On Thursday 25 March 2010 02:36:26 pm Robert Harris wrote: > On 03/25/2010 12:09 PM, Steve Grubb wrote: > > Maybe a Debian maintainer could answer how they do things...but in the > > mean time, the login events come from user space. On RHEL/Fedora, we > > have enabled auditing in the pam build. > > Would it be possible for me to check for it being enabled?
Something like: strings /lib64/libpam.so.0 | grep audit_open > it looks as though it is not. is it very hard to add the fix? It might just need rebuilding with the audit library & its headers present. Pam should automatically pick it up. To check this do ./configure --help and see if there is a --disable-audit. If there is a diable-audit, its patched and just needs rebuilding. If not, you need a newer pam. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
