[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Did something break in RHEL5 with auid?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

In RHEL5.2 auditing worked fine for me auid was set to the user's uid
and id was set to whatever it happened to be at the time.

In RHEL5.4 auid got set to the 'anon' value.

In RHEL5.5 auid gets set to '0' but uid is logged in original su entries.

Any idea what happened?

This makes it very difficult to capture su events where the user used to
be something other than 0 without capturing a ton of other garbage as
well (unless someone has an elegant solution for that).

Thanks,

Trevor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvKNYYACgkQSPJXuI7ODyuW/QCfbKUc8+e07JMSPSZ7N+JfwXYQ
jLoAoMTI4tCxz/MY6ZMbFxv3XoMYJzTE
=ojvM
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]