Steve Grubb
2017-09-18 18:31:04 UTC
Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Add config option to auditd to not verify email addr domain (#1406887)
- When auditd forwards events to disptcher, calculate protocol each event
- In auditd, restore umask after creating log file (Avi Yeger)
- Add a realpath interpretation function that resolves whole path in auparse
- In audispd, strip out EOE events for syslog plugin
- In python 2 bindings, fix AUSOURCE_FILE_POINTER to use new FILE * (#1475998)
- In python bindings, check NULL return for auparse_get_type_name (#1482121)
- Make auparse more robust against misuse of the API (#1482121)
- Add USER_DEVICE record type
- In auditd, do not use '?' for auid when signal sender is unknown
- In ausearch, write checkpoint inode in decimal to be easier to use
- In auparse-normalizer, correct attr's collected for mount object
This update fixes a number of bugs reported through bugzilla. There was a
problem doing aggregated logging when in a mixed environment. This has been
corrected to calculate the protocol being used on a per event basis. A
realpath resolving option has been added to auparse. This does require root
privileges to fully use. In audispd, strip out EOE events for syslog plugin.
Fixed an issue where auparse python biindings was causing a crash when a FILE
* was passed to auparse_init. Another python binding bug was fixed where it
was not checking the returned string of auparse_get_type_name() for NULL. And
some code cleanups were done.
SHA256: 57b5ae5697f288b8e53286eacd1c6c2e88bd65db18df3d855332fc63b302fdae
Please let me know if you run across any problems with this release.
-Steve
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Add config option to auditd to not verify email addr domain (#1406887)
- When auditd forwards events to disptcher, calculate protocol each event
- In auditd, restore umask after creating log file (Avi Yeger)
- Add a realpath interpretation function that resolves whole path in auparse
- In audispd, strip out EOE events for syslog plugin
- In python 2 bindings, fix AUSOURCE_FILE_POINTER to use new FILE * (#1475998)
- In python bindings, check NULL return for auparse_get_type_name (#1482121)
- Make auparse more robust against misuse of the API (#1482121)
- Add USER_DEVICE record type
- In auditd, do not use '?' for auid when signal sender is unknown
- In ausearch, write checkpoint inode in decimal to be easier to use
- In auparse-normalizer, correct attr's collected for mount object
This update fixes a number of bugs reported through bugzilla. There was a
problem doing aggregated logging when in a mixed environment. This has been
corrected to calculate the protocol being used on a per event basis. A
realpath resolving option has been added to auparse. This does require root
privileges to fully use. In audispd, strip out EOE events for syslog plugin.
Fixed an issue where auparse python biindings was causing a crash when a FILE
* was passed to auparse_init. Another python binding bug was fixed where it
was not checking the returned string of auparse_get_type_name() for NULL. And
some code cleanups were done.
SHA256: 57b5ae5697f288b8e53286eacd1c6c2e88bd65db18df3d855332fc63b302fdae
Please let me know if you run across any problems with this release.
-Steve