[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

auid unset



Hi,

 

I need some help with configuration. First, I do not remember how to
tell the version of the auditd I am running. I tried to get it by
pulling strings with no success. The larger problem is I am configuring
a RHEL4U5 system. I have a RHEL4U4 system that runs correctly and
supplies the AUID when specified with aureport. The RHEL4U5 system has
this parameter as "unset" rather than the AUID or uid or anything else
to identify who was attempting to run failed commands. 

If someone can help me with what needs to be set, I would appreciate it.
I compared all of the obvious files, such as all pam files, the
audit.rules, auditd.conf and syslog.conf and they all seem to be the
same.

Both systems run Linux 2.6.9-42.ELsmp.
 

Thanks in advance. 

 

David A. Kirkwood



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]