Re: Audit config for NISPOM req's
On Friday 12 January 2007 11:09, Kirkwood, David A. wrote:
I'm using RHEL4U4 and do not have autail. Where'd it come
from?
http://www.redhat.com/archives/linux-audit/2006-October/msg00035.html
Also, the doc I have does not metion the -rwxa option for watches.
That was a typo. It should have been -p rwxa. It should be in auditctl man
page.
Separate question. With the watches I have enabled, I never am able
to
tie a user to an access violation. How do I do that?
It should be done automatically. The auid is the field that you would look at.
We've configured the pam settings for sshd,login,gdm, cron,vsftpd,remote to
include the pam_loginuid.so module. This is needed for it to work. Unless you
changed them, it should be setup at installation.
-Steve