- Interpret TTY audit data in auparse (Miloslav Trmač)
- Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
- Add USER_AVCs to aureport's avc reporting (Peng Haitao)
- Short circuit hostname resolution in libaudit if host is empty
- If log_group and user are not root, don't check dispatcher perms
- Fix a bug when executing "ausearch -te today PM"
- Add --exit search option to ausearch
- Fix parsing config file when kerberos is disabled
- Add tcp_wrappers support for auditd
- Updated syscall tables for 2.6.27 kernel
- Audit connect/disconnect of remote clients
- Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
- Whole lot of bug fixes - see ChangeLog for details
- Reimplement auditd main loop using libev
- Add TCP listener to auditd to receive remote events
- Fix scheduler problem (#457061)
- Don't error on name=(null) PATH records in ausearch/report
- Add key report to aureport
- Update system-config-audit to 0.4.7 (Miloslav Trmac)
- Add support for the filetype field option in auditctl new to 2.6.26
kernels
- Fix ausearch/report --start now to not be reset to midnight
- audispd now has a priority boost config option
- Look for laddr in avcs reported via prelude
- Detect page 0 mmaps and alert via prelude
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
- Fix memory leak in EOE code in auditd (#440075)
- In auditctl, don't use new operators in legacy rule format
- Made a couple corrections in alpha & x86_64 syscall tables (Miloslav
Trmac)