The audit package contains the user-space utilities for creating audit rules, as well as for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. It also has a basic Intrusion Detection plugin based on audit events capable of IDMEF alerting using prelude.
License: GNU General Public License (GPL)
Changes:
This release fixes several bugs in remote logging. auditd now leaves the old log writable if rotation fails. On kernels with both 64-bit and 32-bit syscalls, auditctl will now warn if a syscall rule attempts to cover both and the 64/32-bit syscall numbers do not match. A bug was fixed in the auparse library where it was not including single key fields in the audit records.
More...
01-11-2009
