Product SiteDocumentation Site

1.7. audit

1.7.1. RHBA-2010:0228: bug fix update

An updated audit package that fixes various bugs and provides an enhancement is now available.
The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel.
This update includes the following fixes:
* The man page was ambiguous in explaining the structure of dates and the supplied examples often did not work because of different date formats in various locales. This caused some confusion amongst users. The page has been rewritten to clarify that the date format accepted by aureport and ausearch is influenced by the LC_TIME environmental variable, eliminating the confusion about this issue. (BZ#513974)
* The audit package's libauparse function had a bug that meant it could not interpret IPC (inter-process communication) mode fields. When it attempted to do so, a segmentation fault would occur. The audit package has now been patched so that IPC mode fields are interpreted by the software without crashes resulting. (BZ#519790)
This update also includes the following enhancement:
* The audit package has been rebased and, as a result, a number of new features have been added. These include:
1. Allowing ausearch/report to specify multiple node names (which are needed for remote logging). 2. auparse can now handle empty AUSOURCE_FILE_ARRAYs. 3. auditctl rules now allow a0-a3 to be negative numbers. 4. An audit.rules man page has been added. 5. auditd resets syslog warnings if disk space becomes available. 6. The != operator in audit_rule_fieldpair_data is now checked. 7. A tcp_max_per_addr option has been added to auditd.conf in order to limit concurrent connections. 8. Many improvements to remote logging code.
As a result, these enhancements are now available for system administrators, making auditing options much more flexible. (BZ#529851)

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.