James, thanks! I thought that was it, but I have to brief on recommended
audit.rules changes and hate telling someone something when I'm not sure.
Leam
On Tue, Oct 29, 2013 at 3:43 PM, CHAPLIN, JAMES (CTR) <
JAMES.CHAPLIN(a)cbp.dhs.gov> wrote:
His auid will be 1814 and does not change as long as he is log into
that
account, he can su to any ID, but the auid remains the same.****
** **
James Chaplin, ITIL® v3 Foundation
Systems Programmer, MVS, zVM & zLinux
Base Technologies, a CA Technologies Company
Supporting the zSeries Platform Team
****Data** **Center**** Operations Branch
Enterprise Data Center Operations Group
****Enterprise**** Data Management & Engineering Division
Office of Information and Technology
Department of Homeland Security/U.S. Customs & Border Protection
(703) 921-6220
James.Chaplin(a)cbp.dhs.gov****
[image: image005]****
** **
*From:* linux-audit-bounces(a)redhat.com [mailto:
linux-audit-bounces(a)redhat.com] *On Behalf Of *leam hall
*Sent:* Tuesday, October 29, 2013 3:40 PM
*To:* linux-audit(a)redhat.com
*Subject:* auid?****
** **
Hey all,
I'm trying to find a definition of "auid", besides "audit UID".
If user
Joe with UID 1814 logs in and sudo to application account "british" which
has a UID of 1776, is the auid of Joe's action 1814 or 1776? If someone
does an "su -" to root, is their auid 0?****
Thanks!****
Leam
****
-- ****
Mind on a Mission <
http://leamhall.blogspot.com/>****
--
Mind on a Mission <
http://leamhall.blogspot.com/>