Re: PDF-File-Verify-Sender:Re: [Fed-Talk] How to configure auditing for use in a Closed Area
Re: PDF-File-Verify-Sender:Re: [Fed-Talk] How to configure auditing for use in a Closed Area
- Subject: Re: PDF-File-Verify-Sender:Re: [Fed-Talk] How to configure auditing for use in a Closed Area
- From: Stacey Son <email@hidden>
- Date: Mon, 1 Nov 2010 17:04:32 -0500
On Oct 28, 2010, at 3:16 PM, Todd Heberlein wrote:
>> This is on the 10.5 systems. I haven't attempted this on the 10.6 systems
>> yet.
>
> The last I checked (about a year ago) 10.5's audit was broken. Most things launched from launchd (like the Terminal app) were not audited. If you come in over ssh (as opposed to logged in at the console) it might get picked up.
Logins and login attempts via ssh should be in the audit trail on Mac OS X 10.5 given that sshd generates the (user level) audit events directly. As Todd points out, however, 10.5 misses a lot of the other events. I would recommend that you upgrade to 10.6 if you can.
Regards,
-stacey.
----
Stacey Son
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden