WHATSNEW: Add note about defaults changes for the vfs_full_audit and acceptance of...

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3d3b66569f3a5c4af76929769d63eabf2c3e8f36..956a4a04ceaa56af462031b480b48f1c4b69a60b 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -66,6 +66,16 @@ Kerberos would return ALICE as the username. Kerberos would not be able to map
 names can be correctly mapped. This only applies to GSSAPI authentication,
 not for the geting the initial ticket granting ticket.
 
+VFS audit modules
+-----------------
+
+The vfs_full_audit module has changed it's default set of monitored successful
+and failed operations from "all" to "none". That helps to prevent potential
+denial of service caused by simple addition of the module to the VFS objects.
+
+Also, modules vfs_audit, vfs_ext_audit and vfs_full_audit now accept any valid
+syslog(3) facility, in accordance with the manual page.
+
 Database audit support
 ----------------------
 
@@ -236,6 +246,7 @@ feature, currently it should be enabled from the DNS Manager tool from
 Windows. Also the feature needs to have been enabled by setting the smb.conf
 parameter "dns zone scavenging = yes".
 
+
 REMOVED FEATURES
 ================
 
@@ -254,6 +265,8 @@ to allow better Windows fileserver compatibility in a default install.
   map readonly                       Default changed              no
   store dos attributes               Default changed             yes
   ea support                         Default changed             yes
+  full_audit:success                 Default changed            none
+  full_audit:failure                 Default changed            none
 
 VFS interface changes
 =====================