From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=FE6f=MC=redhat.com=linux-audit-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B28BEC07E95
	for <linux-audit@archiver.kernel.org>; Sat, 10 Jul 2021 14:27:41 +0000 (UTC)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 597F3611C1
	for <linux-audit@archiver.kernel.org>; Sat, 10 Jul 2021 14:27:41 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 597F3611C1
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1625927260;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=/w/lmAm94rSIyoxZlUg7Ibc7JjqnwwNJTgb+DnI5G9o=;
	b=F0LK5NrEGHQ6XJ1OPuZQ/XHitjY+PUPGga3U3eaUw/VYq5+gheWUmp4vW1thvUfBEPEpoc
	l6Olb+NV+5UHneOrCfBgS8kkcLzDWcHD/u7SKRbeHFhrvwmOF9Rwu7g8a3neRUkDoHHAe1
	JPiEjEDmwdgP395eI5eTDZXXLC3iIAg=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-35-foc80ElLMjiHRJi94TxQEg-1; Sat, 10 Jul 2021 10:27:38 -0400
X-MC-Unique: foc80ElLMjiHRJi94TxQEg-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C43DB5074C;
	Sat, 10 Jul 2021 14:27:34 +0000 (UTC)
Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 671AF5D9CA;
	Sat, 10 Jul 2021 14:27:33 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9C8104A712;
	Sat, 10 Jul 2021 14:27:18 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 16AERGjp011709 for <linux-audit@listman.util.phx.redhat.com>;
	Sat, 10 Jul 2021 10:27:16 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 6F84B60916; Sat, 10 Jul 2021 14:27:16 +0000 (UTC)
Received: from x2.localnet (ovpn-112-190.rdu2.redhat.com [10.10.112.190])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 184C860862;
	Sat, 10 Jul 2021 14:27:12 +0000 (UTC)
From: Steve Grubb <sgrubb@redhat.com>
To: "linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: Re: auditd not logging proper log.
Date: Sat, 10 Jul 2021 10:27:09 -0400
Message-ID: <4673895.31r3eYUQgx@x2>
Organization: Red Hat
In-Reply-To: <94614270.1103019.1625898535256@mail.yahoo.com>
References: <94614270.1103019.1625898535256.ref@mail.yahoo.com>
	<94614270.1103019.1625898535256@mail.yahoo.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: linux-audit@redhat.com
X-BeenThere: linux-audit@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Linux Audit Discussion <linux-audit.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Saturday, July 10, 2021 2:28:55 AM EDT Rakesh Kumar wrote:
> 1)I am trying to run the auditd (start/stop)  without root user as normal
> user , how to achieve this on linux.?

For security reasons, this is not allowed.

> 2)i am using kernel version 4.19.97 and i am not getting any login/logout,
> authentication fail/pass log data in audit.log file. DOes it need any
> changes in the config or rules..

This is hardwired into pam. The rules don't matter. I'd check that pam was 
compiled with audit support and that audit is enabled in the kernel.

-Steve


--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit