1757986 – Rebase audit package on 8.2 for updates

Bug 1757986 - Rebase audit package on 8.2 for updates

Summary: Rebase audit package on 8.2 for updates

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	audit
Sub Component:
Version:	---
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	8.2
Assignee:	Steve Grubb
QA Contact:	Ondrej Moriš
Docs Contact:	Mirek Jahoda
URL:
Whiteboard:
Depends On:
Blocks:	1746025
TreeView+	depends on / blocked

Reported:	2019-10-02 21:32 UTC by Steve Grubb
Modified:	2020-04-28 16:47 UTC (History)
CC List:	3 users (show)
Fixed In Version:	audit-3.0-0.17.20191104git1c2f876
Doc Type:	Enhancement
Doc Text:	.`audit` rebased to version 3.0-0.14 The `audit` packages have been upgraded to upstream version 3.0-0.14, which provides many bug fixes and enhancements over the previous version, most notably: * Added an option to interpret fields in the syslog plugin * Divided the `30-ospp-v42.rules` file into more granular files * Moved example rules to the `/usr/share/audit/sample-rules/` directory * Fixed Audit KRB5 transport mode for remote logging
Clone Of:
Environment:
Last Closed:	2020-04-28 16:46:58 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:1812	0	None	None	None	2020-04-28 16:47:05 UTC

Description Steve Grubb 2019-10-02 21:32:14 UTC

Description of problem:
The audit package has some updates that are expected to be in place for 8.2 common criteria. Updates since 8.1's release include:

* Coverity reported static analysis warnings
* Drop standalone EOE events in auparse
* Add milliseconds column for ausearch extra time csv format
* Fix aureport first event reporting when no start given
* In audisp-remote, add new config item for startup connection errors
* Remove dependency on chkconfig
* Install rules to /usr/share/audit/sample-rules/
* Update ospp.rules to fully meet certification requirements
* Kerberos remote logging fixes


There is also expected to be work to:
* Breakup ospp-42.rules to smaller units to aid SCAP scanning

And potentially wor for container support.

Comment 1 Juan Antonio Osorio 2019-10-30 16:12:56 UTC

Any chance this could land a little earlier? we need some aspects of this alreday in RHCOS (Red Hat CoreOS). Specifically the change of sample rules directory, and the new ospp.rules .

Comment 4 Steve Grubb 2019-11-04 20:49:33 UTC

audit-3.0-0.14.20191104git1c2f876 has been built to address this issue.

Comment 14 errata-xmlrpc 2020-04-28 16:46:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1812

Note You need to log in before you can comment on or make changes to this bug.