audit-3.0.8 released
Steve Grubb
sgrubb at redhat.com
Tue Mar 29 21:55:12 UTC 2022
Hello,
I've just released a new version of the audit daemon. It can be
downloaded from http://people.redhat.com/sgrubb/audit. It will also be
in rawhide soon. The ChangeLog is:
- Add gcc function attributes for access and allocation
- Add some more man pages (MIZUTA Takeshi)
- In auditd, change the reinitializing of the plugin queue
- Fix path normalization in auparse (Sergio Correia)
- In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo
Matsumiya)
- In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
- Drop ProtectHome from auditd.service as it interferes with rules
The main driver for this release is that there are a number of bugs that have
been discovered recently. Some of these have been there for a while such as
the ProtectHome systemd option. The big take away is anyone adding lots of
systemd hardening options might have some very hard to debug problems.
There was a problem with the plugin queue where a certain combination of
adding/removing plugins with the queue overflowing caused the queue to not
restart like it should.
The path normalization issue was causing path's not to be returned when
interpreted.
SHA256: b5f4d9b9ad69381ee18f33d3d918326aa52861509c901143f8a8c4ed5caa8913
Please let me know if you run across any problems with this release.
-Steve
More information about the Linux-audit
mailing list