Re: ssh 4.x using aix 5.3 auditing

[Ryan Robertson <r3r2@yahoo.com>]

The only way I was able to get any sort of record of a logout was when adding 
"USER_Exit" to /etc/security/audit/config.  I'm still not convinced that that 
is proper field.  Even if it is, then what does USER_Logout do?  It may be the 
"logout" command, which if called from any remote connection, fails since its 
not "on the login terminal."   Of course I get no response from IBM.
I did notice an entry for rlogind/telnetd in /etc/security/audit/events.  
Perhaps there is some API that be used for ssh?  Is this something that could 
be added?

-Ryan






 
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev