Audit config for NISPOM req's
Steve Grubb
sgrubb at redhat.com
Tue Jan 16 16:15:10 UTC 2007
On Tuesday 16 January 2007 10:51, Kirkwood, David A. wrote:
> My pam.d directory shows:
This all looks correct now.
> I added
> xcreensaver session required pam_loginuid.so
> but it had no effect.
I wouldn't. xscreensaver runs as a common user and does not have the
capabilities needed to set the loginuid.
> Is there anything else I missed?
That should do it. The communication chain here is:
login->pam->kernel
kernel->auditd
You should get a kernel event when you do this as root:
echo 500 > /proc/self/loginuid
ausearch -ts today -m LOGIN
time->Tue Jan 16 11:11:43 2007
type=LOGIN msg=audit(1168963903.962:1310): login pid=19065 uid=0 old auid=500
new auid=500
If that's not working, you have a kernel problem. If its working, I'd look at
pam/login.
-Steve
More information about the Linux-audit
mailing list