[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: FW: Time field not readable

The kernel I am running is 2.6.9-42. I think the kernel may have been
tampered with. Doesn't Snare install require rebuilding the kernel with
traps for the audit to work? Also, I found the complete source tree in
/usr/RedHat and /usr/SRCS (at least there was a lot of code there).

David A. Kirkwood

david a kirkwood saic com
kirkwoodd saic com

Phone: (727) 502-8310
Fax:   (727) 822-7776

-----Original Message-----
From: linux-audit-bounces redhat com
[mailto:linux-audit-bounces redhat com] On Behalf Of Steve Grubb
Sent: Monday, November 03, 2008 4:46 PM
To: linux-audit redhat com
Cc: Kirkwood, David A.
Subject: Re: FW: Time field not readable

On Monday 03 November 2008 14:59:05 Kirkwood, David A. wrote:
> I have removed the packages audit-2.4.1, audit-libs-2.4.1,
> audit-libs-devel-2,4,1

I have no idea what those are. the latest RHEL4 audit package is 1.0.16
RHEL5 is 1.6.5. My development copy is 1.7.9. You have a RHEL4 system
that is 
way out of whack since those are packages that I've never heard of. :)

> and SnareLinux and added via rpm audit-libs-1.0.14-1,
audit-libs-1.0.4-1 and
> audit-1.0.14-1. The time field is still not readable when I used
ausearch or
> aureport utilities. 

Updating the user space utilities means that from now on your logs will
readable. Also, what kernel are you running? Are you running a real


Linux-audit mailing list
Linux-audit redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]