Updated info on my question.
From the original message:
>>>> original question <<<<
I've got auditing running pretty well on Fedora and looks like SuSE as well, but
RHEL 4 is giving me some problems.
I'm working off of RHEL 4 with the following updated packages:
kernel-smp-2.6.9-55.EL.x86_64
kernel-smp-devel-2.6.9-55.EL.x86_64
glibc-kernheaders-2.4_9.1.100.EL.x86_64
audit-libs-1.0.15-3.EL4.x86_64
audit-1.0.15-3.EL4.x86_64
All other packages are at the original RHEL4 distribution level.
>>>> Updated info <<<<<
It turns out I had the audit=1 flag set in /etc/grub.conf. I thought I was
supposed to include that, but if I removed that, I saw the login/logout
events...so my original problem is resolved.
Now I'm back to my old problem of SSH doesn't show logouts. I know that the
version on RHEL 4 is too old to generate the logouts, but I don't see a new
enough version of packages for openssh on redhat.com.
I see newer versions of openssh on openssh.org, but I tried to compile those,
and use the sshd daemon in place of the one on the distro, and still no luck on ssh.
Are there "magic" flags I need to set if I compile openssh myself, or any
special configuration options to have it work with auditd?
Thanks again!
Bob Evans
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
