From: Tomas Mraz <tmraz@redhat.com>
To: "Wieprecht, Karen M." <Karen.Wieprecht@jhuapl.edu>
Cc: "linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: Re: openssh logout not being audited on fc5
Date: Thu, 06 Nov 2008 00:00:05 +0100 [thread overview]
Message-ID: <1225926005.3447.164.camel@vespa.frost.loc> (raw)
In-Reply-To: <54FBB3490A6F3249BFA660814E9114EB9221410CD4@aplesstripe.dom1.jhuapl.edu>
On Wed, 2008-11-05 at 15:20 -0500, Wieprecht, Karen M. wrote:
> All,
> been google-ing all day, so sorry if this info is common knowledge,
> but I can't seem to find it.
>
> Trying to build FC5 (2.6.20-1.2320-fc5) system to meet a sponsor
> requirement (miserable task that it is), and I have to make this
> system be NISPOM compliant. Unfortunately, ssh logout isn't showing
> up in my audit logs, and although I have an idea why, I can't seem to
> find what I think I need ... The system I am building has the
> following:
>
> OS = FC5
> audit subsystem = 1.3-2
> openssh = 4.3p2-4.12
> kernel = 2.6.20-1.2320-fc5
>
> My RHEL4 systems capture ssh logout just fine , and they are at
> earlier versions of both openssh and the audit subsystem... I found
> a note from a colleague about needing openssh >= 4.3p2-4.13 to fix the
> ssh logout problem for (I think) SuSe 10.1, so I thought I'd try and
> find a later version of open ssh or at least a src.rpm to build a
> newer version for fc5 , but I didn't have much luck. Found a 4.3p2-16
> src.rpm for el5, but of course, that didn't build properly on my fc5
> system .
>
> Anyone know if I'm chasing my tail? maybe something else will fix
> this for FC5 (newer audit pkg? )? Recommendations would be most
> appreciated. If you all think I DO need a newer openssh version,
> anyone know where I can get a src.rpm for fc5 later than 4.3p2-4.12?
You could try to add the relevant patch from the RHEL 5 openssh src.rpm
to the FC5 package. But is it really good idea to use such old package
at all? There are unfixed CVEs and so on. Of course this applies to the
rest of the FC5 distribution as well.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
next prev parent reply other threads:[~2008-11-05 23:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-05 20:20 openssh logout not being audited on fc5 Wieprecht, Karen M.
2008-11-05 20:34 ` Steve Grubb
2008-11-05 23:00 ` Tomas Mraz [this message]
2008-11-05 23:03 ` Justin Mattock
2008-11-05 23:10 ` Tomas Mraz
2008-11-06 0:39 ` Justin P. Mattock
2008-11-06 20:00 ` Wieprecht, Karen M.
2008-11-07 7:46 ` Justin Mattock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1225926005.3447.164.camel@vespa.frost.loc \
--to=tmraz@redhat.com \
--cc=Karen.Wieprecht@jhuapl.edu \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox