Re: Syscalls
On Wed, Feb 28, 2007 at 12:23:45PM -0000, Johnston Mark (UK) wrote:
We're trying to setup auditing to match a few policy
requirements. The
ones that I'm struggling with are the following:
1) Using auditd to check for system start/stop. In "man syscalls" it
shows shutdown, but auditd doesn't like it when I use this for a system
call. Would also have been nice to track any time someone uses init.
2) Use aureport to show logins (failed and successful). I've logged into
our system with failed and successful tries, and it's visible in
audit.log, but it doesn't show anything under aureport, the count is 0.
Since you seem to be using SLES 10 SP1 Betas, this feature is not in there
at this time.
Ciao, Marcus