openssh logout not being audited on fc5
Wieprecht, Karen M.
Karen.Wieprecht at jhuapl.edu
Wed Nov 5 20:20:23 UTC 2008
All,
been google-ing all day, so sorry if this info is common knowledge, but I can't seem to find it.
Trying to build FC5 (2.6.20-1.2320-fc5) system to meet a sponsor requirement (miserable task that it is), and I have to make this system be NISPOM compliant. Unfortunately, ssh logout isn't showing up in my audit logs, and although I have an idea why, I can't seem to find what I think I need ... The system I am building has the following:
OS = FC5
audit subsystem = 1.3-2
openssh = 4.3p2-4.12
kernel = 2.6.20-1.2320-fc5
My RHEL4 systems capture ssh logout just fine , and they are at earlier versions of both openssh and the audit subsystem... I found a note from a colleague about needing openssh >= 4.3p2-4.13 to fix the ssh logout problem for (I think) SuSe 10.1, so I thought I'd try and find a later version of open ssh or at least a src.rpm to build a newer version for fc5 , but I didn't have much luck. Found a 4.3p2-16 src.rpm for el5, but of course, that didn't build properly on my fc5 system .
Anyone know if I'm chasing my tail? maybe something else will fix this for FC5 (newer audit pkg? )? Recommendations would be most appreciated. If you all think I DO need a newer openssh version, anyone know where I can get a src.rpm for fc5 later than 4.3p2-4.12?
Thanks,
Karen Wieprecht
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20081105/353f1149/attachment.htm>
More information about the Linux-audit
mailing list