On Thursday 11 January 2007 14:01, Thomas, Daniel J. wrote: > We're trying to figure out where some of the other information is coming > from that is in our audit.log file. It seems to be pam information and > such.
Yes. Pam has been hooked because of the requirement to audit all use of authentication mechanisms. > Where is that configured? Its not configurable, its hardcoded into the pam libraries. In RHEL5 and FC6 you can explicitly exclude those events if you wanted to. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
