This is Your Open EnterpriseTM

audit 7264


This document (5157375) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86
Security patch: No
Priority: Recommended
Distribution Type: Public


Revision: 1
Document ID: 5157375
Creation Date: 2013-02-22 10:46:22


Recommended update for audit (7264)

Patch: sledsp2-audit-18-7264
Bugs: 792713

Applies to:

Package(s): audit audit-audispd-plugins audit-debuginfo audit-debugsource audit-devel audit-libs audit-libs-32bit audit-libs-python audit-libs-x86 audit-secondary
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2



Every user should update.




The set of tools for Kernel Auditing (audit) has been updated to version 1.8. The update brings many fixes and enhancements, including:

  • Add definitions for crypto events
  • Add tcp_wrappers configuration option to auditd
  • Add interpretations for epoll_ctl, lseek, and sigaction to libauparse
  • Add aulast, a program that prints a list of the last logged in users
  • Add system boot, shutdown, and run level change events
  • Add max_restarts to audispd.conf to limit plugin restarts
  • Add new kernel capability event record types
  • Add support in ausearch and aureport for TTY data
  • Add new aureport option for TTY keystroke report
  • Interpret TTY audit data in auparse
  • Allow aulastlog to read input from standard input
  • Allow ausearch and aureport to specify multiple node names
  • Allow auditd log rotation via SIGUSR1 when NOLOG log format option is enabled
  • Allow the keyword "any" for local_port in audisp-remote
  • Send AUDIT_RMW_TYPE_ENDING messages to clients when auditd shuts down
  • Fix ausearch and aureport to handle out of order events
  • Fix problem with negative UIDs in audit rules on 32bit systems
  • Fix bug interpreting i386 logs on x86_64 machines
  • Fix uninitialized variable in aureport that could cause a segmentation fault
  • Improve performance of ausearch and aureport.

The format of messages printed by the tools or logs generated might have changed to improve readability or include more information. For a comprehensive list of changes please refer to the package change log.


This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module. Please install the update.

file contents

Files IncludedSizeDate
audit-1.8-0.28.1.i586.rpm221.9 KB (227248)2013-02-22 10:46:27
audit-libs-1.8-0.28.1.i586.rpm71.1 KB (72903)2013-02-22 10:46:28
readme_5157375.htmlN/A2013-02-22 10:57:23

source packages

Download the source code of the patches for maintained products.


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.