|Summary:||Rebase audit package to 2.8.4 to pick up bug fixes|
|Product:||Red Hat Enterprise Linux 7||Reporter:||Steve Grubb <sgrubb>|
|Component:||audit||Assignee:||Steve Grubb <sgrubb>|
|Status:||CLOSED ERRATA||QA Contact:||Ondrej Moriš <omoris>|
|Severity:||medium||Docs Contact:||Mirek Jahoda <mjahoda>|
|Version:||7.5||CC:||jkucera, kwalker, mjahoda, mthacker, omoris, sgrubb|
|Fixed In Version:||audit-2.8.4-2.el7||Doc Type:||Rebase: Bug Fixes and Enhancements|
_audit_ rebased to 2.8.4 The _audit_ packages have been upgraded to upstream version 2.8.4, which provides a number of bug fixes and enhancements over the previous version. Notable changes include: * Added support for dumping internal state. You can now run the "service auditd state" command to see information about the *Audit* daemon. * Added support for the `SOFTWARE_UPDATE` event generated by the *rpm* and *yum* tools. * Allowed unlimited retries during a remote logging startup. This helps to start even if the aggregating server is not running when a client is booted. * Improved IPv6 remote logging.
|Last Closed:||2018-10-30 11:28:31 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Steve Grubb 2018-03-21 14:40:22 UTC
Description of problem: Upstream audit has fixed a number of bugs. The changelog is not very big. Its very close to what was done for RHEL 7.5. 2.8.3 - Correct msg function name in lru debug code - Fix a segfault in auditd when dns resolution isn't available - Make a reload legacy service for auditd - In auparse python bindings, expose some new types that were missing - In normalizer, pickup subject kind for user_login events - Fix interpretation of unknown ioctcmds (#1540507) - Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, & RESP_ORIGIN_BLOCK_TIMED events - In auparse_normalize for USER_LOGIN events, map acct for subj_kind - Fix logging of IPv6 addresses in DAEMON_ACCEPT events (#1534748) - Do not rotate auditd logs when num_logs < 2 (brozs) 2.8.2 - Update tables for 4.14 kernel - Fixup ipv6 server side binding - AVC report from aureport was missing result column header (#1511606) - Add SOFTWARE_UPDATE event - In ausearch/report pickup any path and new-disk fields as a file - Fix value returned by auditctl --reset-lost (Richard Guy Briggs) - In auparse, fix expr_create_timestamp_comparison_ex to be numeric field - Fix building on old systems without linux/fanotify.h - Fix shell portability issues reported by shellcheck - Auditd validate_email should not use gethostbyname Additional info: audit-2.8.3 is in F27 & F28 right now.
Comment 1 Steve Grubb 2018-04-09 13:13:22 UTC
Also, these should be picked up in a rebase: - Generate checkpoint file even when not results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
Comment 5 Steve Grubb 2018-06-20 13:57:02 UTC
audit-2.8.4-1.el7 has been built to address this issue.
Comment 14 errata-xmlrpc 2018-10-30 11:28:31 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3237