Red Hat Bugzilla – Bug 126518
Audit logs login audit records with invalid executable names
Last modified: 2007-11-30 17:07:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2)
Description of problem:
The wrong executable name is logged in kernel LOGIN type audit text
messages. Issue tracker #41624.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2.Generate login traffic
3.Examine audit output, aucat, incorrect executables in audit login
messages are present - often ld.so names
A fix for this problem has just been committed to the RHEL3 U3
patch pool this evening (in kernel version 2.4.21-15.18.EL).
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.