Hi Aaron, Thanks for your help, I tried making some changes (adding & deleting users & groups, and changing passwords) and they don't seem to have been logged! I also tried adding this line to /etc/syslog.conf *.* /var/log/all But I didn't get any messages logged in the 'all' file when I tried the same changes again (but I do get other messages like ' Dec 25 14:15:00 RHEL-ES3-02 CROND[2620]: (root) CMD (/usr/bin/mrtg /etc/mrtg/mrtg.cfg)' logged) Is there something else I need to do please? Thanks again for your help, Chris -----Original Message----- From: Bliss, Aaron [mailto:ABliss@xxxxxxxxxxxxxxxxx] Sent: 13 February 2006 13:49 To: Chris Bingham; redhat-list@xxxxxxxxxx Subject: RE: Security Logging - Passwords & Accounts These changes should already be logged in /var/log/secure; if you run logwatch with a detail level of 5, you should see everything your looking for in the report (and more :). Aaron -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Chris Bingham Sent: Monday, February 13, 2006 8:43 AM To: redhat-list@xxxxxxxxxx Subject: Security Logging - Passwords & Accounts Hi, Does anybody know of any way to log changes to user & group accounts and passwords please? Because of a new security policy, we need to find a way to log in a file whenever any changes are made to any user or group account, particularly need to monitor changes to passwords and group memberships. As a minimum, we've got to record the date & time of the change, what the change was, and which user account was used to make the change. Ideally we also need to do this without using third-party software, but any solution would be very welcome :) I'd really appreciate any help anyone can give, I've been trawling the net all morning looking for some pointers without much luck! Thanks in advance for any help, Chris ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange proir to leaving Applied Computing & Engineering's E-Mail Server -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe https://www.redhat.com/mailman/listinfo/redhat-list www.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange proir to leaving Applied Computing & Engineering's E-Mail Server -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
