Audit Log not capturing access to security related files

Wednesday, 25 November 2009

Hello,

I am required (by NISPOM) to audit access to security related files.   
I am essentially using the nispom audit.rules provided by rhel5 to  
accomplish this.

However, some of my systems are capturing access to /etc/shadow and  
some of my systems are not (when looking in /var/log/audit/audit.log.

Worried that I might have differing audit.rules files between the  
systems I have even copied the audit.rules file from systems that were  
auditing right to systems that were not.  But this has not resolved  
the auditing problem.

HELP!

Thank you!

Starr

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Audit Log not capturing access to security related files