setting up auditd

setting up auditd

[geckiv]

Well I have a few problems and I can't find any good references on the 
net on how to do this.  I have a RH Rel 4 system and it does not seem to 
be setup to run auditd (ok rpm reveals audit-0.5-1. but config file and 
device files non existent).  And once i have that running I want to be 
able to have my own application write to the auditd .  I understand 
audit-libs is required for that but have been unable to find it nor a 
procedure on how ot use it.  I found some tid bits but they seem Rel 3 
related.

Help!!!

Thanks,

Frank

setting up auditd

[geckiv]

Well I have a few problems and I can't find any good references on the 
net on how to do this.  I have a RH Rel 4 system and it does not seem to 
be setup to run auditd (ok rpm reveals audit-0.5-1. but config file and 
device files non existent).  And once i have that running I want to be 
able to have my own application write to the auditd .  I understand 
audit-libs is required for that but have been unable to find it nor a 
procedure on how ot use it.  I found some tid bits but they seem Rel 3 
related.

Help!!!

Thanks,

Frank

Re: setting up auditd

[Steve Grubb]

On Tuesday 06 March 2007 15:51, geckiv wrote:
> I have a RH Rel 4 system and it does not seem to be setup to run auditd (ok
> rpm reveals audit-0.5-1. but config file and  device files non
> existent).

audit-0.5-1 is known not to work at all. You should upgrade to the latest in 
RHEL4, which is 1.0.14. You will need to install the audit-libs-devel package 
and you should have man pages for the API.

-Steve

Re: setting up auditd

[Stephen John Smoogen]

On 3/6/07, geckiv <geckiv@optonline.net> wrote:
> Well I have a few problems and I can't find any good references on the
> net on how to do this.  I have a RH Rel 4 system and it does not seem to
> be setup to run auditd (ok rpm reveals audit-0.5-1. but config file and
> device files non existent).  And once i have that running I want to be
> able to have my own application write to the auditd .  I understand
> audit-libs is required for that but have been unable to find it nor a
> procedure on how ot use it.  I found some tid bits but they seem Rel 3
> related.
>

If you have audit-0.5 on the system.. it is probably not updated in a
long time. Getting the system updated via RHN is your first step.
After that.. getting it configured with audit is a later concern.



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: setting up auditd

[geckiv]

[-- Attachment #1.1: Type: text/plain, Size: 528 bytes --]

I guess the only way to get that is to have a RH subscription?

Steve Grubb wrote:

>On Tuesday 06 March 2007 15:51, geckiv wrote:
>  
>
>>I have a RH Rel 4 system and it does not seem to be setup to run auditd (ok
>>rpm reveals audit-0.5-1. but config file and  device files non
>>existent).
>>    
>>
>
>audit-0.5-1 is known not to work at all. You should upgrade to the latest in 
>RHEL4, which is 1.0.14. You will need to install the audit-libs-devel package 
>and you should have man pages for the API.
>
>-Steve
>
>
>  
>

[-- Attachment #1.2: Type: text/html, Size: 948 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: setting up auditd

[Steve Grubb]

On Wednesday 07 March 2007 10:47, geckiv wrote:
> I guess the only way to get that is to have a RH subscription?

I don't know about the availability of RHEL4 packages without having a 
subscription. There is CentOS but I can make no warantees about what's in it. 
You will also need the latest kernel and bunch of other updates for pam, 
login, ssh, and/or gdm. There are more packages that are trusted apps but 
that's the core.

-Steve