Displaying 1 result from an estimated 1 matches for "auditpipe0".
Did you mean:
auditpipe
2011 Jun 29
1
More questions about audit
...' | \
xargs grep -E "\<(audit|au_)"
shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And
even sshd(8) raise question: it doesn't call setaudit(2)!
Even more, such command doesn't show anything about user login via
ssh:
auditreduce -m AUE_login /dev/auditpipe0 | praudit
Yes, I have "lo" class enabled for all users, and, yes,
auditreduce -r USER /dev/auditpipe0 | praudit
shows activity after login...
What do I do wrong?
P.S. Maybe, here is more adequate list for BSM Audit questions?
--
// Black Lion AKA Lev Serebryakov <lev@FreeBS...