Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.11. audit

Updated audit packages that fix various bugs and add several enhancements are now available for Red Hat Enterprise Linux 6.
The audit packages contain the user space utilities for storing and searching the audit records which have been generated by the audit subsystem in the Linux 2.6 kernel.
The audit package has been upgraded to upstream version 2.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#731723)

Bug Fixes

Previously, the audit daemon was logging messages even when configured to ignore "disk full" and "disk error" actions. With this update, audit now does nothing if it is set to ignore these actions, and no messages are logged in the described scenario.
Previously, the Audit remote logging client received a "disk error" event instead of "disk full" event from a server when the server's disk space ran out. This bug has been fixed and the logging client now returns the correct event in the described scenario.
Prior to this update, the audit system was identifying the accept4() system call as the now deprecated paccept() system call. Now, the code has been fixed and audit uses the correct identifier for the accept4() system call.
Previously, the "auditctl -l" command returned 0 even if it failed because of dropped capabilities. This bug has been fixed and a non-zero value is now returned if the operation is not permitted.
When Kerberos support was disabled, some configuration options in the audisp-remote.conf file related to Kerberos 5 generated warning messages about GSSAPI support during boot. With this update, the options are now commented out in the described scenario and the messages are no longer returned.
On i386 and IBM System z architectures, the "autrace -r /bin/ls" command returned error messages even though all relevant rules were added correctly. This bug has been fixed and no error messages about sending add rule data requests are now returned in the described scenario.
All audit users are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.