Does anyone know if the auditd on RHEL4 is capable of capturing logon/logoff and failed authentication events? This seems to work flawlessly without any additional changes on a RHEL5 system. Would this just be a configuration change in the PAM stack to allow auditd to get these events, rather than using syslog?
Any ideas would be helpful. Thanks, Kevin
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
