FW: Time field not readable
Kirkwood, David A.
DAVID.A.KIRKWOOD at saic.com
Mon Nov 3 22:41:33 UTC 2008
The kernel I am running is 2.6.9-42. I think the kernel may have been
tampered with. Doesn't Snare install require rebuilding the kernel with
traps for the audit to work? Also, I found the complete source tree in
/usr/RedHat and /usr/SRCS (at least there was a lot of code there).
David A. Kirkwood
SAIC
david.a.kirkwood at saic.com
kirkwoodd at saic.com
Phone: (727) 502-8310
Fax: (727) 822-7776
-----Original Message-----
From: linux-audit-bounces at redhat.com
[mailto:linux-audit-bounces at redhat.com] On Behalf Of Steve Grubb
Sent: Monday, November 03, 2008 4:46 PM
To: linux-audit at redhat.com
Cc: Kirkwood, David A.
Subject: Re: FW: Time field not readable
On Monday 03 November 2008 14:59:05 Kirkwood, David A. wrote:
> I have removed the packages audit-2.4.1, audit-libs-2.4.1,
> audit-libs-devel-2,4,1
I have no idea what those are. the latest RHEL4 audit package is 1.0.16
and
RHEL5 is 1.6.5. My development copy is 1.7.9. You have a RHEL4 system
that is
way out of whack since those are packages that I've never heard of. :)
> and SnareLinux and added via rpm audit-libs-1.0.14-1,
audit-libs-1.0.4-1 and
> audit-1.0.14-1. The time field is still not readable when I used
ausearch or
> aureport utilities.
Updating the user space utilities means that from now on your logs will
be
readable. Also, what kernel are you running? Are you running a real
RHEL4
kernel?
-Steve
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list