From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kevin Boyce Subject: Re: auditing for RHEL ES4 Date: Fri, 16 Nov 2007 11:11:10 -0500 Message-ID: <1195229470.9661.10.camel@pc070168.northgrum.com> References: <4558.10.1.5.75.1195228480.squirrel@aa.usno.navy.mil> Reply-To: kevin.boyce@ngc.com Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1817106690==" Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lAGGBWFa015642 for ; Fri, 16 Nov 2007 11:11:33 -0500 Received: from xmrm0101.northgrum.com (xmrm0101.northgrum.com [155.104.240.104]) by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id lAGGBLmj024247 for ; Fri, 16 Nov 2007 11:11:21 -0500 In-Reply-To: <4558.10.1.5.75.1195228480.squirrel@aa.usno.navy.mil> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Bill Tangren Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com --===============1817106690== Content-Type: multipart/alternative; boundary="=-iwAt2w9X5tv/+AKmR+uL" --=-iwAt2w9X5tv/+AKmR+uL Content-Type: text/plain Content-Transfer-Encoding: 7bit I would download the source rpms, make your changes, change the version, and use the "rpm -Uhv" to upgrade existing packages. Kevin Boyce Northrop Grumman Corp. On Fri, 2007-11-16 at 10:54 -0500, Bill Tangren wrote: > I'm running RHEL ES 4 servers, and am having difficulty with aureport. I'm > using audit version 1.0.15-3, the one that comes with the OS. The problem > is that I need daily reports, and it is not doing it. The reports always > cover the entire range of available logs (sometimes gigabytes of data). > The reports can take a LONG time to compile, and it doesn't give me the > daily snapshot I need. I'm thinking of installing the latest tarball and > compiling, as I understand more recent versions of aureport have > implemented time limits. [I've emailed this list before about this.] > > My question now is, is it possible to uninstall the prepackaged audit and > audit-lib, and install the latest from source, without seriously hosing my > system? > > TIA, > > --=-iwAt2w9X5tv/+AKmR+uL Content-Type: text/html; charset=utf-8 I would download the source rpms, make your changes, change the version, and use the "rpm -Uhv" to upgrade existing packages.

Kevin Boyce
Northrop Grumman Corp.

On Fri, 2007-11-16 at 10:54 -0500, Bill Tangren wrote:

I'm running RHEL ES 4 servers, and am having difficulty with aureport. I'm
using audit version 1.0.15-3, the one that comes with the OS. The problem
is that I need daily reports, and it is not doing it. The reports always
cover the entire range of available logs (sometimes gigabytes of data).
The reports can take a LONG time to compile, and it doesn't give me the
daily snapshot I need. I'm thinking of installing the latest tarball and
compiling, as I understand more recent versions of aureport have
implemented time limits. [I've emailed this list before about this.]

My question now is, is it possible to uninstall the prepackaged audit and
audit-lib, and install the latest from source, without seriously hosing my
system?

TIA,

--=-iwAt2w9X5tv/+AKmR+uL-- --===============1817106690== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============1817106690==--