Re: missing user authentication events.
On Thursday 25 March 2010 02:36:26 pm Robert Harris wrote:
On 03/25/2010 12:09 PM, Steve Grubb wrote:
> Maybe a Debian maintainer could answer how they do things...but in the
> mean time, the login events come from user space. On RHEL/Fedora, we
> have enabled auditing in the pam build.
Would it be possible for me to check for it being enabled?
Something like:
strings /lib64/libpam.so.0 | grep audit_open
it looks as though it is not. is it very hard to add the fix?
It might just need rebuilding with the audit library & its headers present.
Pam should automatically pick it up. To check this do ./configure --help and
see if there is a --disable-audit. If there is a diable-audit, its patched and
just needs rebuilding. If not, you need a newer pam.
-Steve