Audit status update
Steve Grubb
sgrubb at redhat.com
Tue Oct 24 18:53:52 UTC 2023
Hello,
Back in August I wrote an email detailing changes for an audit 4.0 release:
https://listman.redhat.com/archives/linux-audit/2023-August/020036.html
At this point, all changes have been made. I would like to ask anyone at a
distribution to please pull the master branch and give it a try. It is
suggested to package audit-rules, auditctl, and augenrule + the new systemd
service separately.
In order for the new audit-rules.service to be enabled out of the box, you
will also need to coordinate a systemd preset. On Fedora, that would be:
/usr/lib/systemd/system-preset/90-default.preset
which now includes:
enable auditd.service
enable audit-rules.service
I am aiming this change for Fedora 40 since that is the current one in
development. Getting this enabled by default on Fedora requires a ticket and
approval. I could imagine there are are similar procedures at other distros.
Meaning when audit-4.0 is released, it may take some time before you see it
in a distro.
The python updates required splitting libaudit.h into 2 files. The new file
audit-logging.h is included by libaudit.h, so no user visible changes should
be noticed.
Also, by restricting the API in the python bindings, I only know of one
application that was relying on the extended API, setroubleshoot. Be on the
lookout for other applications that might be broken.
The current master branch will be tagged as 4.0 alpha which is for testing.
Please check this soon...because...the audit mail list might be going away
soon. I am trying to preserve it but I think we are running out of time and
options. If we lose the mail list, report items on github. And if I can
arrange a new mail list, I will point to it from my people.redhat.com page.
Lastly, there is a new github branch, audit-3.1-maint. I have cherry-picked
patches that I think are important for a 3.1.3 release if that ever happens.
But know that I am not testing it and a release may never happen. Treat it
more as a suggestion of patches you might want to include during any
maintenance release you might do.
Please let me know any issues found in testing. Audit-4.0 will be released in
the next month or so depending on feedback and FESCO approval.
Best Regards,
-Steve
More information about the Linux-audit
mailing list