Version 1.1.4 of the Cmd Audit agent introduces support for Oracle Linux 7 and 8, resolves an incompatibility with SELinux, fixes an issue that could result in duplicate entries representing the same server, and makes an assortment of minor improvements.

Support for Oracle Linux

The agent now supports Oracle Linux 7 with RHCK and UEK kernels 3.10+, and Oracle Linux version 8 with RHCK and UEK kernels 4.18+. Deploy to your heart's content!

SELinux compatibility

Implemented a rewritten, BPF-specific SELinux policy that resolves all remaining SELinux issues. The agent and SELinux are now best friends.

Duplicate server entries

Resolved an issue where upgrading an agent could result in duplicate server entries — one for the pre-update, and one for the post-update server.

Other improvements

  • The agent more reliably records the current working directory (cwd) field of Exec events.

  • Fixed an installation issue related to FIPS mode on CentOS/RHEL/Oracle Linux.

SHA-256 checksums:

cmd_1.1.4_amd64.tar.gz:
73eb324c18fa841a36c488134158925113ad422dc0ac207b6814dab6370bc968

cmd-1.1.4.amd64.deb:
b69fe3b2c4a8096cfffedb9f625acf78bda958aaabe8b6936ea6436bfe718cc8

cmd-1.1.4.x86_64.rpm:
6cb7d746af098424d93e72186bb826c5197c485b6cf32fea3a8b7fb87ffeb1cb

If you have automatic agent updates enabled, this version will roll out automatically. Otherwise see our documentation for deployment instructions.

Did this answer your question?