From: Marcus Meissner <meissner@suse.de>
To: "Johnston Mark (UK)" <Mark.Johnston@o2.com>
Cc: linux-audit@redhat.com
Subject: Re: Syscalls
Date: Wed, 28 Feb 2007 13:25:27 +0100 [thread overview]
Message-ID: <20070228122527.GB8488@suse.de> (raw)
In-Reply-To: <A21CF1DCE029FB4F83D44EDF747A4BFAB4DEFB@UKSTHMSX006.uk.pri.o2.com>
On Wed, Feb 28, 2007 at 12:23:45PM -0000, Johnston Mark (UK) wrote:
> We're trying to setup auditing to match a few policy requirements. The
> ones that I'm struggling with are the following:
>
> 1) Using auditd to check for system start/stop. In "man syscalls" it
> shows shutdown, but auditd doesn't like it when I use this for a system
> call. Would also have been nice to track any time someone uses init.
>
> 2) Use aureport to show logins (failed and successful). I've logged into
> our system with failed and successful tries, and it's visible in
> audit.log, but it doesn't show anything under aureport, the count is 0.
Since you seem to be using SLES 10 SP1 Betas, this feature is not in there
at this time.
Ciao, Marcus
next prev parent reply other threads:[~2007-02-28 12:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-27 8:25 New to audit. Need help configuring audit to meet NISPOM req's Fields, Randy (Space Technology)
2007-02-28 3:00 ` Steve Grubb
2007-02-28 11:02 ` Johnston Mark (UK)
2007-02-28 11:07 ` Syscalls Johnston Mark (UK)
2007-02-28 11:43 ` Syscalls Steve Grubb
2007-02-28 12:23 ` Syscalls Johnston Mark (UK)
2007-02-28 12:25 ` Marcus Meissner [this message]
2007-02-28 13:28 ` Syscalls Steve Grubb
2007-02-28 14:53 ` Syscalls Valdis.Kletnieks
2007-02-28 15:25 ` Syscalls Steve Grubb
2007-02-28 19:24 ` Syscalls James W. Hoeft
2007-02-28 15:17 ` Syscalls Steve Grubb
2007-03-01 2:41 ` Syscalls Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070228122527.GB8488@suse.de \
--to=meissner@suse.de \
--cc=Mark.Johnston@o2.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox