From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kevin Boyce Subject: Re: auditing for RHEL ES4 Date: Fri, 16 Nov 2007 11:12:53 -0500 Message-ID: <1195229573.9661.12.camel@pc070168.northgrum.com> References: <4558.10.1.5.75.1195228480.squirrel@aa.usno.navy.mil> <1195229470.9661.10.camel@pc070168.northgrum.com> Reply-To: kevin.boyce@ngc.com Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0773846319==" Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lAGGDEoD016447 for ; Fri, 16 Nov 2007 11:13:14 -0500 Received: from xmrm0101.northgrum.com (xmrm0101.northgrum.com [155.104.240.104]) by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id lAGGD5V8025848 for ; Fri, 16 Nov 2007 11:13:05 -0500 In-Reply-To: <1195229470.9661.10.camel@pc070168.northgrum.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Bill Tangren Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com --===============0773846319== Content-Type: multipart/alternative; boundary="=-k+TsIfrczrwEaM1YKu4p" --=-k+TsIfrczrwEaM1YKu4p Content-Type: text/plain Content-Transfer-Encoding: 7bit Oops, don't forget to recompile, and then the "rpm -Uhv" On Fri, 2007-11-16 at 11:11 -0500, Kevin Boyce wrote: > I would download the source rpms, make your changes, change the > version, and use the "rpm -Uhv" to upgrade existing packages. > > Kevin Boyce > Northrop Grumman Corp. > > > On Fri, 2007-11-16 at 10:54 -0500, Bill Tangren wrote: > > > I'm running RHEL ES 4 servers, and am having difficulty with aureport. I'm > > using audit version 1.0.15-3, the one that comes with the OS. The problem > > is that I need daily reports, and it is not doing it. The reports always > > cover the entire range of available logs (sometimes gigabytes of data). > > The reports can take a LONG time to compile, and it doesn't give me the > > daily snapshot I need. I'm thinking of installing the latest tarball and > > compiling, as I understand more recent versions of aureport have > > implemented time limits. [I've emailed this list before about this.] > > > > My question now is, is it possible to uninstall the prepackaged audit and > > audit-lib, and install the latest from source, without seriously hosing my > > system? > > > > TIA, > > > > > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit --=-k+TsIfrczrwEaM1YKu4p Content-Type: text/html; charset=utf-8 Oops, don't forget to recompile, and then the "rpm -Uhv"

On Fri, 2007-11-16 at 11:11 -0500, Kevin Boyce wrote:
I would download the source rpms, make your changes, change the version, and use the "rpm -Uhv" to upgrade existing packages.

Kevin Boyce
Northrop Grumman Corp.


On Fri, 2007-11-16 at 10:54 -0500, Bill Tangren wrote: 
I'm running RHEL ES 4 servers, and am having difficulty with aureport. I'm
using audit version 1.0.15-3, the one that comes with the OS. The problem
is that I need daily reports, and it is not doing it. The reports always
cover the entire range of available logs (sometimes gigabytes of data).
The reports can take a LONG time to compile, and it doesn't give me the
daily snapshot I need. I'm thinking of installing the latest tarball and
compiling, as I understand more recent versions of aureport have
implemented time limits. [I've emailed this list before about this.]

My question now is, is it possible to uninstall the prepackaged audit and
audit-lib, and install the latest from source, without seriously hosing my
system?

TIA,



--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
--=-k+TsIfrczrwEaM1YKu4p-- --===============0773846319== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============0773846319==--