Re: Help with setup
On Thu, Mar 16, 2006 at 11:20:42AM -1000, Gene Dellinger wrote:
Hoping this is the right place to get help configuring auditd(laus)
on Red
Hat.
I have 4 high security systems that I need to allow a new employee root
access to. I would like to see everything that is done by root or any other
users/processes, however the only thing I can seem to get it to do is tell
me when my cronjobs, the sa stuff runs and login info.
For LAuS, syscalls aren't audited automatically. The recommended method
is putting pam_laus.so in the pam stack to activate audit when the user
logs in, this also initializes the audit login UID. Please check out the
evaluated configuration guide for more details, and/or use the script
from the certification RPM to set it up automatically.
ftp://partners.redhat.com/EAL3_RHEL3/U2/ (IBM hardware)
ftp://partners.redhat.com/EAL3_RHEL3/HP/ (HP hardware)
-Klaus