audit-tools and SUDO
Warron S French
warron.s.french at aero.org
Tue May 10 12:31:19 UTC 2016
Good morning everyone,
I am working on an environment where I have managed to get centralized audit logging to work - roughly 95% properly on six (6) CentOS-6.7 workstations and a single (1) CentOS-6.7 server.
I have two problems though; and they seem somewhat minor:
1. The audit events being captured don't seem to be tied to any given node (so that I can perform ausearch --node hostName, or aureport), that's the first issue.
2. The second issue is that I need to configure sudo to enable my Special Security Team with the ability to perform their duties using the aureport and the ausearch commands, but I get an error that appears to be based on permissions.
I am hoping that you guys can steer me in the correct direction; and I can update my documentation to be even a little more thorough.
Scenario2, might be more of a membership issue now that I think about it; so please disregard as I think this is some weird 389-ds issue.
I am hoping though that someone can suggest a reason why, when I look directly at the content of the /var/log/audit/audit.log I am not see any references to node=hostname1, hostname2 .. hostnameN? Maybe I did misconfigure something, but I followed my own instructions to the "T" and they didn't produce this issue.
Thank you in advance for your precious time sincerely,
Warron French, MBA, SCSA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160510/11fe6845/attachment.htm>
More information about the Linux-audit
mailing list