ssh 4.x using aix 5.3 auditing

[Ryan Robertson <r3r2@yahoo.com>]

Im trying to identify how ssh 4.5 interacts with the audit subsystem within AIX 
5.3.  i get an event when a user logs in, but not when they exit via ssh.  i 
can get it to work with telnet, however.  It would seem to me that if an event 
is captured from the login, that the same would be true for the logout.  I've 
opened a PMR w/IBM, but not getting very much help. 


below is an example of my /etc/security/audit/config file:

start:
        binmode = off
        streammode = on

bin:
        trail = /audit/trail
        bin1 = /audit/bin1
        bin2 = /audit/bin2
        binsize = 10240
        cmds = /etc/security/audit/bincmds
        freespace = 65536

stream:
        cmds = /etc/security/audit/streamcmds

classes:
                default = login
        init = USER_Login, USER_Logout, USER_Exit, USER_Logout

users:
              root = init,default
===========================

below is the output from /audit/stream.out


#:/etc/security/audit # tail -f /audit/stream.out
event           login    status      time                     command
--------------- -------- ----------- ------------------------ 
-------------------------------
USER_Login      root     OK          Wed Dec 06 13:39:17 2006 sshd









 
____________________________________________________________________________________
Need a quick answer? Get one in minutes from people who know.
Ask your question on www.Answers.yahoo.com
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev