Re: Which userspace packages modified for audit
On Monday 26 February 2007 08:21, Marcus Meissner wrote:
> Yes. NISPOM is concerned about tracking login/logout. How do
you
> distinguish an actual login/logout vs the start of a session with the pam
> records? su and cron, for example, do not do an actual login yet they
> create those records.
We could really handle this together with the loginuid tracking, right?
No, cron sets the loginuid because the action performed by the scripts is on a
certain user's behalf.
Everything is the way it is for a reason.
-Steve