Skip to navigation

Bug Fix Advisory audit bug fix and enhancement update

Advisory: RHBA-2012:0265-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-02-20
Last updated on: 2012-02-20
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated audit packages that fix multiple bugs and add various enhancements are
now available for Red Hat Enterprise Linux 5.

The audit packages contain the user space utilities for storing and searching
the audit records generated by the audit subsystem in the Linux 2.6 kernel.

The audit packages have been upgraded to upstream version 1.8, which provides a
number of bug fixes and enhancements over the previous version. (BZ#697013)

This update fixes the following bugs:

* When the auditd daemon was in immutable mode and was restarted, the following
message appeared: "The audit system is in immutable mode, no rules loaded". This
message was not clear and was misleading. The message has been therefore
improved to "The audit system is in immutable mode, no changes allowed".
(BZ#654883)

* The audit.rules(7) and auditctl(8) manual pages were not consistent in the
order of the "action" and "list" fields for the "-a" option. The auditctl(8)
manual page has been modified to inform users that the fields can be used in
either order. (BZ#671261)

* Previously, the autrace utility was not aware of system calls being not
available on certain architectures. As a consequence, running the "autrace -r"
command on the IBM System z, 64-bit PowerPC, and 32-bit Intel architectures
failed to insert audit rules. With this update, autrace is aware of system calls
not being available on the aforementioned architectures, and audit rules are now
successfully inserted. (BZ#702279)

* System processes, this means processes with an audit id (auid) of -1, are
logged by the audit subsystem. However, if the ausearch utility was used to
locate events where the auid was -1, all events were displayed. With this
update, the ausearch utility now correctly returns only events with an auid of
-1. (BZ#706156)

This update also adds the following enhancement:

* This update adds a new option to the configuration of the audisp syslog
plug-in, which allows the plug-in to send syslog audit events to local syslog
facilities. (BZ#667536)

All users of audit are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
audit-1.8-2.el5.src.rpm     MD5: aa01b36af1f34afb63c3b0c2a0003816
SHA-256: cd1023080651e0fef2532123e20b132f8fe7f09a8d10f33c6c1b697fd1f4a9e1
 
IA-32:
audit-libs-devel-1.8-2.el5.i386.rpm     MD5: 7a91759bd2d188407222d6c690d1cec9
SHA-256: 7cc09817311987572f01a53c757b7f383164cd32fc7bcc6932bd05e0abb9f5ab
 
x86_64:
audit-libs-devel-1.8-2.el5.i386.rpm     MD5: 7a91759bd2d188407222d6c690d1cec9
SHA-256: 7cc09817311987572f01a53c757b7f383164cd32fc7bcc6932bd05e0abb9f5ab
audit-libs-devel-1.8-2.el5.x86_64.rpm     MD5: b5f21c0117a8e9bcd92854de455f7f08
SHA-256: 0da566d64c85e82d7b2a0d634cc739b27e734e0863e0ba1ea7e1433c609969c2
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
audit-1.8-2.el5.src.rpm     MD5: aa01b36af1f34afb63c3b0c2a0003816
SHA-256: cd1023080651e0fef2532123e20b132f8fe7f09a8d10f33c6c1b697fd1f4a9e1
 
IA-32:
audispd-plugins-1.8-2.el5.i386.rpm     MD5: f262dc1f508ada64cfe4a67e9e169213
SHA-256: 83a298586a35bd5f01fa29b71927b878a82a95d9fbd82ea5f47abd00a4685240
audit-1.8-2.el5.i386.rpm     MD5: 645cd2b2a4958f6cd76126f56d9b1400
SHA-256: 64d36a22c097f3776921de8dbdc890ad6ca454036c581428dfe897f061647554
audit-libs-1.8-2.el5.i386.rpm     MD5: 21b3fe5088a4415c3cf21b1cd2f548cf
SHA-256: 431038b7f85bc32e6968681cf52ca8bb289c1e91012f74ee2ece1cf2820bbdb2
audit-libs-devel-1.8-2.el5.i386.rpm     MD5: 7a91759bd2d188407222d6c690d1cec9
SHA-256: 7cc09817311987572f01a53c757b7f383164cd32fc7bcc6932bd05e0abb9f5ab
audit-libs-python-1.8-2.el5.i386.rpm     MD5: e17cbe501b38031a07c8001e31415b6b
SHA-256: e5c60fde00db881866f2a8af29a410513a305ac85460446349f719c70f1f9776
system-config-audit-0.4.10-7.el5.i386.rpm     MD5: 350905dbfef74de86732a7280283ced3
SHA-256: 39e8f5fd4dd19d42fd7814f094bd5d0ab2e5eff0c9b3ddf16219f0651043b575
 
IA-64:
audispd-plugins-1.8-2.el5.ia64.rpm     MD5: 6c999493de44c9406adf0d6e28e0e3a6
SHA-256: 2d3d9aeccbdb298326821dd1acd69a3d777008c665843e9ea6487ad215a3ac14
audit-1.8-2.el5.ia64.rpm     MD5: 3adc1856c884a0f3ebba0383c4448736
SHA-256: 9bd8221b0c8be6e23c1bbc709a9001f23836028ffc3f63b86929f523afd4e649
audit-libs-1.8-2.el5.i386.rpm     MD5: 21b3fe5088a4415c3cf21b1cd2f548cf
SHA-256: 431038b7f85bc32e6968681cf52ca8bb289c1e91012f74ee2ece1cf2820bbdb2
audit-libs-1.8-2.el5.ia64.rpm     MD5: d1869cd51c5da5de08d26c9cfdf9a7b7
SHA-256: 46465ebf27ed187d217b81b5b8683d5fced38134faae38c5e5bd7e5326dc4e09
audit-libs-devel-1.8-2.el5.ia64.rpm     MD5: dd4c166668f5f2248588bea4ee87b2b2
SHA-256: 629b8c3a9d1f5926b2070f07a0f0289c73180b72ecab239a2fee067bed955553
audit-libs-python-1.8-2.el5.ia64.rpm     MD5: 95f61e1a8995b79bdd02534cb1e73ee6
SHA-256: e6f8df992025efb63b7d7f75e7c3c4502051ece960cda7f0896bd046893eea23
system-config-audit-0.4.10-7.el5.ia64.rpm     MD5: baed8d8751ea0f495c2b3c527415adf5
SHA-256: b5036ca04d3e4da5bba648afbdb440633872b81d9ee78deaa16df4ab3c223a0f
 
PPC:
audispd-plugins-1.8-2.el5.ppc.rpm     MD5: f339ca7ae6be36ea4015b3cb1c5870cf
SHA-256: 1f2d044f0217f0dbcccac9d018639f7755ad05e048e3a4d7cafb94f14b3aefac
audit-1.8-2.el5.ppc.rpm     MD5: e5f9f797e1d0e5b3a02eaf4a20fb4ed7
SHA-256: d2f5ffb164910999cfa7f13015cc4d30e7961cc4a2a351d39dda3bdc8516057e
audit-libs-1.8-2.el5.ppc.rpm     MD5: 783752d8b5b855c3aa9aa97e875d42ac
SHA-256: 3fda999ed011a578714d68d51f2488e321587b9527c90a9b13d099d9578cab10
audit-libs-1.8-2.el5.ppc64.rpm     MD5: 4765dd288a173f5fdf96f08e0a0e91ac
SHA-256: b2f6e0e4ac12bd6074d8ccdf7ae9b12d0a59553acfb7475ad5aa8e3acc48151f
audit-libs-devel-1.8-2.el5.ppc.rpm     MD5: 2cdd77a0256588e24fcdd852a26a63c1
SHA-256: 08f3ead570f06ea29e9605dba51d0aa2737e2aac64655f8b669ea8b33750f532
audit-libs-devel-1.8-2.el5.ppc64.rpm     MD5: eb2821f17e90f4fe40409d8f066dbbc0
SHA-256: 0ec347a1945b6d5f711283b62ebf7451898b7d5b61a85db4d421cebf2846353a
audit-libs-python-1.8-2.el5.ppc.rpm     MD5: c49b2ca41a7bb5559e3d2c4f9da2c071
SHA-256: 2d26345b55aa898b97b339ca97dcadeef24da68b07365b0510747696a5a6fa18
system-config-audit-0.4.10-7.el5.ppc.rpm     MD5: d95e99b67f37f7f68c738b85a339c090
SHA-256: 1be10f73d2f92a854a474bed20bba95f08538b7016b661e2456390dbad1a68f3
 
s390x:
audispd-plugins-1.8-2.el5.s390x.rpm     MD5: a599b143cb8384f61425e25a7d1726a6
SHA-256: 4c7f41769bf6cbe8dd5d25fac568d294c0aa8c8e48540f54dee425e31e2d0f52
audit-1.8-2.el5.s390x.rpm     MD5: d1b9fc89bf739a544805cd6428961e94
SHA-256: 36ad4183be0cdf72188702e57b45bf6aca9fafdb080e8a117486ee512a9a0aed
audit-libs-1.8-2.el5.s390.rpm     MD5: 88655df548b30b07676e9d49fd7de806
SHA-256: b7880767ba552f85209b628c4822b0957ee955ced703f4632763aa93eb9898da
audit-libs-1.8-2.el5.s390x.rpm     MD5: b6541536d40efea758d44afe53500d42
SHA-256: c4b56d486131a109b5addb17e01146ae60209fe2a77f78b3d83f9f647ad0c2c2
audit-libs-devel-1.8-2.el5.s390.rpm     MD5: 10ad7196576ba34f875d792ec723ef3d
SHA-256: ee355433306d033040a84f6a4fbd899545b10f111884e92655142d6d5d616931
audit-libs-devel-1.8-2.el5.s390x.rpm     MD5: c9135b78124f9040c6d639fbe1be97a2
SHA-256: aa55281cc14dc1421640a9c0c0dc02b1be55d84ecd0298e1f85b207fdfa65f9b
audit-libs-python-1.8-2.el5.s390x.rpm     MD5: 6081335417515a10a5de740565436713
SHA-256: 5067cde242461efa45a48bbd806158a4dde76f14aae77d5e0f1d3de4175cde07
system-config-audit-0.4.10-7.el5.s390x.rpm     MD5: 91e5b17c64bf03cc804448438997dbd6
SHA-256: 6cb3571deacb002551f8711b94bcd8a37dedc61ba3ac77232987963d4a729a99
 
x86_64:
audispd-plugins-1.8-2.el5.x86_64.rpm     MD5: c354bfbf02a6f23c4f49cf982aaf0ac1
SHA-256: 8dc6121d0b81da69e7617d19b59e99d6125048c8852d96d8e0468f648590401d
audit-1.8-2.el5.x86_64.rpm     MD5: 739ef0edd2293d9d2af01d516126003a
SHA-256: 4e56dc5801f44aefedeb232636ade198970738333d093d8ae1e24f09d88fbc04
audit-libs-1.8-2.el5.i386.rpm     MD5: 21b3fe5088a4415c3cf21b1cd2f548cf
SHA-256: 431038b7f85bc32e6968681cf52ca8bb289c1e91012f74ee2ece1cf2820bbdb2
audit-libs-1.8-2.el5.x86_64.rpm     MD5: 536f8f462204a9ae2a4c647ec3c77715
SHA-256: d34fb34f006326ca32f4c212a36de9c0b549db908aa0fabb9112a06518180969
audit-libs-devel-1.8-2.el5.i386.rpm     MD5: 7a91759bd2d188407222d6c690d1cec9
SHA-256: 7cc09817311987572f01a53c757b7f383164cd32fc7bcc6932bd05e0abb9f5ab
audit-libs-devel-1.8-2.el5.x86_64.rpm     MD5: b5f21c0117a8e9bcd92854de455f7f08
SHA-256: 0da566d64c85e82d7b2a0d634cc739b27e734e0863e0ba1ea7e1433c609969c2
audit-libs-python-1.8-2.el5.x86_64.rpm     MD5: 15f4824ac753b10b5621ea2e8809f26c
SHA-256: 3b3de7a0515747800fd3e804af0307ad3852d0328353fc5f3cb29dd16d0105b7
system-config-audit-0.4.10-7.el5.x86_64.rpm     MD5: afa8e98fa5a6ca1129460ac251da53a0
SHA-256: 784a170f5cd55a5f4dab2ada1cc23ecd8a520f582826cd5f73c3d1fba93607d4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
audit-1.8-2.el5.src.rpm     MD5: aa01b36af1f34afb63c3b0c2a0003816
SHA-256: cd1023080651e0fef2532123e20b132f8fe7f09a8d10f33c6c1b697fd1f4a9e1
 
IA-32:
audispd-plugins-1.8-2.el5.i386.rpm     MD5: f262dc1f508ada64cfe4a67e9e169213
SHA-256: 83a298586a35bd5f01fa29b71927b878a82a95d9fbd82ea5f47abd00a4685240
audit-1.8-2.el5.i386.rpm     MD5: 645cd2b2a4958f6cd76126f56d9b1400
SHA-256: 64d36a22c097f3776921de8dbdc890ad6ca454036c581428dfe897f061647554
audit-libs-1.8-2.el5.i386.rpm     MD5: 21b3fe5088a4415c3cf21b1cd2f548cf
SHA-256: 431038b7f85bc32e6968681cf52ca8bb289c1e91012f74ee2ece1cf2820bbdb2
audit-libs-python-1.8-2.el5.i386.rpm     MD5: e17cbe501b38031a07c8001e31415b6b
SHA-256: e5c60fde00db881866f2a8af29a410513a305ac85460446349f719c70f1f9776
system-config-audit-0.4.10-7.el5.i386.rpm     MD5: 350905dbfef74de86732a7280283ced3
SHA-256: 39e8f5fd4dd19d42fd7814f094bd5d0ab2e5eff0c9b3ddf16219f0651043b575
 
x86_64:
audispd-plugins-1.8-2.el5.x86_64.rpm     MD5: c354bfbf02a6f23c4f49cf982aaf0ac1
SHA-256: 8dc6121d0b81da69e7617d19b59e99d6125048c8852d96d8e0468f648590401d
audit-1.8-2.el5.x86_64.rpm     MD5: 739ef0edd2293d9d2af01d516126003a
SHA-256: 4e56dc5801f44aefedeb232636ade198970738333d093d8ae1e24f09d88fbc04
audit-libs-1.8-2.el5.i386.rpm     MD5: 21b3fe5088a4415c3cf21b1cd2f548cf
SHA-256: 431038b7f85bc32e6968681cf52ca8bb289c1e91012f74ee2ece1cf2820bbdb2
audit-libs-1.8-2.el5.x86_64.rpm     MD5: 536f8f462204a9ae2a4c647ec3c77715
SHA-256: d34fb34f006326ca32f4c212a36de9c0b549db908aa0fabb9112a06518180969
audit-libs-python-1.8-2.el5.x86_64.rpm     MD5: 15f4824ac753b10b5621ea2e8809f26c
SHA-256: 3b3de7a0515747800fd3e804af0307ad3852d0328353fc5f3cb29dd16d0105b7
system-config-audit-0.4.10-7.el5.x86_64.rpm     MD5: afa8e98fa5a6ca1129460ac251da53a0
SHA-256: 784a170f5cd55a5f4dab2ada1cc23ecd8a520f582826cd5f73c3d1fba93607d4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

654883 - service auditd restart output in immutable mode is not clear.
671261 - auditctl and audit.rules man pages inconsistent on -a option
697013 - audit package rebase
702279 - "autrace -r /bin/ls" fails to insert audit rules on s390x, ppc64 and i386
706156 - searching on auid = -1 results in all events



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/