There is an AUDIT_LOGIN msg. Is that what you want to use?
Mounir Bsaibes
Linux Security
Tel: (512) 838-1301
Cell: (512) 762-9957
Fax: (512) 838-8858
e-mail: bsaibes(a)us.ibm.com
serue(a)us.ltcfwd.linux.ibm.com
Sent by: linux-audit-bounces(a)redhat.com
01/07/2005 04:32 PM
Please respond to
Linux Audit Discussion
To
Linux Audit Discussion <linux-audit(a)redhat.com>
cc
Subject
Re: [RFC][PATCH] loginuid through procfs (+ a question)
Quoting Steve Grubb (sgrubb(a)redhat.com):
On Friday 07 January 2005 16:58, Serge Hallyn wrote:
> A related question: ??On receipt of a AUDIT_USER message, we log the
pid
> and uid, but not the loginuid. ??
You mean in af_netlink.c? That info comes from the netlink credentials.
No, I meant in audit.c:audit_receive_msg(). For instance, upon execution
of passwd, the loginuid should be associated with the AUDIT_USER msg
emitted, right?
-serge
--
Linux-audit mailing list
Linux-audit(a)redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit