10 Jun
2004
10 Jun
'04
7:34 p.m.
On Thu, 2004-06-10 at 08:17, Levine, Daniel J. wrote:
Perhaps my problem is simpler to solve than this. All I really need is the user ID of the person who logged in to the system. This identifies whose account was used to perpetrate the illegal access. Could the user ID number and user name be added to the log messages when violations occur
That is something which is best handled by the audit framework. Boot with audit=1. The audit framework already includes support for setting a login uid; someone just needs to patch login and friends to use it.
--
Stephen Smalley sds@epoch.ncsc.mil
National Security Agency