Offline configuration
Steve Grubb
sgrubb at redhat.com
Fri May 25 18:10:51 UTC 2007
On Friday 25 May 2007 12:23, Robert Evans wrote:
> Do I need the latest of
> audit-libs-devel
no
> kernel as well?
Wouldn't hurt due to security fixes.
> Also, what other packages are critical to get NISPOM compliance?
NISPOM seems preoccupied with login/logout, account locking, blacklisting of
terminals, audit trail generation, and audit reports.
The login/logout stuff is covered by pam, login, sshd, and gdm. Account
locking is done by pam_tally2. I don't believe we do blacklisting of
terminals like pam_tally does. And the audit trail is done by the kernel and
audit package. I'd also update password and shadow-utils so that changes to
accounts are audited.
> Even when I updated the above packages, it didn't look like failed logins on
> the gnome desktop were generating events. I realize this may be particular
> to RHEL_64, but I also figured I could just have an outdated package.
Also, put audit=1 in boot parameters. The latest version of gdm is supposed to
work with audit. There was an issue where the gdm pam configuration was not
right. But it was corrected in the last release.
> I'm asking this because when I set up my audit rules on RHEL4_64 with the
> base auditing installed (none of the above updates). I wasn't getting any
> login/logout events at all, based on my initial experience with the initial
> Fedora configurations, I assume that I need to install updated packages.
Yes, I would.
> It seems like Steve has put enough information in the event logs that it is
> possible to build a GUI that parses, combines, and then displays the event
> logs to the user.
Yes. I believe someone even sent one to this mail list about a year ago. We
are planning to write one later this summer after the audit parsing library
work is settled.
> The only gotcha I had with FC5 was that I needed the updated openssh
> packages to generate the events that indicated a logout event for ssh.
Yep.
-Steve
More information about the Linux-audit
mailing list