Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 1559032 - Rebase audit package to 2.8.4 to pick up bug fixes
Rebase audit package to 2.8.4 to pick up bug fixes
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit (Show other bugs)
7.5
All Linux
medium Severity medium
: rc
: ---
Assigned To: Steve Grubb
Ondrej Moriš
Mirek Jahoda
: Rebase
Depends On:
Blocks: 1553233
  Show dependency treegraph
 
Reported: 2018-03-21 10:40 EDT by Steve Grubb
Modified: 2018-10-30 07:29 EDT (History)
5 users (show)

See Also:
Fixed In Version: audit-2.8.4-2.el7
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
_audit_ rebased to 2.8.4 The _audit_ packages have been upgraded to upstream version 2.8.4, which provides a number of bug fixes and enhancements over the previous version. Notable changes include: * Added support for dumping internal state. You can now run the "service auditd state" command to see information about the *Audit* daemon. * Added support for the `SOFTWARE_UPDATE` event generated by the *rpm* and *yum* tools. * Allowed unlimited retries during a remote logging startup. This helps to start even if the aggregating server is not running when a client is booted. * Improved IPv6 remote logging.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-10-30 07:28:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3237 None None None 2018-10-30 07:29 EDT

  None (edit)
Description Steve Grubb 2018-03-21 10:40:22 EDT
Description of problem:
Upstream audit  has fixed a number of bugs. The changelog is not very big. Its very close to what was done for RHEL 7.5.

2.8.3
- Correct msg function name in lru debug code
- Fix a segfault in auditd when dns resolution isn't available
- Make a reload legacy service for auditd
- In auparse python bindings, expose some new types that were missing
- In normalizer, pickup subject kind for user_login events
- Fix interpretation of unknown ioctcmds (#1540507)
- Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, & RESP_ORIGIN_BLOCK_TIMED events
- In auparse_normalize for USER_LOGIN events, map acct for subj_kind
- Fix logging of IPv6 addresses in DAEMON_ACCEPT events (#1534748)
- Do not rotate auditd logs when num_logs < 2 (brozs)

2.8.2
- Update tables for 4.14 kernel
- Fixup ipv6 server side binding
- AVC report from aureport was missing result column header (#1511606)
- Add SOFTWARE_UPDATE event
- In ausearch/report pickup any path and new-disk fields as a file
- Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
- In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
- Fix building on old systems without linux/fanotify.h
- Fix shell portability issues reported by shellcheck
- Auditd validate_email should not use gethostbyname

Additional info:
audit-2.8.3 is in F27 & F28 right now.
Comment 1 Steve Grubb 2018-04-09 09:13:22 EDT
Also, these should be picked up in a rebase:

- Generate checkpoint file even when not results are returned (Burn Alting)
- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
- Use SIGCONT to dump auditd internal state (#1504251)
- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
Comment 5 Steve Grubb 2018-06-20 09:57:02 EDT
audit-2.8.4-1.el7 has been built to address this issue.
Comment 14 errata-xmlrpc 2018-10-30 07:28:31 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3237

Note You need to log in before you can comment on or make changes to this bug.