Skip to content

audit-4.0
Compare
Choose a tag to compare
@stevegrubb stevegrubb released this 16 Jan 19:03
· 64 commits to master since this release
v4.0
ae7d283

This is the next major release. One of the main features is the separation of loading rules and logging events into separate services, audit-rules.service and auditd.service. This release also drops support for python2 and SysVinit. The libaudit python bindings now only support logging events. The auvirt and autrace programs have been dropped. The nispom rules have been dropped. The legacy service functions have been rewritten in term of systemctl and new auditctl capabilities. The aureport --summary reports are now up to 5 times faster. File watches have been optimized to hook only the necessary syscalls instead of all which measurably improves whole system performance. The syscall and interpretation tables have been updated for the 6.8 kernel. And there have been many code cleanups, hardening, and refactoring.

Assets 2