From: Steve Grubb <sgrubb@redhat.com>
To: "Kirkwood, David A." <DAVID.A.KIRKWOOD@saic.com>
Cc: linux-audit@redhat.com
Subject: Re: Audit config for NISPOM req's
Date: Tue, 16 Jan 2007 11:15:10 -0500 [thread overview]
Message-ID: <200701161115.10977.sgrubb@redhat.com> (raw)
In-Reply-To: <954E3479CC27224785179CA04904214D04A04964@0668-its-exmp01.us.saic.com>
On Tuesday 16 January 2007 10:51, Kirkwood, David A. wrote:
> My pam.d directory shows:
This all looks correct now.
> I added
> xcreensaver session required pam_loginuid.so
> but it had no effect.
I wouldn't. xscreensaver runs as a common user and does not have the
capabilities needed to set the loginuid.
> Is there anything else I missed?
That should do it. The communication chain here is:
login->pam->kernel
kernel->auditd
You should get a kernel event when you do this as root:
echo 500 > /proc/self/loginuid
ausearch -ts today -m LOGIN
time->Tue Jan 16 11:11:43 2007
type=LOGIN msg=audit(1168963903.962:1310): login pid=19065 uid=0 old auid=500
new auid=500
If that's not working, you have a kernel problem. If its working, I'd look at
pam/login.
-Steve
prev parent reply other threads:[~2007-01-16 16:15 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-22 13:38 Audit config for NISPOM req's Curtas, Anthony R.
2006-12-22 14:19 ` Steve Grubb
2006-12-22 15:08 ` Curtas, Anthony R.
2006-12-22 15:33 ` Steve Grubb
2006-12-22 16:22 ` Wieprecht, Karen M.
2006-12-22 16:25 ` Steve Grubb
2007-01-11 19:18 ` Wieprecht, Karen M.
2007-01-11 19:42 ` Steve Grubb
2007-01-12 16:09 ` Kirkwood, David A.
2007-01-12 16:38 ` Steve Grubb
2007-01-12 18:45 ` Kirkwood, David A.
2007-01-12 19:49 ` Steve Grubb
2007-01-16 15:51 ` Kirkwood, David A.
2007-01-16 16:15 ` Steve Grubb [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200701161115.10977.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=DAVID.A.KIRKWOOD@saic.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.