There is an AUDIT_LOGIN msg. Is that what you want to use?

Mounir Bsaibes
Linux Security
Tel: (512) 838-1301
Cell: (512) 762-9957
Fax: (512) 838-8858
e-mail: bsaibes@us.ibm.com

serue@us.ltcfwd.linux.ibm.com
Sent by: linux-audit-bounces@redhat.com

01/07/2005 04:32 PM

Please respond to
Linux Audit Discussion

To	Linux Audit Discussion <linux-audit@redhat.com>
cc
Subject	Re: [RFC][PATCH] loginuid through procfs (+ a question)

Quoting Steve Grubb (sgrubb@redhat.com): > On Friday 07 January 2005 16:58, Serge Hallyn wrote: > > A related question: ??On receipt of a AUDIT_USER message, we log the pid > > and uid, but not the loginuid. ?? > > You mean in af_netlink.c? That info comes from the netlink credentials. No, I meant in audit.c:audit_receive_msg(). For instance, upon execution of passwd, the loginuid should be associated with the AUDIT_USER msg emitted, right? -serge -- Linux-audit mailing list Linux-audit@redhat.com http://www.redhat.com/mailman/listinfo/linux-audit