Installation guide

Feature Updates

• a sample STIG rules file, named "stig.rules", is newly provided in these updated packages. This

file contains the auditctl rules which are loaded whenever the audit daemon is started by init

scripts.

In addition to the listed enhancements, these updated audit packages also include a new feature

to allow a server to aggregate the logs of remote systems. The following instructions can be

followed to enable this feature:

1. The audispd-plugins package should be installed on all clients (but need not be installed

on the server), and the parameters for "remote_server" and "port" should be set in the /etc/

audisp/audisp-remote.conf configuration file.

2. On the server, which aggregates the logs, the "tcp_listen_port" parameter in the /etc/audit/

auditd.conf file must be set to the same port number as the clients.

3. Because the auditd daemon is protected by SELinux, semanage (the SELinux policy

management tool) must also have the same port listed in its database. If the server and client

machines had all been configured to use port 1000, for example, then running this command

would accomplish this:

semanage port -a -t audit_port_t -p tcp 1000

4. The final step in configuring remote log aggregation is to edit the /etc/hosts.allow configuration

file to inform tcp_wrappers which machines or subnets the auditd daemon should allow

connections from.

wpa_supplicant re-base

wpa_supplicant has been re-based to the latest upstream stable version 0.5.10 and include

backported fixes for a number of issues that may affect users of wireless drivers that depend on

the kernel's mac80211 wireless stack. Specific fixes and enhancements include:

• Support for a D-Bus control interface has been added. D-Bus is a popular lightweight Inter-

Process Communication mechanism, and the addition of this control interface to wpa_supplicant

allows applications (like NetworkManager) to more reliably control the supplicant.

• Cisco Aironet 340/350 wireless cards were not able to successfully connect to 802.1x-enabled

wireless networks, often used in security sensitive organizations. During the connection process

at the 4-Way WPA handshake stage, sending encryption keys to the driver would clear the

wireless card firmware's authentication state. With this update, the supplicant uses an alternate

method of supplying encryption keys to the kernel driver, allowing authentication state to be

preserved in the Aironet firmware and 802.1x connections to succeed.

• Kernel drivers utilizing the new mac80211 wireless stack were sometimes unable to connect

to wireless networks, either failing to find the requested network, or prematurely ending

communication with the wireless access point during the connection process. Some drivers

were prone to reporting multiple disconnection events during the association process, confusing

the supplicant and causing long timeouts. The supplicant also did not sufficiently instruct the

driver to disconnect when switching access points. This update fixes these issues and, in

conjunction with kernel driver updates, allow more wireless hardware to successfully connect to

wireless networks.