[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RHEL 4 configuration (final info)



Hi,

Got things working on RHEL 64 bit (my target platform). Figured I'd post my final results.

I was able to get login/logout auditing to work on RHEL 4 by updating the following packages from the original distribution.

  kernel-smp-2.6.9-55.EL.x86_64 (or non-smp)
  kernel-smp-devel-2.6.9-55.EL.x86_64 (or non-smp)
  glibc-kernheaders-2.4_9.1.100.EL.x86_64
  audit-libs-1.0.15-3.EL4.x86_64
  audit-1.0.15-3.EL4.x86_64
  gdm-2.6.0.5-7.rhel4.15.x86_64.rpm
  glibc-kernheaders-2.4-9.1.100.EL.x86_64.rpm
  openssh-3.9p1-8.RHEL4.17.1.x86_64.rpm
  openssh-askpass-3.9p1-8.RHEL4.17.1.x86_64.rpm
  openssh-askpass-gnome-3.9p1-8.RHEL4.17.1.x86_64.rpm
  openssh-clients-3.9p1-8.RHEL4.17.1.x86_64.rpm
  openssh-server-3.9p1-8.RHEL4.17.1.x86_64.rpm
  pam-0.77-66.21.x86_64.rpm

This give me enough info that I can generate failed and successful logins for gdm/ssh/su and also generate logout information. Turns out that the version of ssh available for RHEL4 doesn't generate a USER_END event, but does generate a CRED_DISP event which is good enough for my GUI to generate viewable logs.

One note of interest, in earlier posts, it was recommended to set audit=1 in /etc/grub.conf. I found that if I did so it suppressed login/logout information.


Bob Evans
JHU/APL



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]