Other audit configurations
Steve Grubb
sgrubb at redhat.com
Thu Jan 11 19:15:05 UTC 2007
On Thursday 11 January 2007 14:01, Thomas, Daniel J. wrote:
> We're trying to figure out where some of the other information is coming
> from that is in our audit.log file. It seems to be pam information and
> such.
Yes. Pam has been hooked because of the requirement to audit all use of
authentication mechanisms.
> Where is that configured?
Its not configurable, its hardcoded into the pam libraries. In RHEL5 and FC6
you can explicitly exclude those events if you wanted to.
-Steve
More information about the Linux-audit
mailing list