audit 2.8.2 released
(too old to reply)
Steve Grubb
2017-12-14 18:07:42 UTC

I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:

- Update tables for 4.14 kernel
- Fixup ipv6 server side binding
- AVC report from aureport was missing result column header (#1511606)
- In ausearch/report pickup any path and new-disk fields as a file
- Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
- In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
- Fix building on old systems without linux/fanotify.h
- Fix shell portability issues reported by shellcheck
- Auditd validate_email should not use gethostbyname

This is a bug fix release that corrects several things in the 2.8 series. IPv6
support was not binding to an IPv6 socket on the server side. auditctl --
reset-lost is intended to return the current value of the lost events value.
It was returning the netlink sequence number. This is now corrected. The new
ausearch test suite detected a bug in auparse_search functions that was
introdiced in 2.8, the date was not considered a numeric field and thus could
not match dates. This is fixed. It was also discovered that on older systems
without fanotify.h, the build would fail. And lastly, validate_email was using
gethostby name which validated against IPv4 addresses which is wrong given
that IPv6 support was introduced. This has also been fixed.

SHA256: 67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba

Please let me know if you run across any problems with this release.