* audit_log_user_message question
@ 2008-05-27 17:56 LC Bruzenak
2008-05-27 17:59 ` LC Bruzenak
2008-05-27 18:01 ` Steve Grubb
0 siblings, 2 replies; 4+ messages in thread
From: LC Bruzenak @ 2008-05-27 17:56 UTC (permalink / raw)
To: Linux Audit
In looking at the user application audit I'm wondering why there is a
"hostname" field there?
I understand the obvious answer but would think I'd trust the auditd or
audispd more than an application for the hostname answer, and those
would be consistent.
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny@magitekltd.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: audit_log_user_message question
2008-05-27 17:56 audit_log_user_message question LC Bruzenak
@ 2008-05-27 17:59 ` LC Bruzenak
2008-05-27 18:01 ` Steve Grubb
1 sibling, 0 replies; 4+ messages in thread
From: LC Bruzenak @ 2008-05-27 17:59 UTC (permalink / raw)
To: Linux Audit
On Tue, 2008-05-27 at 12:56 -0500, LC Bruzenak wrote:
> In looking at the user application audit I'm wondering why there is a
> "hostname" field there?
audit_log_user_message(int audit_fd, int type, const char *message,
const char *hostname, const char *addr, const char *tty, int result)
I meant the above audit call.
LCB.
--
LC (Lenny) Bruzenak
lenny@magitekltd.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: audit_log_user_message question
2008-05-27 17:56 audit_log_user_message question LC Bruzenak
2008-05-27 17:59 ` LC Bruzenak
@ 2008-05-27 18:01 ` Steve Grubb
2008-05-27 18:06 ` LC Bruzenak
1 sibling, 1 reply; 4+ messages in thread
From: Steve Grubb @ 2008-05-27 18:01 UTC (permalink / raw)
To: linux-audit
On Tuesday 27 May 2008 13:56:03 LC Bruzenak wrote:
> In looking at the user application audit I'm wondering why there is a
> "hostname" field there?
So that apps like sshd can say where the user is coming from.
> I understand the obvious answer but would think I'd trust the auditd or
> audispd more than an application for the hostname answer, and those
> would be consistent.
That's a different hostname. :)
The hostname field as used in audit_log_user_message would be a remote machine
name and not the local address. Many apps do not need this field and should
pass NULL if unused.
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: audit_log_user_message question
2008-05-27 18:01 ` Steve Grubb
@ 2008-05-27 18:06 ` LC Bruzenak
0 siblings, 0 replies; 4+ messages in thread
From: LC Bruzenak @ 2008-05-27 18:06 UTC (permalink / raw)
To: Steve Grubb; +Cc: linux-audit
On Tue, 2008-05-27 at 14:01 -0400, Steve Grubb wrote:
> On Tuesday 27 May 2008 13:56:03 LC Bruzenak wrote:
> > In looking at the user application audit I'm wondering why there is a
> > "hostname" field there?
>
> So that apps like sshd can say where the user is coming from.
>
>
> > I understand the obvious answer but would think I'd trust the auditd or
> > audispd more than an application for the hostname answer, and those
> > would be consistent.
>
> That's a different hostname. :)
Right!
Sorry; I promise I'll get it one of these days.
>
> The hostname field as used in audit_log_user_message would be a remote machine
> name and not the local address. Many apps do not need this field and should
> pass NULL if unused.
>
> -Steve
Thanks again,
LCB.
--
LC (Lenny) Bruzenak
lenny@magitekltd.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-05-27 18:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-05-27 17:56 audit_log_user_message question LC Bruzenak
2008-05-27 17:59 ` LC Bruzenak
2008-05-27 18:01 ` Steve Grubb
2008-05-27 18:06 ` LC Bruzenak
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox