Re: Login/Logouts (UNCLASSIFIED)
On Wed, 28 Feb 2007 15:31:41 EST, "Mackanick, Jason W CTR DISA GIG-OP" said:
Newbie to the list. I am in position of writing technical
implimentation guidance for DISA and I am looking for a method to audit
logins/logouts. I have not been able to come up with a syscall that
would cover this. Any help would be appreciated.
That's because "login" isn't a single syscall, and a lot of things
happen
during a login - many files get read, programs get run, and so on. That's
why things like gdm, getty, and ssh are modified to cut a non-syscall
audit record when a user logs in.
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)