From mboxrd@z Thu Jan  1 00:00:00 1970
From: Robert Harris <rharris@activedg.com>
Subject: missing user authentication events.
Date: Thu, 25 Mar 2010 11:17:14 -0400
Message-ID: <4BAB7E7A.1070606@activedg.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4649534155699546540=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com
	[10.5.110.10])
	by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id o2PFHS69023356
	for <linux-audit@redhat.com>; Thu, 25 Mar 2010 11:17:28 -0400
Received: from mail1.activedatatech.net (mail1.activedatatech.net
	[216.154.205.166])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o2PFHFWv024343
	for <linux-audit@redhat.com>; Thu, 25 Mar 2010 11:17:16 -0400
Received: from localhost (localhost [127.0.0.1])
	by mail1.activedatatech.net (Postfix) with ESMTP id 6BDFE16E2B2
	for <linux-audit@redhat.com>; Thu, 25 Mar 2010 11:17:15 -0400 (EDT)
Received: from mail1.activedatatech.net ([192.168.3.224])
	by localhost (mail1.activedatatech.net [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id 13037-09 for <linux-audit@redhat.com>;
	Thu, 25 Mar 2010 11:17:14 -0400 (EDT)
Received: from [192.168.2.133] (dfb.livedatagroup.com [64.139.144.2])
	by mail1.activedatatech.net (Postfix) with ESMTP id 9081D16DD67
	for <linux-audit@redhat.com>; Thu, 25 Mar 2010 11:17:14 -0400 (EDT)
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

--===============4649534155699546540==
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
I have been creating an auditing procedure. I am working with 2
different OS's opensuse 11.x (everything is working fine.) and debian
5.0.4 (I am having problems with this.)<br>
<br>
My setup for auditd is the same in both places. However on the debian
system I get no audit events for user authentication for things like
ssh and su. I do properly receive file/directory and syscall events. I
am at a complete loss it almost seems like auditd doesnt even see the
login at all. I looked at the kernel config but all audit related
things seem to be enabled.<br>
<br>
Any ideas?<br>
<br>
<div class="moz-signature">-- <br>
<title>Foreclosure.com Email Signature</title>
<div>
<table cellpadding="0" cellspacing="0" width="75%" border="0">
  <tbody>
    <tr>
      <td>
      <p
 style="font-family: Arial,Helvetica,sans-serif; color: black; font-size: 12px; line-height: 17px;">
      <br>
      </p>
      <p
 style="font-family: Arial,Helvetica,sans-serif; color: black; font-size: 11px; line-height: 17px; letter-spacing: 0.5px;"
 align="left"> Robert Harris<br>
Desktop Support Technician<br>
      </p>
      <hr color="#7fb439" width="200px" size="1" align="left">
      <p
 style="margin: 3px 0pt 5px; font-family: Arial,Helvetica,sans-serif; color: black; font-size: 11px; line-height: 17px; letter-spacing: 0.5px;"
 align="left"> <a href="http://www.foreclosure.com/"
 style="margin: 8px 0pt 0pt; text-decoration: none; font-weight: normal; font-size: 12px; color: rgb(0, 0, 0);">
Foreclosure.com </a> <br>
2201 NW Corporate Blvd., Suite 200<br>
Boca Raton, Florida 33431<br>
      </p>
      <p
 style="font-family: Arial,Helvetica,sans-serif; color: black; font-size: 11px; line-height: 17px; letter-spacing: 0.5px;"
 align="left"> 561.988.9669 x393 Office<br>
561.981.5339 Fax<br>
      </p>
      <hr color="#7fb439" width="200px" size="1" align="left"> </td>
    </tr>
  </tbody>
</table>
</div>
</div>
</body>
</html>


--===============4649534155699546540==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============4649534155699546540==--