Audit Log not capturing access to security related files
Starr-Renee Corbin
corbin at arlut.utexas.edu
Wed Nov 25 16:57:10 UTC 2009
Hello,
I am required (by NISPOM) to audit access to security related files.
I am essentially using the nispom audit.rules provided by rhel5 to
accomplish this.
However, some of my systems are capturing access to /etc/shadow and
some of my systems are not (when looking in /var/log/audit/audit.log.
Worried that I might have differing audit.rules files between the
systems I have even copied the audit.rules file from systems that were
auditing right to systems that were not. But this has not resolved
the auditing problem.
HELP!
Thank you!
Starr
More information about the Linux-audit
mailing list