auid uset

Kirkwood, David A. DAVID.A.KIRKWOOD at saic.com
Thu Dec 6 17:04:14 UTC 2007


Hi,

 

I need some help with configuration. First, I do not remember how to
tell the version of the auditd I am running. I tried to get it

By pulling strings with no success. The larger problem is I am
configuring a RHEL4U5 system. I have a RHEL4U4 system that runs

Correctly and supplies the AUID when specified with aureport. The
RHEL4U5 system has this parameter as "unset" rather than the

AUID or uid or anything else to identify who was attempting to run
failed commands. 

 

If someone can help me with what needs to be set, I would appreciate it.
I compared all of the obvious files, such as all pam files, 

the audit.rules, auditd.conf and syslog.conf and they all seem to be the
same.

 

Thanks in advance.. 

 

David A. Kirkwood



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20071206/1db8ba30/attachment.htm>


More information about the Linux-audit mailing list