user audits
by LC Bruzenak
Steve,
Would there be any issue with adding a couple new trusted_application
event types? Would any kernel mods be needed to support this?
The reason I ask is because I'd like to process some event types
differently on the back end (the aggregator) and if I could easily
identify those types it would make life easier.
Some trusted_application events are for recording "bad" security issues,
some for "good", etc. and I'd like to easily differentiate those.
I can put something inside the event text but if possible would prefer a
couple different types, like trusted_app1, trusted_app2, etc.
Thx,
LCB
--
LC (Lenny) Bruzenak
lenny(a)magitekltd.com
13 years, 11 months
Lockout record
by Steve M. Zak
Hi,
Does the audit system have a watch that will show account lockouts in real time?
The pam implementation doesn't write to the logs until after the deny= number has been exceeded.
Thanks!
____________________________________________
Steve M. Zak
--
This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com
13 years, 11 months