Hello, I wanted to take a few minutes to chat about the future audit roadmap. The release of audit-2.8.3 represents a breaking point. Its time for changes. Some of these changes are going to modify configuration files. And new things that may not be compatible with the old will be introduced. So, I have created a 2.8_maintenance branch on github. This will be a lightly maintained branch that preserves the old way. I don't know if there will ever be an audit-2.8.4 release. But if there is, it will be from this branch.
Looking towards the future, here's what to expect. The next release will be called audit-3.0. This is to reflect a break with the old. The first new thing under development is a TLS transport mechanism for remote logging. Next, performance improvements will looked into to see if we can get auparse running more efficiently. Also look for container support to land in the near future. And another big change...audispd will be going away. Its functionality will be done by auditd directly. This will eliminate one place where events get dropped and also speed up the time between event arrival and a plugin seeing it. This will be important because there is a new IDS/IPS plugin that is under development. (Some of you may have seen it in action at DevConf 2018.) It will need events faster, more reliably, and a faster performing auparse library. I expect these to roll out over several releases. I would not expect these features to land in any stable distro. I would expect these to show up in the development and new versions of distros because of the breakage. I look to have all of this work completed by sometime this summer. Who knows...maybe sooner. Thoughts? -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit