Red Hat Bugzilla – Bug 1476406
Audit package rebase
Last modified: 2018-04-10 08:20:11 EDT
Description of problem:
The audit package needs to be rebased to pick up various bug fixes, support kernel work, and to add a few new capabilities.
Bugs that are currently fixed and need picked up:
* Auparse python bindings had numerous issues: returns codes not right, add bindings for auparse_nomalize_subject_kind, AUSOURCE_DESCRIPTOR data source was not working (important for audisp plugin use),
* Auparse had issues with: doing unnecessary euid check, and some adjustments in auparse_normalize
* aureport was missing anom_abend & seccomp events in anomaly report, it was also not reporting the auid in the login report
* Auditd would not start if a domain name could not be verified for mail delivery, this needed to be optional in case the DNS entry had no A record. The umask was not being restored after creating a log file. Auditd was making audispd exit when it was in enriched mode and client machines were in raw mode. Audispd saw malformed records.
Items scheduled to round out the audit system:
* Auparse_normalizer adjustments to support kernel events missing expected fields.
* Ausearch text mode output adjustments for clarity
* Support for new FANOTIFY Auxiliary record
* Fix remote logging protocol bug where they won't reconnect
* Work up individual queues for audisp plugins so one slow plugin can't backup auditd queues.
* Fix both bz filed against auvirt
* Work on non-equality comparisons for ausearch API of auparse.
* Plus bugs reported as people start to use the new audit enhancements for 7.4.
audit-2.8-1.el7 was built to resolve this issue.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.