Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

1.5. audit

1.5.1. RHBA-2011:0083: bug fix and enhancement update

An updated audit package that fixes various bugs and provides an enhancement is now available for Red Hat Enterprise Linux 5.
The audit package contains the user space utilities for storing and searching the audit records which have been generated by the audit subsystem in the Linux 2.6 kernel.
This update fixes the following bugs:
* 32-bit systems did not behave correctly when an audit rule with a large inode value was added, because of a signed number conversion. With this update, auditctl treats the inode value as an unsigned number. ( BZ#554553)
* The man page and the help interface of the aureport tool contained inconsistencies. Some options were listed on the man pages but not the in help interface, and other options were listed in the help interface but not on the man page. With this update, the appropriate entries are listed on the man page as well as in the help interface of aureport. ( BZ#568677)
* When an ignore directive was included in an audit.rules configuration file, the auditctl utility became unresponsive when attempting to load those rules. With this update, the issue is resolved. ( BZ#607823)
* If a transmission problem occurred while transferring an audit event to an aggregating server with the audisp-remote program, the server could have shut down unexpectedly. The internal buffers overflowed and leaked memory associated with the event that could not be queued. With this update, if the queue is full, events, which cannot be queued, are discarded. ( BZ#649952)
This update also adds the following enhancement:
* With this update, new audit events definitions for the virtualization rebase are added. The new events are VIRT_CONTROL, VIRT_RESOURCE, and VIRT_MACHINE_ID. ( BZ#585356)
All audit users are advised to upgrade to these updated packages, which resolve these issues and add this enhancement.