Bug 483608 - audit updates for 5.4
audit updates for 5.4
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
5.4
All Linux
medium Severity medium
: rc
: ---
Assigned To: Steve Grubb
BaseOS QE
: Rebase
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-02 11:15 EST by Steve Grubb
Modified: 2009-09-02 05:50 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
The audit package has been updated to version 1.7.13. This update provides many bugfixes and enhancements, most notably: * audit can now handle interlaced records. * On bi-arch systems, a warning is now emitted if audit rules do not cover both 64 & 32 bit system calls of the same name. This warning is designed to assist troubleshooting audit rules.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 05:50:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2009-02-02 11:15:57 EST
Description of problem:
The audit system needs some updates for the 5.4 release:

1) The user space audit tools cannot handle interlaced records
2) The display of TTY audit events doesn't work too well
3) Remote logging needs many improvements
4) On busy systems, loop a few times when checking for the event ACK
5) On biarch system, warn if audit rules don't cover both 64 & 32 bit syscalls
6) Add definitions for crypto events
7) Fix regression where msgtype couldn't be used for a range of types
Comment 5 Steve Grubb 2009-04-14 14:41:47 EDT
There was another bz filed, 495711, which found a regression in the audit rules. Need to make sure that errata testing includes running the SGI test suite from their eval since it caught the problem. The current upstream audit package has this bug fixed, but we just need to make sure it stays fixed.
Comment 6 Steve Grubb 2009-04-22 17:26:45 EDT
audit-1.7.13-1 was built for this issue.
Comment 11 Steve Grubb 2009-06-26 12:05:36 EDT
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
The audit package was rebased to the newer upstream version 1.7.13. A couple of the bug fixes that it provides include:

* The user space audit tools could not handle interlaced records.

* On biarch system, a warning is now emitted if audit rules don't cover both 64 & 32 bit syscalls of the same name. This is to aid in finding rules that are not auditing what was intended.
Comment 12 Ryan Lerch 2009-06-29 00:16:58 EDT
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,5 +1,5 @@
-The audit package was rebased to the newer upstream version 1.7.13. A couple of the bug fixes that it provides include:
+The audit package has been updated to version 1.7.13. This update provides many bugfixes and enhancements, most notably:
 
-* The user space audit tools could not handle interlaced records.
+* audit can now handle interlaced records.
 
-* On biarch system, a warning is now emitted if audit rules don't cover both 64 & 32 bit syscalls of the same name. This is to aid in finding rules that are not auditing what was intended.+* On bi-arch systems, a warning is now emitted if audit rules do not cover both 64 & 32 bit system calls of the same name. This warning is designed  to assist troubleshooting audit rules.
Comment 15 errata-xmlrpc 2009-09-02 05:50:23 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1303.html

Note You need to log in before you can comment on or make changes to this bug.