auid unset

Kirkwood, David A. DAVID.A.KIRKWOOD at saic.com
Thu Dec 6 18:01:05 UTC 2007


Hi,

 

I need some help with configuration. First, I do not remember how to
tell the version of the auditd I am running. I tried to get it by
pulling strings with no success. The larger problem is I am configuring
a RHEL4U5 system. I have a RHEL4U4 system that runs correctly and
supplies the AUID when specified with aureport. The RHEL4U5 system has
this parameter as "unset" rather than the AUID or uid or anything else
to identify who was attempting to run failed commands. 

If someone can help me with what needs to be set, I would appreciate it.
I compared all of the obvious files, such as all pam files, the
audit.rules, auditd.conf and syslog.conf and they all seem to be the
same.

Both systems run Linux 2.6.9-42.ELsmp.
 

Thanks in advance. 

 

David A. Kirkwood





More information about the Linux-audit mailing list