Audit config for NISPOM req's
Steve Grubb
sgrubb at redhat.com
Fri Jan 12 16:38:31 UTC 2007
On Friday 12 January 2007 11:09, Kirkwood, David A. wrote:
> I'm using RHEL4U4 and do not have autail. Where'd it come from?
http://www.redhat.com/archives/linux-audit/2006-October/msg00035.html
> Also, the doc I have does not metion the -rwxa option for watches.
That was a typo. It should have been -p rwxa. It should be in auditctl man
page.
> Separate question. With the watches I have enabled, I never am able to
> tie a user to an access violation. How do I do that?
It should be done automatically. The auid is the field that you would look at.
We've configured the pam settings for sshd,login,gdm, cron,vsftpd,remote to
include the pam_loginuid.so module. This is needed for it to work. Unless you
changed them, it should be setup at installation.
-Steve
More information about the Linux-audit
mailing list