Hi, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit The srpm is aimed at FC-4. A slightly different srpm is required for RHEL4. The Changelog is:
- Correct address resolving of hostname in logging functions - Fix logging messages to use addr if passed - Add TRUSTED_APP message type - Fix netlink errno return - Auditd ignore most signals - Add audit dispatcher interface to auditd - In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834) - Cleanup file descriptor handling in auditd - Improve time handling in ausearch and aureport (#191394) - Attempt to reconstruct full path from relative for searching - Ausearch & aureport now fail if no args to -te - In aureport, add class between syscall and permission in avc report - Fix bug where fsync is called in debug mode - ausearch & aureport implement uid/gid caching - In ausearch & aureport, extract addr when hostname is unknown - In ausearch & aureport, test audit log presence O_RDONLY - Updated man pages (#213328, #213330) Please let me if there are any issues with this. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
