Since this is the one list I can think of that probably has a lot of
administrator participants I wanted to through this question out.
If I want to log attempts to change the system time on a system (linux
in particular) where would be a good place to find logging/auditing
capabilities? Using audit software included with solaris and irix
I can accomplish these tasks easily, but linux does not seem so
nice. I am currently using syslog-ng under linux, and with all
messages/levels being logged I can't seem to get a message about failed
attempts to change system time. Most standard things like failed
logins/su show up, but a permission denied when trying "rm
/usr/bin/passwd" does not. Feel free to contact me offline if you
wish to prevent traffic to this list. I guess I'm basically
trying to figure out what auditing capabilities I have, and if I need
more, where (if) I can get them. Thanks for any input.
-doug
- syslog config (a bit off topic) Doug Henry
- Re: syslog config (a bit off topic) Michael van Elst