Re: Question about updating audit.rules

2016-06-22 Thread Steve Grubb
On Wednesday, June 22, 2016 07:56:23 PM warron.french wrote: > I am writing puppet modules for work now. I am writing a module > specifically oriented around audit for Linux and Solaris. > > But I would like to know is after updating audit.rules in Linux with > immutable mode turned on; is a resta

Question about updating audit.rules

2016-06-22 Thread warron.french
I am writing puppet modules for work now. I am writing a module specifically oriented around audit for Linux and Solaris. But I would like to know is after updating audit.rules in Linux with immutable mode turned on; is a restart of the audit process actually required for the rules to take effect.

audit 2.6 released

2016-06-22 Thread Steve Grubb
Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - Auditd support for enriched data: uid/gid, saddr splitting, arch, syscall - Make all libraries and utilities support

Re: [PATCH] s390: ensure that syscall arguments are properly masked on s390

2016-06-22 Thread Paul Moore
On Wed, Jun 22, 2016 at 4:42 PM, Paul Moore wrote: > From: Paul Moore > > When executing s390 code on s390x the syscall arguments are not > properly masked, leading to some malformed audit records. > > Signed-off-by: Paul Moore > --- > arch/s390/kernel/ptrace.c | 11 --- > 1 file chan

[PATCH] s390: ensure that syscall arguments are properly masked on s390

2016-06-22 Thread Paul Moore
From: Paul Moore When executing s390 code on s390x the syscall arguments are not properly masked, leading to some malformed audit records. Signed-off-by: Paul Moore --- arch/s390/kernel/ptrace.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/s390/kernel/

Re: Logging from where user connected?

2016-06-22 Thread Steve Grubb
On Wednesday, June 22, 2016 08:21:27 AM Skwar Alexander wrote: > Hello Steve and all :) > > Am 20.06.2016 um 17:32 schrieb Steve Grubb: > > On Monday, June 20, 2016 03:54:02 PM Skwar Alexander wrote: > >> On certain servers (Ubuntu 14.04 and Ubuntu 16.04, with auditd 2.3.2 > >> and v2.4.5), we'

Re: Report Double Fetch Bug Found in Linux-4.6.1/kernel/auditsc.c

2016-06-22 Thread Andy Lutomirski
On Tue, Jun 21, 2016 at 12:59 PM, Ben Hutchings wrote: > On Tue, 2016-06-21 at 15:18 -0400, Richard Guy Briggs wrote: >> On 2016-06-21 19:20, Ben Hutchings wrote: >> > On Tue, 2016-06-21 at 14:14 -0400, Richard Guy Briggs wrote: >> > > On 2016-06-21 10:51, Ben Hutchings wrote: >> > > > On Tue, 201

Re: Report Double Fetch Bug Found in Linux-4.6.1/kernel/auditsc.c

2016-06-22 Thread Pengfei Wang
> 在 2016年6月21日,下午9:47,Richard Guy Briggs 写道: > > On 2016-06-21 13:31, Andy Lutomirski wrote: >> On Tue, Jun 21, 2016 at 12:59 PM, Ben Hutchings wrote: >>> On Tue, 2016-06-21 at 15:18 -0400, Richard Guy Briggs wrote: On 2016-06-21 19:20, Ben Hutchings wrote: > On Tue, 2016-06-21 at 14:1