Security Logging - Passwords & Accounts
Chris Bingham
Chris at acel.co.uk
Mon Feb 13 14:16:42 UTC 2006
Hi Aaron,
Thanks for your help, I tried making some changes (adding & deleting
users & groups, and changing passwords) and they don't seem to have been
logged!
I also tried adding this line to /etc/syslog.conf
*.* /var/log/all
But I didn't get any messages logged in the 'all' file when I tried the
same changes again (but I do get other messages like ' Dec 25 14:15:00
RHEL-ES3-02 CROND[2620]: (root) CMD (/usr/bin/mrtg /etc/mrtg/mrtg.cfg)'
logged)
Is there something else I need to do please?
Thanks again for your help,
Chris
-----Original Message-----
From: Bliss, Aaron [mailto:ABliss at preferredcare.org]
Sent: 13 February 2006 13:49
To: Chris Bingham; redhat-list at redhat.com
Subject: RE: Security Logging - Passwords & Accounts
These changes should already be logged in /var/log/secure; if you run
logwatch with a detail level of 5, you should see everything your
looking for in the report (and more :).
Aaron
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Chris Bingham
Sent: Monday, February 13, 2006 8:43 AM
To: redhat-list at redhat.com
Subject: Security Logging - Passwords & Accounts
Hi,
Does anybody know of any way to log changes to user & group accounts and
passwords please?
Because of a new security policy, we need to find a way to log in a file
whenever any changes are made to any user or group account, particularly
need to monitor changes to passwords and group memberships.
As a minimum, we've got to record the date & time of the change, what
the change was, and which user account was used to make the change.
Ideally we also need to do this without using third-party software, but
any solution would be very welcome :)
I'd really appreciate any help anyone can give, I've been trawling the
net all morning looking for some pointers without much luck!
Thanks in advance for any help,
Chris
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange proir to leaving Applied Computing & Engineering's E-Mail
Server
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the
exclusive use of the individual or entity named above and may contain
privileged or confidential information. If the reader of this message
is not the intended recipient or the employee or agent responsible to
deliver it to the intended recipient, you are hereby notified that
dissemination, distribution or copying of this information is
prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange
proir to leaving Applied Computing & Engineering's E-Mail Server
More information about the redhat-list
mailing list