* Latest Audit on RHEL 5.2
@ 2008-11-12 16:16 Dan Gruhn
2008-11-17 17:37 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Dan Gruhn @ 2008-11-12 16:16 UTC (permalink / raw)
To: linux-audit
Greetings,
I have some systems with RHEL 5.2 (a server and three workstations) that I'd like to put the latest audit software on to put me on the path of getting NISPOM approval. My plan is to get to the point that I will have prelude running with information display via Prewikka.
1) I have read the HowTo at http://people.redhat.com/sgrubb/audit/prelude.txt but it seems rather old as it talks about audit 1.6.6 to 1.6.7 upgrading and updates to come after things have been checked out. Does anyone have any updates to this procedure that will be helpful?
2) The pre-reqs for audit-1.7.9-1.src.rpm says it needs glibc-kernheaders >= 3.0-14. I must not understand what this is asking for. Is this some kind of abbreviation? Where can I find this?
Any thoughts anyone has that might help me on my path will be greatly appreciated. There doesn't seem to be any way to search the archives of this mailing list. Is that correct or have I missed something?
Dan Gruhn
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Latest Audit on RHEL 5.2
2008-11-12 16:16 Latest Audit on RHEL 5.2 Dan Gruhn
@ 2008-11-17 17:37 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2008-11-17 17:37 UTC (permalink / raw)
To: linux-audit, Dan Gruhn
On Wednesday 12 November 2008 11:16:26 Dan Gruhn wrote:
> 1) I have read the HowTo at
> http://people.redhat.com/sgrubb/audit/prelude.txt but it seems rather old
> as it talks about audit 1.6.6 to 1.6.7 upgrading
This is a particular warning for anyone that ever installed and used the audit
1.6.6 prelude plugin because the name of the sensor being registered was
changed at the prelude developer's request. If you never installed that
version, then that note doesn't apply to you. I updated the text to hopefully
make that more plain.
I also added a new Deployment Tips section to explain a little about
maintaining & tuning the setup.
> and updates to come after things have been checked out. Does anyone have
> any updates to this procedure that will be helpful?
The update I need to make to the text was that we assigned a new UID/GID pair
to prelude out of the pool of UIDs reserved for daemons. I think the Fedora
10 prelude packages create that user if it doesn't exist. But since Fedora 10
is not shipping yet, I haven't spent the time testing out the new UID/GID
pair. I just wanted to get it reserved since that is a much longer process
requiring coordination with other groups inside Red Hat.
> 2) The pre-reqs for audit-1.7.9-1.src.rpm says it needs glibc-kernheaders
> >= 3.0-14. I must not understand what this is asking for. Is this some kind
> of abbreviation? Where can I find this?
This is the kernel headers shipped with the 2.6 kernel. RHEL5 is OK. RHEL4 is
not.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-11-17 17:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-12 16:16 Latest Audit on RHEL 5.2 Dan Gruhn
2008-11-17 17:37 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox