From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: audit 2.5.1 released Date: Wed, 13 Apr 2016 16:17:45 -0400 Message-ID: <7902180.HVh8nUMe7u@x2> References: <7421261.mz4oQuZqgc@x2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Wednesday, April 13, 2016 08:07:41 PM Warron S French wrote: > can you please explain the versioning you use when you make these > announcements? > > I am running CentOS-6.6 and that auditd release I have is at a much lower > revision; auditd-2.3.7-5.el6.x86_64 for the package. > > Is that JUST BECAUSE I am on CentOS, and they are that far behind or is it > because they handle RPM versioning separately from RedHat? The version in Centos the same base source code version that is on RHEL. I don't know if Centos adds any additional patches or not. The enterprise operating systems get updated slowly in order to provide stability. RHEL 6.8 is being updated to 2.4.5 which I believe Centos will pickup, too. The 2.5 branch is unsuitable for an old OS like RHEL6. It supports features that are in newer kernels. -Steve > -----Original Message----- > From: linux-audit-bounces@redhat.com [mailto:linux-audit-bounces@redhat.com] > On Behalf Of Steve Grubb Sent: Wednesday, April 13, 2016 4:02 PM > To: linux-audit@redhat.com > Subject: audit 2.5.1 released > > Hello, > > I've just released a new version of the audit daemon. It can be downloaded > from http://people.redhat.com/sgrubb/audit. It will also be in rawhide > soon. The ChangeLog is: > > - Updated and added audit rules > - Updated errno table for 4.4 kernel > - Change interpretation of exit to use errno define rather than a number > - Add distribute_network configuration option to auditd > - New aggregate only mode for auditd > - Cleanup tmp file left by augenrules --check > - Fix initial build from svn without golang support installed > - Update auparse interpretations for hook, action, macproto, chardev, and > net - Update interpretations for the 4.5 kernel > - Fix DST bug in ausearch/report time handling > - Add optional ExecStopPost to auditd.service to clear rules on service exit > - Update ausearch/report buffer size for locales with large time formats - > Add auparse_feed_age_events function to auparse library > - Use auparse_feed_age_events in zos & prelude plugins > > This update includes more rules to compose into a policy. There is a new > pci- dss set of rules, for example. > > Interpretations have been updated and improved. > > Auditd gained a new configuration options, distribute_network, which > determines if events read from the network should be distributed to audispd > for plugin analysis. This would allow for whole datacenter realtime > analysis. The other configuration option, There is also a new option in the > auditd.service file, ExecStopPost, which clears audit rules on shutdown. > This allows makes shutdown more quiet like the sysVinit systems. > > There is a new function in auparse library to age pending events. This is > necessary when an event has accumulated but no new events are arriving > which would cause aging and processing of events that time out. The example > plugin code has been updated to show its proper use. > > Please let me know if you run across any problems with this release. > > -Steve > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit