RHEL 4: WS 64bit - LAUS is not loaded by default can not find RPM
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
RHEL 4: WS 64bit - LAUS is not loaded by default can not find RPM
Can anyone tell me where I can find the RPM that installs LAUS? I've search all the CDs looking for apparent names and even read CD 1 and CD 2 but nothing jumps out and tells me where I can find the LAUS application bundled in a RPM.
I found auditd and auditctl in by /sbin, do these files encompass LAuS and all I need to do is launch the executeables, I was told by someone that auditd is LAuS hmm.
On RHEL 4 WS disk 2 performed a rpm -qlvp *audit to see what this rpm (audit-0.5-1.x86_64.rpm) included, all it said was auditd and auditctl will be placed in your /sbin.
These files are already loaced in /sbin. I'm lost at this point. I dont have a audit.conf file or audit-libs files. I know I'm making this harder than what it probably is but urg!
auditd is running with a processes when I type chkconfig auditd while in the /sbin directory, when I logout thought I think the PID is killed.
Help, simply trying to use the auditd utility and veiw the logs with the LINUX GUI interface.
I was told I would have a etc/audit.rules file, no such files nor a var/log/audit/audit.log file. I have no audit-libs files or audit.conf file. Any ideas; is this a partial install of the auditd capability?
The site above does not imply I have to do much and it should work the second I invokde auditd however, many of the assumed files and directories were not on my linux RHEL 4 WS 64 bit 2.6.9-5.Elsmp system.
This part of the thread should really be in a thread of its own in the Linux Security forum since it appears you're past installing your software...
Quote:
Originally Posted by mccartjd
These files are already loaced in /sbin.
Then 'rpm -qf /sbin/auditd' should show the name and version of the package.
Quote:
Originally Posted by mccartjd
I dont have a audit.conf file or audit-libs files.
What does 'rpm -ql audit' say?
Quote:
Originally Posted by mccartjd
I was told I would have a etc/audit.rules file, no such files nor a var/log/audit/audit.log file. I have no audit-libs files or audit.conf file. Any ideas; is this a partial install of the auditd capability?
To be correct it's /etc/audit/audit.rules. No /var/log/audit/ dir? audit-libs is for apps to log auditing info. Running 'rpm -q --whatrequires audit-libs' shows audit, shadow-utils, passwd, pam, util-linux, openssh and nscd.
Quote:
Originally Posted by mccartjd
The site above does not imply I have to do much and it should work the second I invokde auditd however, many of the assumed files and directories were not on my linux RHEL 4 WS 64 bit 2.6.9-5.Elsmp system.
No, you shouldn't have to do much. But from reading your threads I don't know yet if it's actually GNU/Linux itself you're struggling with or a bad or partial OS/audit installation. Answer some questions and we'll see. Please be exact in your answers please.
* BTW, what dictates or requires you to use Auditd? Just being curious.
Then 'rpm -qf /sbin/auditd' should show the name and version of the package.
Answer: audit-0.5-1
What does 'rpm -ql audit' say?
Answer: sbin/auditctl
sbin/auditd
To be correct it's /etc/audit/audit.rules. No /var/log/audit/ dir? audit-libs is for apps to log auditing info. Running 'rpm -q --whatrequires audit-libs' shows audit, shadow-utils, passwd, pam, util-linux, openssh and nscd.
Typed command rpm -q --whatrequires audit-libs
Answer: no package requires audit-libs "If I leave the ' after libs I get a blank line
that starts with a >"
Determine if business or other requirements allow you add CentOS packages to your RHEL installation. Else take the most recent CentOS-4 audit.* source packages (IIRC it should be up to U8 now?) and rebuild for your machine.
In your opion which would be quicker on my standalone LINUX?
(1) Load SNARE
(2) add CentOS packages to your RHEL installation.
(4) CentOS-4 audit.* source packages (IIRC it should be up to U8 now?) and rebuild for your machine.
FYI. Really new with LINUX and never performed a rebuild.
Can not seem to add auditd to services to remain active after I root logs out "chkconfig --add auditd" or "chkconfig --add /sbin/auditd" results in "error reading information on service auditd: no such file or directory. If I type "chkconfig auditd" I get no errors and if I type "auditd" I get a PID #. If auditd is not running after root logs out SNARE will probaly not work (your thoughts)?
Even after consolidation you have three threads rolling about the same subject. Keeping things together is not only more efficient for you but also keeps your fellow LQ members from posting duplicate replies. I suggest you continue discussing SNARE, Auditd and rules here http://www.linuxquestions.org/questi...snare.-642459/.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.