The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
Reload this Page solaris BSM and Auditing
Google UNIX.COM
Forums Directory Register Forum Rules FAQContribute Members List Search Today's Posts Mark Forums Read



Thread: solaris BSM and Auditing
View Single Post in UNIX Forums - Click on the Thread or Permalink to View Entire Thread -->
  #1 (permalink)  
Old 03-05-2007
skywalker850i skywalker850i is offline
Registered User
  

Join Date: Mar 2007
Posts: 17
Smile solaris BSM and Auditing
Hi Guys,

I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please.

this is the config of the audit files:

audit_conto

# Copyright (c) 1988 by Sun Microsystems, Inc.
#
# ident "@(#)audit_control.txt 1.4 00/07/17 SMI"
#
dir:/var/audit
flags:lo,ad,cc
minfree:20
naflags:lo,ad,ex

audit class

#
# mask:name:description
#
0x00000000:no:invalid class
0x00000001:fr:file read
0x00000002:fw:file write
0x00000004:fa:file attribute access
0x00000008:fm:file attribute modify
0x00000010:fc:file create
0x00000020:fd:file delete
0x00000040:cl:file close
0x00000100:nt:network
0x00000200:ip:ipc
0x00000400:na:non-attribute
0x00001000:lo:login or logout
0x00004000:ap:application
0x00010000:ss:change system state
0x00020000:as:system-wide administration
0x00040000:ua:user administration
0x00070000:am:administrative (meta-class)
0x00080000:aa:audit utilization
0x000f0000:adld administrative (meta-class)
0x00100000srocess start/stop
0x00200000mrocess modify
0x00300000crocess (meta-class)
0x20000000:io:ioctl
0x40000000:ex:exec
0x80000000tther
0xffffffff:all:all classes (meta-class)
0x08000000:cc:CIS custom class


I only need to audit what users execute. Is there an easy way to do it.

Thanks
Reply With Quote
Remove advertisements
!!
!! Forum Sponsor