praudit should be able to map users and groups correctly
It's common to aggregate audit logs onto a central system. However, running praudit will use the passwd and group files on the system where it's running to resolve the UID and GID in the audit records, which may differ from the values on the system from which the logs are taken. What you need is a way to feed praudit the group and passwd entries appropriate to the system the logs were taken from.
The plan is to leverage the uid/gid cache introduced in #9106. Specifically, preload the caches from given group and passwd files. In this case, praudit will only attempt to resolve unknown values against the system it's running on.
Updated by Electric Monk over 4 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit 8bb3e7e36ac2547e9cc8555dfd4a6dc6821f5396 Author: Peter Tribble <email@example.com> Date: 2019-08-14T07:19:35.000Z 9830 praudit should be able to map users and groups correctly Reviewed by: Andy Fiddaman <firstname.lastname@example.org> Reviewed by: Andrew Stormont <email@example.com> Reviewed by: Joshua M. Clulow <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>