OpenSSH on AIX / Support Requests / #3 AUD_CONFIG

#3 AUD_CONFIG_WR

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2005-07-26

Created: 2005-07-26

Creator: Vadim Korsak

Private: No

I use AIX 5.3, and with default audit (general class is
assigned) got strange messges when login through ssh:

event login status time
command
--------------- -------- -----------
------------------------ -------------------------------
S_PASSWD_READ root OK Tue Jul 26
08:55:52 2005 sshd
audit object read event detected
/etc/security/passwd
S_PASSWD_READ root OK Tue Jul 26
08:55:52 2005 sshd
audit object read event detected
/etc/security/passwd
AUD_CONFIG_WR user1 FAIL Tue Jul 26 08:55:52
2005 sshd
audit object write event detected
/etc/security/audit/config
FS_Mkdir user1 OK Tue Jul 26 08:55:52
2005 sshd
mode: 700 dir: /tmp/ssh-VNrJ266462
FS_Chdir user1 OK Tue Jul 26 08:55:53
2005 sshd
change current directory to: /home/user1

IS THAT OK?

AUD_CONFIG_WR

Group

Searches

Help

#3 AUD_CONFIG_WR

Discussion