- Issued:
- 2009-01-20
- Updated:
- 2009-01-20
RHEA-2009:0199 - Product Enhancement Advisory
Synopsis
audit enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated audit packages, which include a new remote log aggregation feature
among other enhancements, are now available.
Description
The audit packages contain user-space utilities for storing and searching
the audit records generated by the audit subsystem in the Linux 2.6 kernel.
These updated packages upgrade the auditd daemon and its utilities to the
newer upstream version 1.7.7, which provides the following enhancements
over the previous version:
- the auditctl program, which is used to control the behavior of the audit
subsystem, now supports multiple keys in the audit rules.
- a new utility, ausyscall, which is used to cross-reference syscall name
and number information, is now provided in these updated packages.
- the aureport program has been enhanced to provide reports about keys it
sees in audit events.
- event log parsing for the ausearch and aureport programs has been improved.
- a sample STIG rules file, named "stig.rules", is newly provided in these
updated packages. This file contains the auditctl rules which are loaded
whenever the audit daemon is started by init scripts.
In addition to the listed enhancements, these updated audit packages also
include a new feature to allow a server to aggregate the logs of remote
systems. The following instructions can be followed to enable this feature:
1. The audispd-plugins package should be installed on all clients (but
need not be installed on the server), and the parameters for
"remote_server" and "port" should be set in the
/etc/audisp/audisp-remote.conf configuration file.
2. On the server, which aggregates the logs, the "tcp_listen_port"
parameter in the /etc/audit/auditd.conf file must be set to the same port
number as the clients.
3. Because the auditd daemon is protected by SELinux, semanage (the
SELinux policy management tool) must also have the same port listed in its
database. If the server and client machines had all been configured to use
port 1000, for example, then running this command would accomplish this:
semanage port -a -t audit_port_t -p tcp 1000
4. The final step in configuring remote log aggregation is to edit the
/etc/hosts.allow configuration file to inform tcp_wrappers which machines
or subnets the auditd daemon should allow connections from.
Users of audit are advised to upgrade to these updated packages, which add
these enhancements.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 446080 - Audit updates for 5.3
- BZ - 476009 - Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
audit-1.7.7-6.el5.src.rpm | SHA-256: 1420fd757b1db271ea39bb04ccb93997fbd7be03bae9e448f1bc7412b092d840 |
x86_64 | |
audispd-plugins-1.7.7-6.el5.x86_64.rpm | SHA-256: 7027ef980c4bfc81eebcff8d5990daa40e7b3a3b8ac82ac657b134f5ec38eb19 |
audit-1.7.7-6.el5.x86_64.rpm | SHA-256: e9694990e10568b1171af8105bc6a93179eec67fc28b659bdbfe2baab9eff3c5 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-1.7.7-6.el5.x86_64.rpm | SHA-256: f9499e8fa2a6b8ec190593fd037fbb4c24a5cae10df4564a79f8ee16cd15df7a |
audit-libs-devel-1.7.7-6.el5.i386.rpm | SHA-256: d502f512bb5abe37b56f694cd211561d18129038cb081280174c24681044fcb5 |
audit-libs-devel-1.7.7-6.el5.x86_64.rpm | SHA-256: babf9414faddef75f4938739a2e233339e80c0d343fd75e227e0b0a07205a381 |
audit-libs-python-1.7.7-6.el5.x86_64.rpm | SHA-256: 0a46fde91568cde7918dc70e374d32fe86f84e2eb236e22edf541ec7567c6b91 |
system-config-audit-0.4.8-6.el5.x86_64.rpm | SHA-256: a8d89ed371aa4f1c010aea470eead303c032a68a08b7294dc27d45530b0e45a8 |
ia64 | |
audispd-plugins-1.7.7-6.el5.ia64.rpm | SHA-256: 3902d6792541cc18c6cc5fb129d25b95233b14298657365fdf25a009a9696f0a |
audit-1.7.7-6.el5.ia64.rpm | SHA-256: 6c8af6ad7f3d71219e2e655cc4bbc49261572016668acc0a23fd21e04c10c780 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-1.7.7-6.el5.ia64.rpm | SHA-256: 5ab545e37a7184df9b61f067aed54894ea13802301003c6026591b8ee4ef10c0 |
audit-libs-devel-1.7.7-6.el5.ia64.rpm | SHA-256: da2765d76041ed87940a937e69ee2631dc4bd8974beabca6f4140e8bc7b51e49 |
audit-libs-python-1.7.7-6.el5.ia64.rpm | SHA-256: e6eb4b6230a00041c1120e043580f4c5d0c50cd16b54d611321007c0df421857 |
system-config-audit-0.4.8-6.el5.ia64.rpm | SHA-256: 1e4f8493289d0fcfc85b24a79b1cd66d31a02fc4f4f4d20ee6172b9412c7b491 |
i386 | |
audispd-plugins-1.7.7-6.el5.i386.rpm | SHA-256: 2840c4fac9f6051c6ecf069a0f31d8f1c485dafd8b01f441271e4e62a32ff8cc |
audit-1.7.7-6.el5.i386.rpm | SHA-256: 4a3aee15ee9efc4e2bc1158ac3f6c2eb22acd2a60c39c4e670615b7729718290 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-devel-1.7.7-6.el5.i386.rpm | SHA-256: d502f512bb5abe37b56f694cd211561d18129038cb081280174c24681044fcb5 |
audit-libs-python-1.7.7-6.el5.i386.rpm | SHA-256: 4baa706032c4a7feeeb6e3022cb628c5222e06c6748dfc9fc33e7c46445f3842 |
system-config-audit-0.4.8-6.el5.i386.rpm | SHA-256: 99c47e9e65bcff5dda47c5d81c9297089e52e1c3ff7410201cb02175dfa1e978 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
audit-1.7.7-6.el5.src.rpm | SHA-256: 1420fd757b1db271ea39bb04ccb93997fbd7be03bae9e448f1bc7412b092d840 |
x86_64 | |
audispd-plugins-1.7.7-6.el5.x86_64.rpm | SHA-256: 7027ef980c4bfc81eebcff8d5990daa40e7b3a3b8ac82ac657b134f5ec38eb19 |
audit-1.7.7-6.el5.x86_64.rpm | SHA-256: e9694990e10568b1171af8105bc6a93179eec67fc28b659bdbfe2baab9eff3c5 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-1.7.7-6.el5.x86_64.rpm | SHA-256: f9499e8fa2a6b8ec190593fd037fbb4c24a5cae10df4564a79f8ee16cd15df7a |
audit-libs-devel-1.7.7-6.el5.i386.rpm | SHA-256: d502f512bb5abe37b56f694cd211561d18129038cb081280174c24681044fcb5 |
audit-libs-devel-1.7.7-6.el5.x86_64.rpm | SHA-256: babf9414faddef75f4938739a2e233339e80c0d343fd75e227e0b0a07205a381 |
audit-libs-python-1.7.7-6.el5.x86_64.rpm | SHA-256: 0a46fde91568cde7918dc70e374d32fe86f84e2eb236e22edf541ec7567c6b91 |
system-config-audit-0.4.8-6.el5.x86_64.rpm | SHA-256: a8d89ed371aa4f1c010aea470eead303c032a68a08b7294dc27d45530b0e45a8 |
i386 | |
audispd-plugins-1.7.7-6.el5.i386.rpm | SHA-256: 2840c4fac9f6051c6ecf069a0f31d8f1c485dafd8b01f441271e4e62a32ff8cc |
audit-1.7.7-6.el5.i386.rpm | SHA-256: 4a3aee15ee9efc4e2bc1158ac3f6c2eb22acd2a60c39c4e670615b7729718290 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-devel-1.7.7-6.el5.i386.rpm | SHA-256: d502f512bb5abe37b56f694cd211561d18129038cb081280174c24681044fcb5 |
audit-libs-python-1.7.7-6.el5.i386.rpm | SHA-256: 4baa706032c4a7feeeb6e3022cb628c5222e06c6748dfc9fc33e7c46445f3842 |
system-config-audit-0.4.8-6.el5.i386.rpm | SHA-256: 99c47e9e65bcff5dda47c5d81c9297089e52e1c3ff7410201cb02175dfa1e978 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
audit-1.7.7-6.el5.src.rpm | SHA-256: 1420fd757b1db271ea39bb04ccb93997fbd7be03bae9e448f1bc7412b092d840 |
x86_64 | |
audispd-plugins-1.7.7-6.el5.x86_64.rpm | SHA-256: 7027ef980c4bfc81eebcff8d5990daa40e7b3a3b8ac82ac657b134f5ec38eb19 |
audit-1.7.7-6.el5.x86_64.rpm | SHA-256: e9694990e10568b1171af8105bc6a93179eec67fc28b659bdbfe2baab9eff3c5 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-1.7.7-6.el5.x86_64.rpm | SHA-256: f9499e8fa2a6b8ec190593fd037fbb4c24a5cae10df4564a79f8ee16cd15df7a |
audit-libs-python-1.7.7-6.el5.x86_64.rpm | SHA-256: 0a46fde91568cde7918dc70e374d32fe86f84e2eb236e22edf541ec7567c6b91 |
system-config-audit-0.4.8-6.el5.x86_64.rpm | SHA-256: a8d89ed371aa4f1c010aea470eead303c032a68a08b7294dc27d45530b0e45a8 |
i386 | |
audispd-plugins-1.7.7-6.el5.i386.rpm | SHA-256: 2840c4fac9f6051c6ecf069a0f31d8f1c485dafd8b01f441271e4e62a32ff8cc |
audit-1.7.7-6.el5.i386.rpm | SHA-256: 4a3aee15ee9efc4e2bc1158ac3f6c2eb22acd2a60c39c4e670615b7729718290 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-python-1.7.7-6.el5.i386.rpm | SHA-256: 4baa706032c4a7feeeb6e3022cb628c5222e06c6748dfc9fc33e7c46445f3842 |
system-config-audit-0.4.8-6.el5.i386.rpm | SHA-256: 99c47e9e65bcff5dda47c5d81c9297089e52e1c3ff7410201cb02175dfa1e978 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
audit-1.7.7-6.el5.src.rpm | SHA-256: 1420fd757b1db271ea39bb04ccb93997fbd7be03bae9e448f1bc7412b092d840 |
s390x | |
audispd-plugins-1.7.7-6.el5.s390x.rpm | SHA-256: b39b21ef30bc1367522a8856c14f1a14a0d5bb39b96ae868bfea4da5075f55cf |
audit-1.7.7-6.el5.s390x.rpm | SHA-256: f2197c7b3a1ff15d3417496ac144690122350c36116dc23deadc425a0c00fded |
audit-libs-1.7.7-6.el5.s390.rpm | SHA-256: d8d472130c8e8e2d3adfc25de0641312624aa92f938493da7e2df1b2f5c39b8a |
audit-libs-1.7.7-6.el5.s390x.rpm | SHA-256: c5e41563bd1aae816d7f397e708b1226cfda509d077a61d6b04039ead18cd123 |
audit-libs-devel-1.7.7-6.el5.s390.rpm | SHA-256: 2ce79f93cd410fa4a40273e5456218279de25215095eb710a67d8de11dd2b9b9 |
audit-libs-devel-1.7.7-6.el5.s390x.rpm | SHA-256: 9a9cc6364895b8cd42e8945a04c99cc9fd187714220bf84751a7e111986bb516 |
audit-libs-python-1.7.7-6.el5.s390x.rpm | SHA-256: 0724484919e2daca70fb87ce8a1b14c530c89bb44a2595e0859b0441c905097b |
system-config-audit-0.4.8-6.el5.s390x.rpm | SHA-256: 6f9ef244e16e7307f7096adc5d1b61d215ac65789521bbd4b617b7d738d46dbe |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
audit-1.7.7-6.el5.src.rpm | SHA-256: 1420fd757b1db271ea39bb04ccb93997fbd7be03bae9e448f1bc7412b092d840 |
ppc | |
audispd-plugins-1.7.7-6.el5.ppc.rpm | SHA-256: c96da57c49ce777c3e258030c0434f92c1051a5f641864b925d9ea5a93afc351 |
audit-1.7.7-6.el5.ppc.rpm | SHA-256: 4aa11694c3caba60fcd0c6141b55bbcf1c3513099bba75a891d05f4ba7c8ea52 |
audit-libs-1.7.7-6.el5.ppc.rpm | SHA-256: 48fbc10ab82d030bfa820b9236304bae825b21dd7d03348e5a33ddbd4a59eb40 |
audit-libs-1.7.7-6.el5.ppc64.rpm | SHA-256: 9dbdbb61d8a03f16943700401b8f65fdbb7aac87a097a379c741aedbb49a914f |
audit-libs-devel-1.7.7-6.el5.ppc.rpm | SHA-256: 8809cba559cdbbe5da185fda48a3352777b2777c3e3028e02f617792ce4acee1 |
audit-libs-devel-1.7.7-6.el5.ppc64.rpm | SHA-256: 4b500758a66ff9d7318f73a6862ae71f69f81d8a42c3facc6519efba27978ba8 |
audit-libs-python-1.7.7-6.el5.ppc.rpm | SHA-256: 8b88a6dcfc0b98c33120b9be0378953bc034264808756f798ef9b4908d97f011 |
system-config-audit-0.4.8-6.el5.ppc.rpm | SHA-256: 08e73d59b54777eddba9c917d1ce147470ce5b9363701a6bfafaefb059bc7872 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
audit-1.7.7-6.el5.src.rpm | SHA-256: 1420fd757b1db271ea39bb04ccb93997fbd7be03bae9e448f1bc7412b092d840 |
x86_64 | |
audispd-plugins-1.7.7-6.el5.x86_64.rpm | SHA-256: 7027ef980c4bfc81eebcff8d5990daa40e7b3a3b8ac82ac657b134f5ec38eb19 |
audit-1.7.7-6.el5.x86_64.rpm | SHA-256: e9694990e10568b1171af8105bc6a93179eec67fc28b659bdbfe2baab9eff3c5 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-1.7.7-6.el5.x86_64.rpm | SHA-256: f9499e8fa2a6b8ec190593fd037fbb4c24a5cae10df4564a79f8ee16cd15df7a |
audit-libs-devel-1.7.7-6.el5.i386.rpm | SHA-256: d502f512bb5abe37b56f694cd211561d18129038cb081280174c24681044fcb5 |
audit-libs-devel-1.7.7-6.el5.x86_64.rpm | SHA-256: babf9414faddef75f4938739a2e233339e80c0d343fd75e227e0b0a07205a381 |
audit-libs-python-1.7.7-6.el5.x86_64.rpm | SHA-256: 0a46fde91568cde7918dc70e374d32fe86f84e2eb236e22edf541ec7567c6b91 |
system-config-audit-0.4.8-6.el5.x86_64.rpm | SHA-256: a8d89ed371aa4f1c010aea470eead303c032a68a08b7294dc27d45530b0e45a8 |
i386 | |
audispd-plugins-1.7.7-6.el5.i386.rpm | SHA-256: 2840c4fac9f6051c6ecf069a0f31d8f1c485dafd8b01f441271e4e62a32ff8cc |
audit-1.7.7-6.el5.i386.rpm | SHA-256: 4a3aee15ee9efc4e2bc1158ac3f6c2eb22acd2a60c39c4e670615b7729718290 |
audit-libs-1.7.7-6.el5.i386.rpm | SHA-256: e4a98f6a2ea94eda78464b3cb32b224803cdd266be6fb037a5adefffcdc99d6e |
audit-libs-devel-1.7.7-6.el5.i386.rpm | SHA-256: d502f512bb5abe37b56f694cd211561d18129038cb081280174c24681044fcb5 |
audit-libs-python-1.7.7-6.el5.i386.rpm | SHA-256: 4baa706032c4a7feeeb6e3022cb628c5222e06c6748dfc9fc33e7c46445f3842 |
system-config-audit-0.4.8-6.el5.i386.rpm | SHA-256: 99c47e9e65bcff5dda47c5d81c9297089e52e1c3ff7410201cb02175dfa1e978 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.