AUID question
David Flatley
dflatley at us.ibm.com
Fri Nov 14 15:16:12 UTC 2014
While checking audit logs for failed logins, It was noticed that the
AUID was one name and there was a UID of the user that failed login. The
only thing we can figure is that the AUID user rebooted the system
by logging in as himself and then using sudo to reboot the system prior to
the fails. Are we correct in this assumption?
David Flatley
"To err is human. To really screw up requires the root password." -UNKNOWN
More information about the Linux-audit
mailing list