From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kevin Boyce <kevin.boyce@ngc.com>
Subject: Authentication Events
Date: Wed, 14 Jan 2009 13:11:02 -0500
Message-ID: <1231956662.3599.42.camel@pc070168.northgrum.com>
Reply-To: kevin.boyce@ngc.com
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1367845219=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n0EIBB0b018672
	for <linux-audit@redhat.com>; Wed, 14 Jan 2009 13:11:11 -0500
Received: from xmrt0101.northgrum.com (xmrt0101.northgrum.com [208.20.220.55])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n0EIB6NJ004062
	for <linux-audit@redhat.com>; Wed, 14 Jan 2009 13:11:06 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============1367845219==
Content-Type: multipart/alternative; boundary="=-1CrqAqZJob5vsfc9BelW"


--=-1CrqAqZJob5vsfc9BelW
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Does anyone know if the auditd on RHEL4 is capable of capturing
logon/logoff and failed authentication events?  This seems to work
flawlessly without any additional changes on a RHEL5 system.
Would this just be a configuration change in the PAM stack to allow
auditd to get these events, rather than using syslog?

Any ideas would be helpful.

Thanks,
Kevin

--=-1CrqAqZJob5vsfc9BelW
Content-Type: text/html; charset="utf-8"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.24.1.1">
</HEAD>
<BODY>
Does anyone know if the auditd on RHEL4 is capable of capturing logon/logoff and failed authentication events?&nbsp; This seems to work flawlessly without any additional changes on a RHEL5 system.<BR>
Would this just be a configuration change in the PAM stack to allow auditd to get these events, rather than using syslog?<BR>
<BR>
Any ideas would be helpful.<BR>
<BR>
Thanks,<BR>
Kevin
</BODY>
</HTML>

--=-1CrqAqZJob5vsfc9BelW--


--===============1367845219==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============1367845219==--