Is there way to FTP the needed LSPP files rather than downloading each one individually? Thanks,
Art Henning (CSL) Enterprise IT Solutions Northrop Grumman Corp. [EMAIL PROTECTED] -----Original Message----- From: Steve Grubb [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 21, 2007 1:17 PM To: Henning, Arthur C. (CSL) Cc: [email protected] Subject: Re: Auditing failed kill events On Tuesday 21 August 2007 13:50:24 Henning, Arthur C. (CSL) wrote: > > Audit 1.5.6-1.i386 > > That's on RHEL? > Art >> RHEL 5 audit-1.5.5-7 is scheduled for RHEL5. :) > You should have a OBJ_PID record, too. > Art >> Don't find it. I use ausearch -sv no > [filename]. Open the file > and find no OBJ_PID. Perhaps my rule isn't configured to allow this to > be captured. You need a newer kernel. This was fixed in our LSPP work and will be in 5.1. You can find the LSPP kernels here: ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5 But there have probably been some security releases since LSPP was final, so you'd want to switch to the 5.1 kernel as soon as its out. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
