Login/Logouts (UNCLASSIFIED)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Feb 28 21:18:26 UTC 2007
On Wed, 28 Feb 2007 15:31:41 EST, "Mackanick, Jason W CTR DISA GIG-OP" said:
> Newbie to the list. I am in position of writing technical
> implimentation guidance for DISA and I am looking for a method to audit
> logins/logouts. I have not been able to come up with a syscall that
> would cover this. Any help would be appreciated.
That's because "login" isn't a single syscall, and a lot of things happen
during a login - many files get read, programs get run, and so on. That's
why things like gdm, getty, and ssh are modified to cut a non-syscall
audit record when a user logs in.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070228/3435cd57/attachment.sig>
More information about the Linux-audit
mailing list