Description of problem: The audit package should be rebased in the 5.5 release cycle to the 1.7.16 release. The current change log is here: https://fedorahosted.org/audit/browser/tags/audit-1.7.16/1.8/ChangeLog Since 1.7.13 (RHEL5.4) some of the highlights are: * Allow ausearch/report to specify multiple node names (needed for remote logging) * Make auparse handle empty AUSOURCE_FILE_ARRAY correctly (was segfaulting) * In auditctl rules allow a0-a3 to be negative numbers * Add audit.rules man page * In auditd reset syslog warnings if disk space becomes available * Correct checking of != operator in audit_rule_fieldpair_data * and many remote logging code improvements Version-Release number of selected component (if applicable): audit-1.7.16
audit-1.7.17-1 was built to resolve this issue.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0228.html