On 2021-10-21 01:39, [email protected] wrote: > On 21/10/2021 00:38, Richard Guy Briggs wrote: > > On 2021-10-20 22:55, Li Zhijian wrote: > >> Hi guys
> Hi RGB Hi Zhijian, > >> I'm new to audit, then i observed that there is no LOGOUT event record > >> in audit.log on my ubuntu 18.04 and debian 8 OSes, while the centos7.4 > >> and fedora33 have it. > >> > >> I google it but get no answer, so am I missing something about the > >> audit rules or special audit configuration ? > >> > >> Below are part of records of audit in my several OSes. > >> > >> debian 8 > > This debian is 3 major releases behind which may explain. > My fault, i missed that i have upgraded it to debian 9.4 month ago 11 Bullseye was released two months ago and debian releases are much longer than other distros and tends to hold new stuff back in testing and development branches. Ubuntu is up to release 21. Even fedora is up to f35. > lizhijian@lkp-bingo:~/lkp/lkp-tests$ lsb_release -a > No LSB modules are available. > Distributor ID: Debian > Description: Debian GNU/Linux 9.4 (stretch) > Release: 9.4 > Codename: stretch > lizhijian@lkp-bingo:~/lkp/lkp-tests$ uname -a > Linux lkp-bingo 4.9.0-16-amd64 #1 SMP Debian 4.9.272-2 (2021-07-19) x86_64 > GNU/Linux > lizhijian@lkp-bingo:~/lkp/lkp-tests$ aureport --version > aureport version 2.6.7 > > BTW: I first notice this behavior in my rootfs from buildroot for an embedded > device , which is not consistent with my expectation. > > Thanks > Zhijian > > >> lizhijian@lkp-bingo:~$ sudo aureport -e -i --summary | grep -i USER > >> [sudo] password for lizhijian: > >> 6 USER_START > >> 6 USER_END > >> 4 USER_ACCT > >> 4 USER_CMD > >> 2 USER_AUTH > >> 2 USER_LOGIN > >> > >> ubuntu 18.04 > >> lizj@FNSTPC:~$ sudo aureport -e -i --summary | grep USER > >> 43241 USER_END > >> 16946 USER_START > >> 16718 USER_ACCT > >> 658 USER_AUTH > >> 543 USER_CMD > >> 255 USER_LOGIN > >> 9 USER_ROLE_CHANGE > >> 5 USER_ERR > >> 2 USER_CHAUTHTOK > >> 1 ADD_USER > >> > >> fedora 33 > >> [root@iaas-rpma linux]# aureport -e -i --summary | grep USER > >> 7356 CRYPTO_KEY_USER > >> 2103 USER_START > >> 1649 USER_END > >> 1268 USER_ACCT > >> 1108 USER_ROLE_CHANGE > >> 1029 USER_AUTH > >> 895 USER_LOGIN > >> 789 USER_LOGOUT > >> 60 USER_CMD > >> 14 USER_ERR > >> 3 USER_MGMT > >> 3 USER_CHAUTHTOK > >> 1 ADD_USER > >> > > - RGB - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
