On Friday, May 3, 2019 3:31:39 PM EDT Joshua Ammons wrote:
> Hello, I just wanted to see if anyone has had much success with configuring
> redhat systems to reduce and/or eliminate the occurrence of auid = unset
> in the audit events?
auid = unset is a natural thing. Typically it indicat
Hello, I just wanted to see if anyone has had much success with configuring
redhat systems to reduce and/or eliminate the occurrence of auid = unset in the
audit events? I found the following redhat article that provides a fix by
updating a grub setting for auditd but this doesn't seem to
On Tuesday, June 03, 2014 01:28:40 PM Briane Lin wrote:
> We are unable to properly monitor an event with AUID=unset, does anyone
> know why we are currently seeing these and what is the resolution?
If you have an unset auid and its supposed to be meaningful, then the way that
peop
We are receiving LINUX RHEL versions 5 and 6 in our environment with
type=SYSCALL and auid=unset event types.
We are unable to properly monitor an event with AUID=unset, does anyone
know why we are currently seeing these and what is the resolution?
Thanks!
Briane Lin
IBM Global Technology
Thanks Steve. That worked. What I don't understand is that it is not in
the system that already worked.
Thanks again,
David A. Kirkwood
>On Thursday 06 December 2007 02:42:30 pm Kirkwood, David A. wrote:
>> The ausearch -m DAEMON_START returns version 1.0.14 for auditd on
both
>> systems. I grep
On Thursday 06 December 2007 02:42:30 pm Kirkwood, David A. wrote:
> The ausearch -m DAEMON_START returns version 1.0.14 for auditd on both
> systems. I grepped for loginuid.so in the pam.d directory and it appears in
> all of the same pam entries on both systems. No luck yet, however I
> appreciat
Additionally, this appears to only happen when using the command
aureport -I -w --failed
The other au commands I use seem to work correctly.
David A. Kirkwood
>Hi,
>I need some help with configuration. First, I do not remember how to
>tell the version of the auditd I am running. I tried to
Thanks Klaus,
The ausearch -m DAEMON_START returns version 1.0.14 for auditd on both systems.
I grepped for loginuid.so in the pam.d directory and it appears in all of the
same pam entries on both systems.
No luck yet, however I appreciate your help.
David A. Kirkwood
>>
>> I need some help
> $ audearch -m DAEMON_START
read that as $ausearch -m DAEMON_START
The best option would still be just 'rpm -q audit' and check the output
--
Klaus Heinrich Kiwi/Brazil/IBM <[EMAIL PROTECTED]>
Software Engineer
IBM STG, Linux Technology Center
Phone:(+55-19) 2132-1909 [T/L 839-1909]
--
Linux-
>
> I need some help with configuration. First, I do not remember how to
> tell the version of the auditd I am running. I tried to get it by
> pulling strings with no success.
To identify the audit version you're running, you could use the package
version+release or possibly something like
$ au
Hi,
I need some help with configuration. First, I do not remember how to
tell the version of the auditd I am running. I tried to get it by
pulling strings with no success. The larger problem is I am configuring
a RHEL4U5 system. I have a RHEL4U4 system that runs correctly and
supplies the AUID
11 matches
Mail list logo