auid doesn't display user id while connected via ssh
Issue
- When a user login via ssh to the system and execute "sudo su -" then uid doesn't come in auid field under audit logs.
type=CRED_ACQ msg=audit(1322878406.113:62654963): user pid=20204 uid=0 auid=4294967295 msg='PAM: setcred acct="root" : exe="/usr/bin/sudo" (hostname=u060tsi41, addr=127.0.0.1, terminal=/dev/pts/2 res=success)'
type=USER_START msg=audit(1322878406.117:62654964): user pid=20204 uid=0 auid=4294967295 msg='PAM: session open acct="root" : exe="/usr/bin/sudo" (hostname=u060tsi41, addr=127.0.0.1, terminal=/dev/pts/2 res=success)'
type=USER_END msg=audit(1322878406.117:62654965): user pid=20204 uid=0 auid=4294967295 msg='PAM: session close acct="root" : exe="/usr/bin/sudo" (hostname=u060tsi41, addr=127.0.0.1, terminal=/dev/pts/2 res=success)'
type=USER_CMD msg=audit(1322878406.118:62654966): user pid=20204 uid=0 auid=4294967295 msg='cwd="/home/sh53837" cmd=2F62696E2F7375202D (terminal=pts/2 res=success)'
type=USER_AUTH msg=audit(1322878406.120:62654967): user pid=20204 uid=0 auid=4294967295 msg='PAM: authentication acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=USER_ACCT msg=audit(1322878406.121:62654968): user pid=20204 uid=0 auid=4294967295 msg='PAM: accounting acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=USER_START msg=audit(1322878406.124:62654969): user pid=20204 uid=0 auid=4294967295 msg='PAM: session open acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=CRED_ACQ msg=audit(1322878406.124:62654970): user pid=20204 uid=0 auid=4294967295 msg='PAM: setcred acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
Environment
- Red hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.