Hello,
I am required (by NISPOM) to audit access to security related files.
I am essentially using the nispom audit.rules provided by rhel5 to
accomplish this.
However, some of my systems are capturing access to /etc/shadow and
some of my systems are not (when looking in /var/log/audit/audit.log.
Worried that I might have differing audit.rules files between the
systems I have even copied the audit.rules file from systems that were
auditing right to systems that were not. But this has not resolved
the auditing problem.
HELP!
Thank you!
Starr
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
