[RFC] NISPOM audit rules - first draft
Steve Grubb
sgrubb at redhat.com
Fri Apr 13 21:54:27 UTC 2007
On Friday 13 April 2007 17:45, Brian K. Whatcott wrote:
> Below you say the nispom.rules has been updated several times. Where is
> the latest version located?
You can download the latest source code, open the archive and copy
nispom.rules to wherever you needed it.
http://people.redhat.com/sgrubb/audit/audit-1.5.2.tar.gz
The configuration takes advantage of some newer features. So, it may or may
not work with the exact version of audit/kernel that you have.
> In the nispom.rules version in your post in the archive, the comments said
> several NISPOM audit requirements were met by other programs (1(b) by
> patches to login, gdm, and openssh; 1(d) by patches to libpam; 1(e) & 1(f)
> by patches to pam_tally). Can these patches be downloaded from somewhere?
These patches have been sent upstream and hopefully your versions of those
apps are new enough to have the patches and audit is enabled for them. I did
not collect them up into one place, but rather tried to get them where they
ultimately needed to go so everyone benefits from the work. The one exception
might be util-linux which seems to be a dead project that each distro
maintains themselves.
> Do the patches work with SuSE 10.1 or 10.2?
I don't know.
-Steve
More information about the Linux-audit
mailing list