[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: auid unset




>
> I need some help with configuration. First, I do not remember how to
> tell the version of the auditd I am running. I tried to get it by
> pulling strings with no success.

To identify the audit version you're running, you could use the package version+release or possibly something like
$ audearch -m DAEMON_START
Look for the last message and for the 'ver=' field.
 
> If someone can help me with what needs to be set, I would appreciate it.
> I compared all of the obvious files, such as all pam files, the
> audit.rules, auditd.conf and syslog.conf and they all seem to be the
> same.

Make sure you have 'session        required        pam_loginuid.so' entries in your pam configuration (/etc/pam.d/{atd,crond,login,remote,sshd})

restart system after that...

Klaus

--
Klaus Heinrich Kiwi/Brazil/IBM <klausk br ibm com>
Software Engineer
IBM STG, Linux Technology Center
Phone:(+55-19) 2132-1909 [T/L 839-1909]

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]