audit-3.0.8

In auditd, change the reinitializing of the plugin queue. Fix path normalization in auparse. In libaudit, handle ECONNREFUSED for network uid/gid lookups. In audisp-remote, fix hang with disk_low_action=suspend. Drop ProtectHome from auditd.service as it interferes with rules.

audit-3.0.7

Add support for the OPENAT2 record type, update the capabilities and syscall lookup tables to match 5.16 kernel, and reduce dependency from initscripts to initscripts-service

audit-3.0.6

This is a bugfix release that fixes various issues when dealing with corrupted logs, fixes a segfault on some SELINUX_ERR records, makes IPX packet interpretation dependent on the ipx header file existing, adds b32/b64 support to ausyscall, adds support for armv8l, fixes auditctl list of syscalls on PPC, and auditd.service now restarts auditd under some conditions.

audit-3.0.5

In auditd, flush uid/gid caches when user/group added/deleted/modified. Fixed various issues when dealing with corrupted logs. In auditd, check if log_file is valid before closing handle.

audit-3.0.4

This release improves performance of the auparse library. The syscall table was updated to match the 5.14 kernel.

audit-3.0.3

This release improves performance reading events from the kernel. This will put more pressure on plugins, so default q_depth was tripled in size. Check your config, too. The behavior of auparse_feed_has_data in auparse was changed to include incomplete events. Add ProtectHome and RestrictRealtime to auditd.service. Some updates to the ids plugin.

audit-3.0.2

This release fixes a bug in the statsd plugin that caused a crash, updates the syscall tables to the 5.12 kernel, has a big documentation cleanup, and has a big update to the auparse normalizer results. There are various issues found by static analysis cleaned up.

audit-3.0.1

Update syscall table to the 5.11 kernel, Add new --eoe-timeout option to ausearch and aureport, Upgrade libev to 4.33, and update the auparse normalizer for some new syscalls and event types

audit-3.0

This is the long awaited 3.0 major feature release. Most notable item is that audispd is gone. All plugins are run from auditd itself. Please look at the ChangeLog for more details.

audit-2.8.5

This is a bugfix release that cleans up numerous bugs cherry picked from the master branch.