I need some help with configuration. First, I do not remember how to tell the version of the auditd I am running. I tried to get it
By pulling strings with no success. The larger problem is I am configuring a RHEL4U5 system. I have a RHEL4U4 system that runs
Correctly and supplies the AUID when specified with aureport. The RHEL4U5 system has this parameter as “unset” rather than the
AUID or uid or anything else to identify who was attempting to run failed commands.
If someone can help me with what needs to be set, I would appreciate it. I compared all of the obvious files, such as all pam files,
the audit.rules, auditd.conf and syslog.conf and they all seem to be the same.
Thanks in advance..