Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is:
- In auparse, output socket family name if unsupported but known - In auparse, store arch & syscall fields in SECCOMP records for interpretation - In auparse_normalize, create an event_kind for seccomp events - In auparse, when interpreting discard 'unknown' enriched fields This release has less development than normal. This is because I run across two bugs that I thought merit getting an updated audit daemon out sooner than later. The first bug was reported Laurent Bigonville where it was noticed that ausearch could be caused to segfault when it encountered a PF_PACKET socket address. The other bug was that SECCOMP events were not resolving the syscall when the enriched event logging format was being used. This was corrected both in the creation of records and in searching records that already had bad data in them. SHA256: 9ca4142fb6809367070a3f3449979055fa2daeb12a0a88c4874a0cfd02133922 Please let me know if you run across any problems with this release. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit