Bug 1757986 - Rebase audit package on 8.2 for updates
Summary: Rebase audit package on 8.2 for updates
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: audit
Version: ---
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.2
Assignee: Steve Grubb
QA Contact: Ondrej Moriš
Mirek Jahoda
Depends On:
Blocks: 1746025
TreeView+ depends on / blocked
Reported: 2019-10-02 21:32 UTC by Steve Grubb
Modified: 2020-04-28 16:47 UTC (History)
3 users (show)

Fixed In Version: audit-3.0-0.17.20191104git1c2f876
Doc Type: Enhancement
Doc Text:
.`audit` rebased to version 3.0-0.14 The `audit` packages have been upgraded to upstream version 3.0-0.14, which provides many bug fixes and enhancements over the previous version, most notably: * Added an option to interpret fields in the syslog plugin * Divided the `30-ospp-v42.rules` file into more granular files * Moved example rules to the `/usr/share/audit/sample-rules/` directory * Fixed Audit KRB5 transport mode for remote logging
Clone Of:
Last Closed: 2020-04-28 16:46:58 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:1812 0 None None None 2020-04-28 16:47:05 UTC

Description Steve Grubb 2019-10-02 21:32:14 UTC
Description of problem:
The audit package has some updates that are expected to be in place for 8.2 common criteria. Updates since 8.1's release include:

* Coverity reported static analysis warnings
* Drop standalone EOE events in auparse
* Add milliseconds column for ausearch extra time csv format
* Fix aureport first event reporting when no start given
* In audisp-remote, add new config item for startup connection errors
* Remove dependency on chkconfig
* Install rules to /usr/share/audit/sample-rules/
* Update ospp.rules to fully meet certification requirements
* Kerberos remote logging fixes

There is also expected to be work to:
* Breakup ospp-42.rules to smaller units to aid SCAP scanning

And potentially wor for container support.

Comment 1 Juan Antonio Osorio 2019-10-30 16:12:56 UTC
Any chance this could land a little earlier? we need some aspects of this alreday in RHCOS (Red Hat CoreOS). Specifically the change of sample rules directory, and the new ospp.rules .

Comment 4 Steve Grubb 2019-11-04 20:49:33 UTC
audit-3.0-0.14.20191104git1c2f876 has been built to address this issue.

Comment 14 errata-xmlrpc 2020-04-28 16:46:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.