From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Bill Tangren" Subject: Re: auditing for RHEL ES4 Date: Fri, 16 Nov 2007 11:15:30 -0500 (EST) Message-ID: <4609.10.1.5.75.1195229730.squirrel@aa.usno.navy.mil> References: <4558.10.1.5.75.1195228480.squirrel@aa.usno.navy.mil> <1195229470.9661.10.camel@pc070168.northgrum.com> <1195229573.9661.12.camel@pc070168.northgrum.com> Mime-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lAGGFbm1017740 for ; Fri, 16 Nov 2007 11:15:37 -0500 Received: from aa.usno.navy.mil (beatrix.usno.navy.mil [198.116.61.254]) by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id lAGGFZwM027912 for ; Fri, 16 Nov 2007 11:15:36 -0500 In-Reply-To: <1195229573.9661.12.camel@pc070168.northgrum.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On DATE, the author spaketh: Kevin Boyce > Oops, don't forget to recompile, and then the "rpm -Uhv" > > On Fri, 2007-11-16 at 11:11 -0500, Kevin Boyce wrote: > >> I would download the source rpms, make your changes, change the >> version, and use the "rpm -Uhv" to upgrade existing packages. >> >> Kevin Boyce >> Northrop Grumman Corp. Which sources? The source for the code I'm using now, or the latest tarball? And which changes? And where do I get the latest tarball? I did some googling, but didn't find anything that was obviously what I should use. >> >> >> On Fri, 2007-11-16 at 10:54 -0500, Bill Tangren wrote: >> >> > I'm running RHEL ES 4 servers, and am having difficulty with aurepor= t. >> I'm >> > using audit version 1.0.15-3, the one that comes with the OS. The >> problem >> > is that I need daily reports, and it is not doing it. The reports >> always >> > cover the entire range of available logs (sometimes gigabytes of >> data). >> > The reports can take a LONG time to compile, and it doesn't give me >> the >> > daily snapshot I need. I'm thinking of installing the latest tarball >> and >> > compiling, as I understand more recent versions of aureport have >> > implemented time limits. [I've emailed this list before about this.] >> > >> > My question now is, is it possible to uninstall the prepackaged audi= t >> and >> > audit-lib, and install the latest from source, without seriously >> hosing my >> > system? >> > >> > TIA, >> > >> > >> >> -- >> Linux-audit mailing list >> Linux-audit@redhat.com >> https://www.redhat.com/mailman/listinfo/linux-audit > --=20 Bill Tangren U.S. Naval Observatory