On Wednesday 25 November 2009 11:57:10 am Starr-Renee Corbin wrote: > I am required (by NISPOM) to audit access to security related files. > I am essentially using the nispom audit.rules provided by rhel5 to > accomplish this. > > However, some of my systems are capturing access to /etc/shadow and > some of my systems are not (when looking in /var/log/audit/audit.log.
I guess the questions are: what kernels? what audit packages? Are both the same arch? How are you testing that one is not being recorded when it should? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
