Define AUDIT_SESSIONID in the uapi and add support for specifying user
filters based on the session ID.
https://github.com/linux-audit/audit-kernel/issues/4
RFE: add a session ID filter to the kernel's user filter
Signed-off-by: Richard Guy Briggs
---
Like loginuid (auid), should this have a sep
Add support for the session ID user filter by adding the field name
"sessionid" using the kernel defined macro value AUDIT_SESSIONID.
https://github.com/linux-audit/audit-kernel/issues/4
RFE: add a session ID filter to the kernel's user filter
Signed-off-by: Richard Guy Briggs
---
trunk/lib/fie
This is really great!! 🙌
Thanks
Farhan
On Tuesday, May 10, 2016, Paul Moore wrote:
> I'd like to announce that the Linux Audit project is now on GitHub:
>
> -> https://github.com/linux-audit
>
> We've already migrated much of the information on Steve Grubb's Red Hat
> people
> page, and the re
On Tue, May 10, 2016 at 5:02 PM, Kangkook Jee wrote:
> Dear Paul,
>
> As you requested, I installed ubuntu 14.04 system for both 32bit and 64bit
> systems and update their kernel version to the latest and I still see the
> problem occurring.
Hello,
Thank you for reporting this problem and your
I'd like to announce that the Linux Audit project is now on GitHub:
-> https://github.com/linux-audit
We've already migrated much of the information on Steve Grubb's Red Hat people
page, and the remaining items will be migrated soon. The move to GitHub
allows us to consolidate audit developme
Dear Paul,
As you requested, I installed ubuntu 14.04 system for both 32bit and 64bit
systems and update their kernel version to the latest and I still see the
problem occurring.
Here’s how I reproduced the problem. Currently, kernel version for those
systems are
white-lab0@ubuntu-32bit:~/
OK, thank you.
I will do/try that and see if it makes a difference and then report-back to
close out this thread.
Thanks Steve,
Warron French, MBA, SCSA
-Original Message-
From: Steve Grubb [mailto:sgr...@redhat.com]
Sent: Tuesday, May 10, 2016 11:45 AM
To: Warron S French
Cc: linux-
On Tuesday, May 10, 2016 03:25:36 PM Warron S French wrote:
> > The lab works as expected, but my production environment does not. %-/
>
> I would start by checking that events are coming out of the remote systems.
> You can use tcpdump port 60 on the clients. After confirming that, do the
> sam
Replies are inline.
Warron French, MBA, SCSA
-Original Message-
From: Steve Grubb [mailto:sgr...@redhat.com]
Sent: Tuesday, May 10, 2016 10:31 AM
To: Warron S French
Cc: linux-audit@redhat.com; b...@swtf.dyndns.org
Subject: Re: audit-tools and SUDO
On Tuesday, May 10, 2016 01:44:50 P
On Tuesday, May 10, 2016 01:44:50 PM Warron S French wrote:
> > > I have two problems though; and they seem somewhat minor:
> > >
> > > 1. The audit events being captured don’t seem to be tied to any
> > > given node (so that I can perform ausearch --node hostName, or
> > > aureport), that’s
On Tuesday, May 10, 2016 01:46:59 PM varun gulati wrote:
> Thanks for the response. We are not using web services to provide/serve this
> file.
You have to be. :-) If someone on another system uses wget to access a file on
the system you care about, something is serving the file on port 80. Maybe
Replies are in-line with responses.
Warron French, MBA, SCSA
-Original Message-
From: Steve Grubb [mailto:sgr...@redhat.com]
Sent: Tuesday, May 10, 2016 9:25 AM
To: linux-audit@redhat.com; b...@swtf.dyndns.org
Cc: Warron S French
Subject: Re: audit-tools and SUDO
On Tuesday, May 10, 2
 Hi Team,
Thanks for the response. We are not using web services to provide/serve this
file. Its simply kept at a particular folder which people download using wget.
Here is the wget command users are using to download the file from the
different hosts:
wget --no-cache http://servername/app/name/
On Tuesday, May 10, 2016 10:52:21 PM Burn Alting wrote:
> On Tue, 2016-05-10 at 12:31 +, Warron S French wrote:
> > Good morning everyone,
> >
> >
> >
> > I am working on an environment where I have managed to get centralized
> > audit logging to work – roughly 95% properly on six (6) CentOS
Hello Burn, thanks for your inputs.
Oddly enough in my lab, where this is working as expected, the name_format =
NONE; and that is on my test server (server1), and also in both test clients
(client1 and client2).
However, in my production environment, I would have to double check the setting
/
On Tue, 2016-05-10 at 10:39 +, varun gulati wrote:
>
>
> Hi Steve,
>
>
> Thanks for your suggestions. We incorporated the below rule for
> auditctl which you suggested, but unfortunately it didn't helped. We
> are able to log the wget from the same server but unfortunately it is
> still not
On Tue, 2016-05-10 at 12:31 +, Warron S French wrote:
> Good morning everyone,
>
>
>
> I am working on an environment where I have managed to get centralized
> audit logging to work – roughly 95% properly on six (6) CentOS-6.7
> workstations and a single (1) CentOS-6.7 server.
>
>
>
> I
Good morning everyone,
I am working on an environment where I have managed to get centralized audit
logging to work - roughly 95% properly on six (6) CentOS-6.7 workstations and a
single (1) CentOS-6.7 server.
I have two problems though; and they seem somewhat minor:
1. The audit events
Steve Grubb wrote (09 May 2016 19:33:16 GMT) :
> On Monday, May 09, 2016 09:07:11 PM intrigeri wrote:
>> in Debian, the convention for many log files is to make them readable
>> by members of the adm group. We're considering doing the same for the
>> auditd logs, in order to make apparmor-notify wo
Hi Steve,
Thanks for your suggestions. We incorporated the below rule for auditctl which
you suggested, but unfortunately it didn't helped. We are able to log the wget
from the same server but unfortunately it is still not logging from a different
host:
-a always,exit -F path=/a/b/c/xyz.log -F p
20 matches
Mail list logo