-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 So does that mean this call audit would not work:
- -a exit,possible -w /bin/login -F success=0 -F success!=0 What would be an entry to trap users successfully logging in? Paul Whitney [EMAIL PROTECTED] On 2/28/07 4:18 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > * PGP Signed by an unverified key: 02/28/07 at 16:18:26 > On Wed, 28 Feb 2007 15:31:41 EST, "Mackanick, Jason W CTR DISA GIG-OP" > said: > >> Newbie to the list. I am in position of writing technical >> implimentation guidance for DISA and I am looking for a method to audit >> logins/logouts. I have not been able to come up with a syscall that >> would cover this. Any help would be appreciated. > > That's because "login" isn't a single syscall, and a lot of things happen > during a login - many files get read, programs get run, and so on. > That's why things like gdm, getty, and ssh are modified to cut a > non-syscall > audit record when a user logs in. > * Valdis Kletnieks <[EMAIL PROTECTED]> > * 0xB4D3D7B0 - Unverified (L) > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBReYGxbdVg+viRqgEAQhLOQgAg5/QLzVIl1raeQdZ7l9nv++wma+fVre9 eo4WifDvQIA07rttrpXkJhYGbDYHKOoWZQzgMfYW77pNJjBgmyopFUmqGMlLoNym 0rF9tT6rdexpgEheqm0yNjL6S2B2iGU3rg+fY3KiLOEy42b0bpfWbExTE21PEB7l 1MS/pZSnbmNSEe0Jg4vH+8iNdMKBdIfr8qWCr4pSFoWr9eOcI0vaCHUWEdmbtynu wpWlFwCEJ46Mm/YdPC8FRCHzOuLGHjp6GyoFVcc6tHWZ982KSR0l9a9+Q5EBE8vD nZcfpKB0Xmcp3mtoN/V4ZryCHpuGYgwUzVimcHcqRI9stqecfkjMMw== =js9E -----END PGP SIGNATURE----- -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
