On Monday 26 February 2007 08:21, Marcus Meissner wrote: > > Yes. NISPOM is concerned about tracking login/logout. How do you > > distinguish an actual login/logout vs the start of a session with the pam > > records? su and cron, for example, do not do an actual login yet they > > create those records. > > We could really handle this together with the loginuid tracking, right?
No, cron sets the loginuid because the action performed by the scripts is on a certain user's behalf. Everything is the way it is for a reason. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
