auid unset

klausk at br.ibm.com klausk at br.ibm.com
Thu Dec 6 19:07:02 UTC 2007


> 
> I need some help with configuration. First, I do not remember how to
> tell the version of the auditd I am running. I tried to get it by
> pulling strings with no success. 

To identify the audit version you're running, you could use the package 
version+release or possibly something like
$ audearch -m DAEMON_START
Look for the last message and for the 'ver=' field.
 
> If someone can help me with what needs to be set, I would appreciate it.
> I compared all of the obvious files, such as all pam files, the
> audit.rules, auditd.conf and syslog.conf and they all seem to be the
> same.

Make sure you have 'session     required        pam_loginuid.so' entries 
in your pam configuration (/etc/pam.d/{atd,crond,login,remote,sshd})

restart system after that...

Klaus

-- 
Klaus Heinrich Kiwi/Brazil/IBM <klausk at br.ibm.com>
Software Engineer
IBM STG, Linux Technology Center
Phone:(+55-19) 2132-1909 [T/L 839-1909]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20071206/caf8eb44/attachment.htm>


More information about the Linux-audit mailing list