EXT :Re: audit-3.0
Steve Grubb
sgrubb at redhat.com
Tue Jun 18 16:33:26 UTC 2019
On Tuesday, June 18, 2019 11:59:05 AM EDT Boyce, Kevin P [US] (AS) wrote:
> Maybe what Philippe means is a carefully tested auditd shouldn't be
> considered "alpha" anymore?
That's a fair point. :-)
I've considered it Alpha because it's missing container support. IOW, it's
not feature complete. Container support was listed as the main benefit for
calling this 3.0. There probably won't be a beta release. It will probably
just go straight to release after initial testing and then cleanup problems/
round out support on a 3.0.1 release.
-Steve
> -----Original Message-----
> From: linux-audit-bounces at redhat.com <linux-audit-bounces at redhat.com> On
> Behalf Of Steve Grubb Sent: Tuesday, June 18, 2019 10:36 AM
> To: linux-audit at redhat.com
> Cc: MAUPERTUIS, PHILIPPE <philippe.maupertuis at equensworldline.com>
> Subject: EXT :Re: audit-3.0
>
> Hello Philippe,
>
> On Tuesday, June 18, 2019 9:34:08 AM EDT MAUPERTUIS, PHILIPPE wrote:
> > On the mailing list a few days ago, it was announce that Audit-3.0
> > alpha8 was available. I am a little bit confused because on a RHEL 8
> > server I get
> >
> > rpm -q audit
> > audit-3.0-0.10.20180831git0047a6c.el8.x86_64
> > What are the link between the Rhel 8 rpm and the version audit-3.0
> > announced.
>
> The RHEL 8 rpm is an earlier git snapshot from August 31, 2018 + patches.
> The package version should be a clue that this is a git snapshot. The
> Fedora packaging guidelines say that if it is a pre-release git snapshot,
> version must start with 0 so it can be overridden in the future, and the
> date + git + last commit hash must be included so that anyone can identify
> exactly what this is.
> > I can't imagine RHEL8 using an alpha version.
>
> Why? Anything put into RHEL is carefully tested. (Fedora has also been
> running on alpha/git snapshots for about a year, too.) Also, I stopped
> feature development in audit-3.0 around August of last year. Everything
> going in since then has been bugs reported or discovered or at most small
> patches to support new kernel features. So, audit userspace should be
> considered as becoming mature, stable code that will not be developed at
> the same pace as before.
>
> I expect that when container support lands, there will be a couple rounds
> of development to make it nice to use. But then its back to listening for
> bug reports.
>
> To be honest, I think at this point anything of value is really higher up
> the stack. IOW, visualizing, aggregating, or alerting at scale.
>
> -Steve
>
> > As the side note the Rhel 8 rpm has the following description rpm -qi
> > audit
> > Name : audit
> > Version : 3.0
> > Release : 0.10.20180831git0047a6c.el8
> > Architecture: x86_64
> > Install Date: Mon 17 Jun 2019 05:55:23 PM CEST
> > Group : Unspecified
> > Size : 678098
> > License : GPLv2+
> > Signature : RSA/SHA256, Wed 09 Jan 2019 07:26:49 PM CET, Key ID
> > 199e2f91fd431d51 Source RPM :
> > audit-3.0-0.10.20180831git0047a6c.el8.src.rpm
> > Build Date : Wed 09 Jan 2019 06:26:29 PM CET Build Host :
> > x86-vm-06.build.eng.bos.redhat.com
> > Relocations : (not relocatable)
> > Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
> > Vendor : Red Hat, Inc.
> > URL : http://people.redhat.com/sgrubb/audit/
> > Summary : User space tools for 2.6 kernel auditing
> >
> > Of course the kernel for REHL8 is :
> > rpm -q kernel
> > kernel-4.18.0-80.el8.x86_64
> >
> > Any clarification is welcome
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list