diff --git a/openssh-5.3p1-audit.patch b/openssh-5.3p1-audit.patch
new file mode 100644
index 0000000..7606e49
--- /dev/null
+++ b/openssh-5.3p1-audit.patch
@@ -0,0 +1,237 @@
+diff -up openssh-5.3p1/auth.c.audit openssh-5.3p1/auth.c
+--- openssh-5.3p1/auth.c.audit	2008-11-05 06:12:54.000000000 +0100
++++ openssh-5.3p1/auth.c	2009-10-11 13:02:47.000000000 +0200
+@@ -287,6 +287,12 @@ auth_log(Authctxt *authctxt, int authent
+ 		    get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
+ # endif
+ #endif
++#if HAVE_LINUX_AUDIT
++	if (authenticated == 0 && !authctxt->postponed) {
++		linux_audit_record_event(-1, authctxt->user, NULL,
++			get_remote_ipaddr(), "sshd", 0);
++	}
++#endif
+ #ifdef SSH_AUDIT_EVENTS
+ 	if (authenticated == 0 && !authctxt->postponed)
+ 		audit_event(audit_classify_auth(method));
+@@ -533,6 +539,10 @@ getpwnamallow(const char *user)
+ 		record_failed_login(user,
+ 		    get_canonical_hostname(options.use_dns), "ssh");
+ #endif
++#ifdef HAVE_LINUX_AUDIT
++		linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(),
++			"sshd", 0);
++#endif
+ #ifdef SSH_AUDIT_EVENTS
+ 		audit_event(SSH_INVALID_USER);
+ #endif /* SSH_AUDIT_EVENTS */
+diff -up openssh-5.3p1/config.h.in.audit openssh-5.3p1/config.h.in
+--- openssh-5.3p1/config.h.in.audit	2009-09-26 08:31:14.000000000 +0200
++++ openssh-5.3p1/config.h.in	2009-10-11 13:09:41.000000000 +0200
+@@ -533,6 +533,9 @@
+ /* Define to 1 if you have the <lastlog.h> header file. */
+ #undef HAVE_LASTLOG_H
+ 
++/* Define to 1 if you have the <libaudit.h> header file. */
++#undef HAVE_LIBAUDIT_H
++
+ /* Define to 1 if you have the `bsm' library (-lbsm). */
+ #undef HAVE_LIBBSM
+ 
+@@ -572,6 +575,9 @@
+ /* Define to 1 if you have the <limits.h> header file. */
+ #undef HAVE_LIMITS_H
+ 
++/* Define if you want Linux audit support. */
++#undef HAVE_LINUX_AUDIT
++
+ /* Define to 1 if you have the <linux/if_tun.h> header file. */
+ #undef HAVE_LINUX_IF_TUN_H
+ 
+@@ -768,6 +774,9 @@
+ /* Define to 1 if you have the `setgroups' function. */
+ #undef HAVE_SETGROUPS
+ 
++/* Define to 1 if you have the `setkeycreatecon' function. */
++#undef HAVE_SETKEYCREATECON
++
+ /* Define to 1 if you have the `setlogin' function. */
+ #undef HAVE_SETLOGIN
+ 
+@@ -1348,6 +1357,10 @@
+ /* Prepend the address family to IP tunnel traffic */
+ #undef SSH_TUN_PREPEND_AF
+ 
++/* Define to your vendor patch level, if it has been modified from the
++   upstream source release. */
++#undef SSH_VENDOR_PATCHLEVEL
++
+ /* Define to 1 if you have the ANSI C header files. */
+ #undef STDC_HEADERS
+ 
+diff -up openssh-5.3p1/configure.ac.audit openssh-5.3p1/configure.ac
+--- openssh-5.3p1/configure.ac.audit	2009-09-11 06:56:08.000000000 +0200
++++ openssh-5.3p1/configure.ac	2009-10-11 13:08:03.000000000 +0200
+@@ -3407,6 +3407,18 @@ AC_ARG_WITH(selinux,
+ 	fi ]
+ )
+ 
++# Check whether user wants Linux audit support
++LINUX_AUDIT_MSG="no"
++AC_ARG_WITH(linux-audit,
++	[  --with-linux-audit   Enable Linux audit support],
++	[ if test "x$withval" != "xno" ; then
++		AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
++		LINUX_AUDIT_MSG="yes"
++		AC_CHECK_HEADERS(libaudit.h)
++		SSHDLIBS="$SSHDLIBS -laudit"
++	fi ]
++)
++
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+ AC_ARG_WITH(kerberos5,
+@@ -4226,6 +4238,7 @@ echo "                       PAM support
+ echo "                   OSF SIA support: $SIA_MSG"
+ echo "                 KerberosV support: $KRB5_MSG"
+ echo "                   SELinux support: $SELINUX_MSG"
++echo "               Linux audit support: $LINUX_AUDIT_MSG"
+ echo "                 Smartcard support: $SCARD_MSG"
+ echo "                     S/KEY support: $SKEY_MSG"
+ echo "              TCP Wrappers support: $TCPW_MSG"
+diff -up openssh-5.3p1/loginrec.c.audit openssh-5.3p1/loginrec.c
+--- openssh-5.3p1/loginrec.c.audit	2009-02-12 03:12:22.000000000 +0100
++++ openssh-5.3p1/loginrec.c	2009-10-11 13:06:16.000000000 +0200
+@@ -176,6 +176,10 @@
+ #include "auth.h"
+ #include "buffer.h"
+ 
++#ifdef HAVE_LINUX_AUDIT
++# include <libaudit.h>
++#endif
++
+ #ifdef HAVE_UTIL_H
+ # include <util.h>
+ #endif
+@@ -202,6 +206,9 @@ int utmp_write_entry(struct logininfo *l
+ int utmpx_write_entry(struct logininfo *li);
+ int wtmp_write_entry(struct logininfo *li);
+ int wtmpx_write_entry(struct logininfo *li);
++#ifdef HAVE_LINUX_AUDIT
++int linux_audit_write_entry(struct logininfo *li);
++#endif
+ int lastlog_write_entry(struct logininfo *li);
+ int syslogin_write_entry(struct logininfo *li);
+ 
+@@ -440,6 +447,10 @@ login_write(struct logininfo *li)
+ 
+ 	/* set the timestamp */
+ 	login_set_current_time(li);
++#ifdef HAVE_LINUX_AUDIT
++	if (linux_audit_write_entry(li) == 0)
++		fatal("linux_audit_write_entry failed: %s", strerror(errno));
++#endif
+ #ifdef USE_LOGIN
+ 	syslogin_write_entry(li);
+ #endif
+@@ -1394,6 +1405,87 @@ wtmpx_get_entry(struct logininfo *li)
+ }
+ #endif /* USE_WTMPX */
+ 
++#ifdef HAVE_LINUX_AUDIT
++static void
++_audit_hexscape(const char *what, char *where, unsigned int size)
++{
++	const char *ptr = what;
++	const char *hex = "0123456789ABCDEF";
++
++	while (*ptr) {
++		if (*ptr == '"' || *ptr < 0x21 || *ptr > 0x7E) {
++			unsigned int i;
++			ptr = what;
++			for (i = 0; *ptr && i+2 < size; i += 2) {
++				where[i] = hex[((unsigned)*ptr & 0xF0)>>4]; /* Upper nibble */
++				where[i+1] = hex[(unsigned)*ptr & 0x0F];   /* Lower nibble */
++				ptr++;
++			}
++			where[i] = '\0';
++			return;
++		}
++		ptr++;
++	}
++	where[0] = '"';
++	if ((unsigned)(ptr - what) < size - 3)
++	{
++		size = ptr - what + 3;
++	}
++	strncpy(where + 1, what, size - 3);
++	where[size-2] = '"';
++	where[size-1] = '\0';
++}
++
++#define AUDIT_LOG_SIZE 128
++#define AUDIT_ACCT_SIZE (AUDIT_LOG_SIZE - 8)
++
++int
++linux_audit_record_event(int uid, const char *username,
++	const char *hostname, const char *ip, const char *ttyn, int success)
++{
++	char buf[AUDIT_LOG_SIZE];
++	int audit_fd, rc;
++
++	audit_fd = audit_open();
++	if (audit_fd < 0) {
++	 	if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++					errno == EAFNOSUPPORT)
++			return 1; /* No audit support in kernel */
++		else
++			return 0; /* Must prevent login */
++	}
++	if (username == NULL)
++		snprintf(buf, sizeof(buf), "uid=%d", uid);
++	else {
++		char encoded[AUDIT_ACCT_SIZE];
++		_audit_hexscape(username, encoded, sizeof(encoded));
++		snprintf(buf, sizeof(buf), "acct=%s", encoded);
++	}
++	rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
++		buf, hostname, ip, ttyn, success);
++	close(audit_fd);
++	if (rc >= 0)
++		return 1;
++	else
++		return 0;
++}
++
++int
++linux_audit_write_entry(struct logininfo *li)
++{
++	switch(li->type) {
++	case LTYPE_LOGIN:
++		return (linux_audit_record_event(li->uid, NULL, li->hostname,
++			NULL, li->line, 1));
++	case LTYPE_LOGOUT:
++		return (1);	/* We only care about logins */
++	default:
++		logit("%s: invalid type field", __func__);
++		return (0);
++	}
++}
++#endif /* HAVE_LINUX_AUDIT */
++
+ /**
+  ** Low-level libutil login() functions
+  **/
+diff -up openssh-5.3p1/loginrec.h.audit openssh-5.3p1/loginrec.h
+--- openssh-5.3p1/loginrec.h.audit	2006-08-05 04:39:40.000000000 +0200
++++ openssh-5.3p1/loginrec.h	2009-10-11 13:04:28.000000000 +0200
+@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
+ char *line_abbrevname(char *dst, const char *src, int dstsize);
+ 
+ void record_failed_login(const char *, const char *, const char *);
++#ifdef HAVE_LINUX_AUDIT
++int linux_audit_record_event(int uid, const char *username,
++	const char *hostname, const char *ip, const char *ttyn, int success);
++#endif /* HAVE_LINUX_AUDIT */
+ 
+ #endif /* _HAVE_LOGINREC_H_ */
diff --git a/openssh.spec b/openssh.spec
index c76facd..59315bc 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -63,7 +63,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.3p1
-Release: 2%{?dist}%{?rescue_rel}
+Release: 3%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -79,6 +79,7 @@ Patch2: openssh-5.3p1-skip-initial.patch
 Patch4: openssh-5.2p1-vendor.patch
 Patch12: openssh-5.2p1-selinux.patch
 Patch13: openssh-5.3p1-mls.patch
+Patch16: openssh-5.3p1-audit.patch
 Patch18: openssh-5.0p1-pam_selinux.patch
 Patch19: openssh-5.2p1-sesftp.patch
 Patch22: openssh-3.9p1-askpass-keep-above.patch
@@ -207,6 +208,7 @@ an X11 passphrase dialog for OpenSSH.
 #SELinux
 %patch12 -p1 -b .selinux
 %patch13 -p1 -b .mls
+%patch16 -p1 -b .audit
 %patch18 -p1 -b .pam_selinux
 %patch19 -p1 -b .sesftp
 %endif
@@ -460,6 +462,9 @@ fi
 %endif
 
 %changelog
+* Fri Oct 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-3
+- Reenable audit.
+
 * Fri Oct  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-2
 - Upgrade to new wersion 5.3p1