useradd question
Lenny Bruzenak
lenny at magitekltd.com
Thu May 16 23:00:38 UTC 2019
If I add a new user with the "useradd" utility, it submits a ADD_USER
event, but the event itself has no interpretation for the new UID.
IOW, the "id" field is numeric and the translated data at the end of the
raw record has "ID=unknown(number)".
I'm guessing it is because until the user data has been successfully
entered, there is no translation. Perhaps the event submission should
wait until that happens?
I may be able to dig out the name from other related generated events,
but that is kind of a pain.
audit-2.8.5, RHEL 7.6
Thx,
LCB
--
Lenny Bruzenak
MagitekLTD
More information about the Linux-audit
mailing list