> RHEL 5 > > Have two events having difficulty capturing or reviewing with the > audit sub-system. > > 1. su - "non_existent_account". Using the nispom.rules provided by > audit 1.5.6-1. Using various ausearch parameters, am unable to find a > corresponding failure when attempting to "su" to a non-existent > account. > > 2. Non-privileged user attempting to change the date/time on the > server. Of course the user fails to be able to do so, but am unable to > capture or review the event. > > Not sure if these are audit rule configuration or search unknowns or > audit sub-system limitations. > > Thank you > Art Henning (CSL) > Enterprise IT Solutions > Northrop Grumman Corporation > [EMAIL PROTECTED] >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
