Description of problem:
The audit package has some updates that are expected to be in place for 8.2 common criteria. Updates since 8.1's release include:
* Coverity reported static analysis warnings
* Drop standalone EOE events in auparse
* Add milliseconds column for ausearch extra time csv format
* Fix aureport first event reporting when no start given
* In audisp-remote, add new config item for startup connection errors
* Remove dependency on chkconfig
* Install rules to /usr/share/audit/sample-rules/
* Update ospp.rules to fully meet certification requirements
* Kerberos remote logging fixes
There is also expected to be work to:
* Breakup ospp-42.rules to smaller units to aid SCAP scanning
And potentially wor for container support.
Any chance this could land a little earlier? we need some aspects of this alreday in RHCOS (Red Hat CoreOS). Specifically the change of sample rules directory, and the new ospp.rules .
audit-3.0-0.14.20191104git1c2f876 has been built to address this issue.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.