Re: audit 2.0.4 auid problem
On Thursday, June 03, 2010 09:55:35 am Jean-Francois Vincent wrote:
1 ) Is there any bug with auid always set to 4294967295 ?
You need pam_loginuid added to crond, gdm, login, kdm, sshd, vsftpd, or any
pamified entry point daemon. (but not sudo or su.)
2) I've also searched for logging commands specifics to a TTY
but it seems
auditd cannot filter on one specific TTY. I've looking for auditctl -F
options but I don't see any TTY filtering option. Is it possible ?
Look for pam_tty_audit man page.
-Steve