Good morning everyone,

I am working on an environment where I have managed to get centralized audit 
logging to work - roughly 95% properly on six (6) CentOS-6.7 workstations and a 
single (1) CentOS-6.7 server.

I have two problems though; and they seem somewhat minor:


1.       The audit events being captured don't seem to be tied to any given 
node (so that I can perform ausearch --node hostName, or aureport), that's the 
first issue.

2.       The second issue is that I need to configure sudo to enable my Special 
Security Team with the ability to perform their duties using the aureport and 
the ausearch commands, but I get an error that appears to be based on 
permissions.

I am hoping that you guys can steer me in the correct direction; and I can 
update my documentation to be even a little more thorough.

Scenario2, might be more of a membership issue now that I think about it; so 
please disregard as I think this is some weird 389-ds issue.

I am hoping though that someone can suggest a reason why, when I look directly 
at the content of the /var/log/audit/audit.log I am not see any references to 
node=hostname1, hostname2 .. hostnameN?  Maybe I did misconfigure something, 
but I followed my own instructions to the "T" and they didn't produce this 
issue.



Thank you in advance for your precious time sincerely,

Warron French, MBA, SCSA
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to