audit 2.8.5 released
warron.french
warron.french at gmail.com
Fri Mar 1 22:38:22 UTC 2019
Hi Steve, nice to hear from you.
I have some questions for you, if you don't mind.
1. Are you referred to as a Release Engineer?
2. What specifically is rawhide in the context of this email message?
3. Is Audit-3.0 going to be the standard for Red Hat 8 variants?
Thank you for your time,
--------------------------
Warron French
On Fri, Mar 1, 2019 at 4:34 PM Steve Grubb <sgrubb at redhat.com> wrote:
> Hello,
>
> I've just released a new version of the audit daemon. It can be
> downloaded from http://people.redhat.com/sgrubb/audit. It will also be
> in rawhide soon. The ChangeLog is:
>
> - Fix segfault on shutdown
> - Fix hang on startup (#1587995)
> - Add sleep to script to dump state so file is ready when needed
> - Add auparse_normalizer support for SOFTWARE_UPDATE event
> - Mark netlabel events as simple events so that get processed quicker
> - When audispd is reconfiguring, only SIGHUP plugins with valid pid
> (#1614833)
> - Add 30-ospp-v42.rules to meet new Common Criteria requirements
> - Update lookup tables for the 4.18 kernel
> - In aureport, fix segfault in file report
> - Add auparse_normalizer support for labeled networking events
> - Fix memory leak in audisp-remote plugin when using krb5 transport.
> (#1622194)
> - Event aging is off by a second
> - In ausearch/auparse, correct event ordering to process oldest first
> - auparse_reset was not clearing everything it should
> - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
> - In ausearch/report, lightly parse selinux portion of USER_AVC events
> - In ausearch/report, limit record size when malformed
> - In auditd, fix extract_type function for network originating events
> - In auditd, calculate right size and location for network originating
> events
> - Treat all network originating events as VER2 so dispatcher doesn't
> format
> it
> - In audisp-remote do an initial connection attempt (#1625156)
> - In auditd, allow expression of space left as a percentage (#1650670)
> - On PPC64LE systems, only allow 64 bit rules (#1462178)
> - Make some parts of auditd state report optional based on config
> - Fix ausearch when checkpointing a single file (Burn Alting)
> - Fix scripting in 31-privileged.rules wrt filecap (#1662516)
> - In ausearch, do not checkpt if stdin is input source
> - In libev, remove __cold__ attribute for functions to allow proper
> hardening
> - Add tests to configure.ac for openldap support
> - Make systemd support files use /run rather than /var/run (Christian
> Hesse)
> - Fix minor memory leak in auditd kerberos credentials code
> - Fix auditd regression where keep_logs is limited by rotate_logs 2 file
> test
> - In ausearch/report fix --end to use midnight time instead of now
> (#1671338)
>
> This is a big update to the maintenance branch of the audit package. All
> of
> the fixes included here are cherry picked fixes from the audit-3.0
> development
> branch. This might be the last release for the 2.8 code base. We'll just
> have
> to see.
>
> Work on the audit-3.0 release is waiting for the audit container work to
> land
> and then should be released soon thereafter. (Just in case people were
> wonder
> what is holding up an official audit-3.0 release.)
>
> SHA256: 0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7
>
> Please let me know if you run across any problems with this release.
>
> -Steve
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20190301/529843f6/attachment.htm>
More information about the Linux-audit
mailing list