RHEL 4 configuration (more info)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Robert Evans <bob.evans@jhuapl.edu>
To: linux-audit@redhat.com
Subject: RHEL 4 configuration (more info)
Date: Tue, 12 Jun 2007 15:11:57 -0400	[thread overview]
Message-ID: <466EEFFD.70604@jhuapl.edu> (raw)

Updated info on my question.

 From the original message:

 >>>> original question <<<<

I've got auditing running pretty well on Fedora and looks like SuSE as well, but 
RHEL 4 is giving me some problems.

I'm working off of RHEL 4 with the following updated packages:

   kernel-smp-2.6.9-55.EL.x86_64
   kernel-smp-devel-2.6.9-55.EL.x86_64
   glibc-kernheaders-2.4_9.1.100.EL.x86_64
   audit-libs-1.0.15-3.EL4.x86_64
   audit-1.0.15-3.EL4.x86_64

All other packages are at the original RHEL4 distribution level.

 >>>> Updated info <<<<<

It turns out I had the audit=1 flag set in /etc/grub.conf.  I thought I was 
supposed to include that, but if I removed that, I saw the login/logout 
events...so my original problem is resolved.

Now I'm back to my old problem of SSH doesn't show logouts.  I know that the 
version on RHEL 4 is too old to generate the logouts, but I don't see a new 
enough version of packages for openssh on redhat.com.

I see newer versions of openssh on openssh.org, but I tried to compile those, 
and use the sshd daemon in place of the one on the distro, and still no luck on ssh.

Are there "magic" flags I need to set if I compile openssh myself, or any 
special configuration options to have it work with auditd?

Thanks again!

Bob Evans

                 reply	other threads:[~2007-06-12 19:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=466EEFFD.70604@jhuapl.edu \
    --to=bob.evans@jhuapl.edu \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.