Audit config for NISPOM req's
Steve Grubb
sgrubb at redhat.com
Fri Jan 12 19:49:32 UTC 2007
On Friday 12 January 2007 13:45, Kirkwood, David A. wrote:
> Then when I execute aureport -w --failed, the auid field shows up as -1
> as it does for every watch list. Am I missing something?
Yes.
#cd /etc/pam.d
#grep loginuid *
See if you have that in your pam stack. You should see something like this:
atd:session required pam_loginuid.so
crond:session required pam_loginuid.so
gdm:session required pam_loginuid.so
gdm-autologin:session required pam_loginuid.so
kcheckpass:session required pam_loginuid.so
kdm:session required pam_loginuid.so
kdm-np:session required pam_loginuid.so
kscreensaver:session required pam_loginuid.so
login:session required pam_loginuid.so
remote:session required pam_loginuid.so
sshd:session required pam_loginuid.so
vsftpd:session required pam_loginuid.so
xdm:session required pam_loginuid.so
-Steve
More information about the Linux-audit
mailing list