. Multiple key support 
was fixed, but to do it right meant that the filed type had to change from 
AUPARSE_TYPE_ESCAPED to AUPARSE_TYPE_ESCAPED_KEY.

Please let me know if you run across any problems with this release.

-Steve