On Friday 12 January 2007 11:09, Kirkwood, David A. wrote: > I'm using RHEL4U4 and do not have autail. Where'd it come from?
http://www.redhat.com/archives/linux-audit/2006-October/msg00035.html > Also, the doc I have does not metion the -rwxa option for watches. That was a typo. It should have been -p rwxa. It should be in auditctl man page. > Separate question. With the watches I have enabled, I never am able to > tie a user to an access violation. How do I do that? It should be done automatically. The auid is the field that you would look at. We've configured the pam settings for sshd,login,gdm, cron,vsftpd,remote to include the pam_loginuid.so module. This is needed for it to work. Unless you changed them, it should be setup at installation. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
