Description of problem: A customer alerted me that, in the RHEL 5 manual, there seems to be an error. At the bottom of the page linked below, in the "Note" box, it says: "Red Hat Enterprise Linux 5 does not currently ship with an audit daemon.". I believe that this is entirely wrong for RHEL 5 and also for recent RHEL 4 updates. We DO ship auditd, and tools for managing it. http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/rhlcommon-section-0081.html Best regards, /Jan -- Jan Hedström Mobile: +46 706 333 386 Senior Sales Engineer, RHCE Switchboard: +46 8 5057 5600 Fax: +46 8 5057 5649 Red Hat, Nordic region Web: www.redhat.se Kista Science Tower Building C, 6th floor 164 51 Kista, Sweden Version-Release number of selected component (if applicable):
Fixed in 5.3. removed sentence in the note in section "45.3.1. Enabling Kernel Auditing" that claimed auditd was not shipped with RHEL5. the text in the note was: "If you are using an audit daemon for troubleshooting, the daemon may capture audit messages into a location other than /var/log/messages, such as /var/log/audit/audit.log. Red Hat Enterprise Linux 5 does not currently ship with an audit daemon." Now it is: "If you are using an audit daemon for troubleshooting, the daemon may capture audit messages into a location other than /var/log/messages, such as /var/log/audit/audit.log." CommitLog: Execute: Commit Modified: SELinux_Analyst_Control.xml Committed revision 8845. Updating...
Verified fixed in 5.4 online update. Closing.