openssh logout not being audited on fc5
Tomas Mraz
tmraz at redhat.com
Wed Nov 5 23:00:05 UTC 2008
On Wed, 2008-11-05 at 15:20 -0500, Wieprecht, Karen M. wrote:
> All,
> been google-ing all day, so sorry if this info is common knowledge,
> but I can't seem to find it.
>
> Trying to build FC5 (2.6.20-1.2320-fc5) system to meet a sponsor
> requirement (miserable task that it is), and I have to make this
> system be NISPOM compliant. Unfortunately, ssh logout isn't showing
> up in my audit logs, and although I have an idea why, I can't seem to
> find what I think I need ... The system I am building has the
> following:
>
> OS = FC5
> audit subsystem = 1.3-2
> openssh = 4.3p2-4.12
> kernel = 2.6.20-1.2320-fc5
>
> My RHEL4 systems capture ssh logout just fine , and they are at
> earlier versions of both openssh and the audit subsystem... I found
> a note from a colleague about needing openssh >= 4.3p2-4.13 to fix the
> ssh logout problem for (I think) SuSe 10.1, so I thought I'd try and
> find a later version of open ssh or at least a src.rpm to build a
> newer version for fc5 , but I didn't have much luck. Found a 4.3p2-16
> src.rpm for el5, but of course, that didn't build properly on my fc5
> system .
>
> Anyone know if I'm chasing my tail? maybe something else will fix
> this for FC5 (newer audit pkg? )? Recommendations would be most
> appreciated. If you all think I DO need a newer openssh version,
> anyone know where I can get a src.rpm for fc5 later than 4.3p2-4.12?
You could try to add the relevant patch from the RHEL 5 openssh src.rpm
to the FC5 package. But is it really good idea to use such old package
at all? There are unfixed CVEs and so on. Of course this applies to the
rest of the FC5 distribution as well.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Linux-audit
mailing list