From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 12F15C00A8F for ; Tue, 24 Oct 2023 18:54:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698173646; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=SG0mzR1Phqd3xlYyOhYr5GihMZqWBczXCI1T/MhORXw=; b=d5ZrnXUQe+LPCF3TEninkgHm7Sgpv6JmHBnhc30BQ6cnajjk4NIvfSbHnZqIG7p/9eL7ed nSTAhO8UDgNSkvPY1Zzez8EIqS5ulW0cnewrf2pyzc7++Zqjn8wszfYuTwY8ezd2FWAIC5 yAnMe7/eVxAhAxCp4OHAj4jcQB0tRRQ= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-643-9ghvePGLPceaHorg21A_wg-1; Tue, 24 Oct 2023 14:54:01 -0400 X-MC-Unique: 9ghvePGLPceaHorg21A_wg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BF6E6101FAB5; Tue, 24 Oct 2023 18:53:56 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 57E3C25C0; Tue, 24 Oct 2023 18:53:55 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id BC76D194658C; Tue, 24 Oct 2023 18:53:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A91651946586 for ; Tue, 24 Oct 2023 18:53:53 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id EA6792026D68; Tue, 24 Oct 2023 18:53:52 +0000 (UTC) Received: from x2.localnet (unknown [10.22.32.246]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CC7722026D6E for ; Tue, 24 Oct 2023 18:53:52 +0000 (UTC) From: Steve Grubb To: linux-audit@redhat.com Subject: Audit status update Date: Tue, 24 Oct 2023 14:53:52 -0400 Message-ID: <10525971.nUPlyArG6x@x2> Organization: Red Hat MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-audit-bounces@redhat.com Sender: "Linux-audit" X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello, Back in August I wrote an email detailing changes for an audit 4.0 release: https://listman.redhat.com/archives/linux-audit/2023-August/020036.html At this point, all changes have been made. I would like to ask anyone at a distribution to please pull the master branch and give it a try. It is suggested to package audit-rules, auditctl, and augenrule + the new systemd service separately. In order for the new audit-rules.service to be enabled out of the box, you will also need to coordinate a systemd preset. On Fedora, that would be: /usr/lib/systemd/system-preset/90-default.preset which now includes: enable auditd.service enable audit-rules.service I am aiming this change for Fedora 40 since that is the current one in development. Getting this enabled by default on Fedora requires a ticket and approval. I could imagine there are are similar procedures at other distros. Meaning when audit-4.0 is released, it may take some time before you see it in a distro. The python updates required splitting libaudit.h into 2 files. The new file audit-logging.h is included by libaudit.h, so no user visible changes should be noticed. Also, by restricting the API in the python bindings, I only know of one application that was relying on the extended API, setroubleshoot. Be on the lookout for other applications that might be broken. The current master branch will be tagged as 4.0 alpha which is for testing. Please check this soon...because...the audit mail list might be going away soon. I am trying to preserve it but I think we are running out of time and options. If we lose the mail list, report items on github. And if I can arrange a new mail list, I will point to it from my people.redhat.com page. Lastly, there is a new github branch, audit-3.1-maint. I have cherry-picked patches that I think are important for a 3.1.3 release if that ever happens. But know that I am not testing it and a release may never happen. Treat it more as a suggestion of patches you might want to include during any maintenance release you might do. Please let me know any issues found in testing. Audit-4.0 will be released in the next month or so depending on feedback and FESCO approval. Best Regards, -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit