Syscalls
Marcus Meissner
meissner at suse.de
Wed Feb 28 12:25:27 UTC 2007
On Wed, Feb 28, 2007 at 12:23:45PM -0000, Johnston Mark (UK) wrote:
> We're trying to setup auditing to match a few policy requirements. The
> ones that I'm struggling with are the following:
>
> 1) Using auditd to check for system start/stop. In "man syscalls" it
> shows shutdown, but auditd doesn't like it when I use this for a system
> call. Would also have been nice to track any time someone uses init.
>
> 2) Use aureport to show logins (failed and successful). I've logged into
> our system with failed and successful tries, and it's visible in
> audit.log, but it doesn't show anything under aureport, the count is 0.
Since you seem to be using SLES 10 SP1 Betas, this feature is not in there
at this time.
Ciao, Marcus
More information about the Linux-audit
mailing list