RE: Login/Logouts (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE I am running the standard auditd delivered with rhel4. What is the latest set of rpm's that I should have to see the login functionality? I am on a non-internet-connected network that I can not use up2date for packages. Jason Mackanick, CISSP DISA FSO Supports & Standards Section Technical Support Team -----Original Message----- From: Steve Grubb [mailto:sgrubb@redhat.com] Sent: Wednesday, February 28, 2007 5:54 PM To: linux-audit(a)redhat.com Cc: Paul Whitney; Valdis.Kletnieks(a)vt.edu; Mackanick, Jason W CTR DISA GIG-OP Subject: Re: Login/Logouts (UNCLASSIFIED) On Wednesday 28 February 2007 17:48, Paul Whitney wrote: This would not audit anything for 3 reasons. "possible" tells it to collect the information in case its needed later. The -F options form an "and" condition. Both cannot be true at the same time. And "-w" is watches while "-a" is syscall auditing...you cannot mix the two. You might try: -w /bin/login -p x But that would get you the fact that the file was executed but probably not the results of execution. (It probably should). We've patched the source code to entry points to send specific messages saying the intent of the pam session. -Steve Classification: UNCLASSIFIED Caveats: NONE