Bug 1476406 - Audit package rebase
Audit package rebase
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Steve Grubb
Ondrej Moriš
Mirek Jahoda
: Rebase
Depends On: 982154 1101605 1399314 1406887 1448526 1455598 1475998 1478516 1478533 1478543 1479911 1479914 1482121 1487352 929234 968303 1478517 1478521 1478528
Blocks: 1490387
  Show dependency treegraph
Reported: 2017-07-28 17:53 EDT by Steve Grubb
Modified: 2018-03-14 11:40 EDT (History)
4 users (show)

See Also:
Fixed In Version: audit-2.8.1-2.el7
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
_audit_ rebased to version 2.8.1 The _audit_ packages have been upgraded to upstream version 2.8.1, which provides a number of bug fixes and enhancements over the previous version. Notable changes are: * Added support for ambient capability fields. * The *Audit* daemon now works also on IPv6. * Added the default port to the `auditd.conf` file. * Fixed the *auvirt* tool to report Access Vector Cache (AVC) messages.
Story Points: ---
Clone Of:
: 1490387 (view as bug list)
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2017-07-28 17:53:46 EDT
Description of problem:
The audit package needs to be rebased to pick up various bug fixes, support kernel work, and to add a few new capabilities.

Bugs that are currently fixed and need picked up:
* Auparse python bindings had numerous issues: returns codes not right, add bindings for auparse_nomalize_subject_kind, AUSOURCE_DESCRIPTOR data source was not working (important for audisp plugin use), 
* Auparse had issues with: doing unnecessary euid check, and some adjustments in auparse_normalize
* aureport was missing anom_abend & seccomp events in anomaly report, it was also not reporting the auid in the login report
* Auditd would not start if a domain name could not be verified for mail delivery, this needed to be optional in case the DNS entry had no A record. The umask was not being restored after creating a log file. Auditd was making audispd exit when it was in enriched mode and client machines were in raw mode. Audispd saw malformed records.

Items scheduled to round out the audit system:
* Auparse_normalizer adjustments to support kernel events missing expected fields.
* Ausearch text mode output adjustments for clarity
* Support for new FANOTIFY Auxiliary record
* Fix remote logging protocol bug where they won't reconnect
* Work up individual queues for audisp plugins so one slow plugin can't backup auditd queues.
* Fix both bz filed against auvirt
* Work on non-equality comparisons for ausearch API of auparse.
* Plus bugs reported as people start to use the new audit enhancements for 7.4.
Comment 1 Steve Grubb 2017-10-10 16:01:37 EDT
audit-2.8-1.el7 was built to resolve this issue.

Note You need to log in before you can comment on or make changes to this bug.