Help with setup
Klaus Weidner
klaus at atsec.com
Mon Mar 20 19:43:26 UTC 2006
On Thu, Mar 16, 2006 at 11:20:42AM -1000, Gene Dellinger wrote:
> Hoping this is the right place to get help configuring auditd(laus) on Red
> Hat.
>
> I have 4 high security systems that I need to allow a new employee root
> access to. I would like to see everything that is done by root or any other
> users/processes, however the only thing I can seem to get it to do is tell
> me when my cronjobs, the sa stuff runs and login info.
For LAuS, syscalls aren't audited automatically. The recommended method
is putting pam_laus.so in the pam stack to activate audit when the user
logs in, this also initializes the audit login UID. Please check out the
evaluated configuration guide for more details, and/or use the script
from the certification RPM to set it up automatically.
ftp://partners.redhat.com/EAL3_RHEL3/U2/ (IBM hardware)
ftp://partners.redhat.com/EAL3_RHEL3/HP/ (HP hardware)
-Klaus
More information about the Linux-audit
mailing list