Bug 1757986

Summary: Rebase audit package on 8.2 for updates
Product: Red Hat Enterprise Linux 8 Reporter: Steve Grubb <sgrubb>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: medium Docs Contact: Mirek Jahoda <mjahoda>
Priority: high    
Version: ---CC: josorior, mjahoda, omoris
Target Milestone: rcKeywords: Rebase
Target Release: 8.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: audit-3.0-0.17.20191104git1c2f876 Doc Type: Enhancement
Doc Text:
.`audit` rebased to version 3.0-0.14 The `audit` packages have been upgraded to upstream version 3.0-0.14, which provides many bug fixes and enhancements over the previous version, most notably: * Added an option to interpret fields in the syslog plugin * Divided the `30-ospp-v42.rules` file into more granular files * Moved example rules to the `/usr/share/audit/sample-rules/` directory * Fixed Audit KRB5 transport mode for remote logging
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:46:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1746025    

Description Steve Grubb 2019-10-02 21:32:14 UTC 
Description of problem:
The audit package has some updates that are expected to be in place for 8.2 common criteria. Updates since 8.1's release include:

* Coverity reported static analysis warnings
* Drop standalone EOE events in auparse
* Add milliseconds column for ausearch extra time csv format
* Fix aureport first event reporting when no start given
* In audisp-remote, add new config item for startup connection errors
* Remove dependency on chkconfig
* Install rules to /usr/share/audit/sample-rules/
* Update ospp.rules to fully meet certification requirements
* Kerberos remote logging fixes


There is also expected to be work to:
* Breakup ospp-42.rules to smaller units to aid SCAP scanning

And potentially wor for container support.
Comment 1 Juan Antonio Osorio 2019-10-30 16:12:56 UTC 
Any chance this could land a little earlier? we need some aspects of this alreday in RHCOS (Red Hat CoreOS). Specifically the change of sample rules directory, and the new ospp.rules .
Comment 4 Steve Grubb 2019-11-04 20:49:33 UTC 
audit-3.0-0.14.20191104git1c2f876 has been built to address this issue.
Comment 14 errata-xmlrpc 2020-04-28 16:46:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1812