Ryan Robertson wrote:
> Im trying to identify how ssh 4.5 interacts with the audit subsystem
> within AIX 5.3. i get an event when a user logs in, but not when
> they exit via ssh. i can get it to work with telnet, however. It
> would seem to me that if an event is captured from the login, that
> the same would be true for the logout. I've opened a PMR w/IBM, but
> not getting very much help.
There's no code in sshd to specifically support the audit interface on
AIX, so I suspect that the records you see are generated by the
"loginsuccess" call which sshd makes.
The API docs[1] make no mention of a corresponding logout function
(although now I see that the audit redbook[2] makes mention of one but I
can't find any information about it).
[1]
http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/genprogc/ls_sec_audit_subrs.htm
[2] http://www.redbooks.ibm.com/redbooks/pdfs/sg246020.pdf
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|