[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit 1.0.7 released



On Thursday 20 October 2005 10:42, Rob Myers wrote:
> is the login summary support supposed to be functional yet? 

Yes...but...what I did was instrument login and gdm with a new message type 
that sends the login information. These are already in rawhide. These patches 
will be carried over to RHEL4 for U3. I will also be patching sshd. A new 
message type was used because its hard to tell that the intent of a session 
open is because of a login.

This is what it looks like:

Login Summary Report
=======================================
# auid host term exe success date event
=======================================
1. 0 ? tty1 /bin/login yes 10/20/05 64
2. 0 ? tty1 /bin/login yes 10/20/05 63
3. 4325 localhost :0 /usr/sbin/gdm-binary yes 10/20/05 75


> i don't really like the newline that ctime adds on the event reports.
> this patch seems to take care of it, but perhaps there is a better way.

This line has already changed since last night. Its:

        tv = localtime(&l->e.sec);
        strftime(date, sizeof(date), "%x %X", tv);
        printf("%u. %lu %s %s %s\n", line_item,
                  l->e.serial,
                  audit_msg_type_to_name(l->head->type),
                  aulookup_uid(l->s.loginuid, name, sizeof(name)), date);

So, that should produce lines like this:

Event Summary Report
===========================
# event type auid date time
===========================
1. 97 USER_AUTH 4325 10/20/05 10:54:28
2. 98 USER_ACCT 4325 10/20/05 10:54:28
3. 99 USER_START 4325 10/20/05 10:54:28
4. 100 CRED_ACQ 4325 10/20/05 10:54:28
5. 101 AVC -1 10/20/05 10:54:59


Thanks for the feedback.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]