From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: [RFC] NISPOM audit rules - first draft Date: Fri, 13 Apr 2007 17:54:27 -0400 Message-ID: <200704131754.27644.sgrubb@redhat.com> References: <200703011333.10466.sgrubb@redhat.com> <200704131431.39959.sgrubb@redhat.com> <007201c77e15$02ad8e10$0c01a8c0@Whatcott2> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <007201c77e15$02ad8e10$0c01a8c0@Whatcott2> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Friday 13 April 2007 17:45, Brian K. Whatcott wrote: > Below you say the nispom.rules has been updated several times. =A0Where= is > the latest version located? You can download the latest source code, open the archive and copy=20 nispom.rules to wherever you needed it. http://people.redhat.com/sgrubb/audit/audit-1.5.2.tar.gz The configuration takes advantage of some newer features. So, it may or m= ay=20 not work with the exact version of audit/kernel that you have. > In the nispom.rules version in your post in the archive, the comments s= aid > several NISPOM audit requirements were met by other programs (1(b) by > patches to login, gdm, and openssh; 1(d) by patches to libpam; 1(e) & 1= (f) > by patches to pam_tally). =A0Can these patches be downloaded from somew= here? These patches have been sent upstream and hopefully your versions of thos= e=20 apps are new enough to have the patches and audit is enabled for them. I = did=20 not collect them up into one place, but rather tried to get them where th= ey=20 ultimately needed to go so everyone benefits from the work. The one excep= tion=20 might be util-linux which seems to be a dead project that each distro=20 maintains themselves. > Do the patches work with SuSE 10.1 or 10.2? =A0 I don't know. -Steve