auid unset
Kirkwood, David A.
DAVID.A.KIRKWOOD at saic.com
Thu Dec 6 19:42:30 UTC 2007
Thanks Klaus,
The ausearch -m DAEMON_START returns version 1.0.14 for auditd on both systems. I grepped for loginuid.so in the pam.d directory and it appears in all of the same pam entries on both systems.
No luck yet, however I appreciate your help.
David A. Kirkwood
>>
>> I need some help with configuration. First, I do not remember how to
>> tell the version of the auditd I am running. I tried to get it by
>> pulling strings with no success.
>
>To identify the audit version you're running, you could use the package version+release or possibly >something like
>$ audearch -m DAEMON_START
>Look for the last message and for the 'ver=' field.
>
>> If someone can help me with what needs to be set, I would appreciate it.
>> I compared all of the obvious files, such as all pam files, the
>> audit.rules, auditd.conf and syslog.conf and they all seem to be the
>> same.
>
>Make sure you have 'session required pam_loginuid.so' entries in your pam configuration >(/etc/pam.d/{atd,crond,login,remote,sshd})
>
>restart system after that...
>Klaus
>--
>Klaus Heinrich Kiwi/Brazil/IBM <klausk at br.ibm.com>
>Software Engineer
>IBM STG, Linux Technology Center
>Phone:(+55-19) 2132-1909 [T/L 839-1909]
More information about the Linux-audit
mailing list