[LWN Logo]

Date: Tue, 26 Jan 1999 15:43:50 +0100
From: "Anthony C . Zboralski" <acz@hert.org>
To: bugtraq@netspace.org
Subject: [HERT] ANNOUNCE: linux auditd daemon 1.10


--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Greetings,

We have just released auditd version 1.10 for linux.

    Auditd  is  part  of the linux kernel auditing toolkit. It
    will capture auditing trails created by the kernel  audit=AD
    ing  facility from /proc/audit, filter them, and save them
    in specific log files.  For the moment, auditd  only  sup=AD
    ports the -t option, which enables audit trails timestamp=AD
    ing. Other command line options will  probably  be  imple=AD
    mented in the next releases to add more flexibility to the
    package.
                                                       =20
Comments, suggestions, and critics are welcome.

http://www.hert.org/projects/linux/auditd/auditd.tar.gz
ftp://ftp.hert.org/pub/linux/auditd/auditd.tar.gz

PGP signatures:
http://www.hert.org/projects/linux/auditd/auditd.tar.gz.asc
ftp://ftp.hert.org/pub/linux/auditd/auditd.tar.gz.asc

PGP key:
http://www.hert.org/HERT_PGP.key
ftp://ftp.hert.org/pub/HERT_PGP.key

MD5sum:
ae160eb8d50ff3e87a11d27434af48d0  auditd-1.10.tar.gz

here is the README file:

LINUX AUDIT Daemon:=20
MANDATORY AUDITING FOR LINUX=20

by Marcus Wolf <klog@hert.org>, Promisc Security
Copyright (C) 1999 Hacker Emergency Response Team
http://www.hert.org/linux/auditd

Audit Daemon is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

Audit Daemon is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with GNU CC; see the file COPYING.  If not, write to
the Free Software Foundation, 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. =20


INSTALLATION

	# vi Makefile
	# vi audit.h
        # make
        # make install
	# ./kpatch
        # cd /usr/src/linux
        # make zlilo
        # echo "/usr/sbin/auditd" >> /etc/init/rc.daemons
        # reboot


INFORMATION

	o /proc/audit

		This is where the kernel audit facility sends its raw
	  trails information. It is in ascii format, but you may have
	  problems converting network byte order addresses to n&d ips
	  manually. :)=20

	o /sbin/auditd [-t]

		The audit daemon captures audit trails from /proc/audit,
	  filters them following its filtering rules, formats them, and
	  outputs them to a log file. The "-t" option will force auditd
	  to apply timestamps to the audit trails.

	o /etc/security/audit.conf

		The audit configuration file keeps the auditd filtering
	  rules. It enable the administrator to filter trails by flag,=20
	  uid, and pid.=20

		- Multiple flags can be specified on a single line;
		- Only one pid can be specified by line;
		- Only one uid can be specified by line;
		- Both flags, uids and pids can be replaced by a
		  '*' mask;


NOTES/BUGS/TODO

	- The next release will probably include audit trails
	  routing to other hosts (similar to syslogd), and
	  piping to commands;
	- If you find any bug, please contact me at:

		Markus Wolf <klog@hert.org>


--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBNq3UpbiV3oeHg1NdAQFiSQQAyCAlrd64uwVq3y6fTgvVAwOe8tr2omRi
HkAZFEq12b7e7BxlFuXpygHfh5Lqw9HLvg1E9usvurjohucKf4oSTJWjvpUwky3P
+Cc+9e7/FnQlfkpqMZxu0jkppzGk+Bgai8OU6CVw4XveZGNI8j7y8xWdBJxs4zwi
Hq6+0Nj6rJY=
=1sEm
-----END PGP SIGNATURE-----

--zhXaljGHf11kAtnf--


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org