|
|
Sponsored Content
Operating Systems
Solaris
Enabling Solaris Audit log: Solaris 9
Post 302755735 by bartus11 on Monday 14th of January 2013 08:35:07 AM
|
|
10 More Discussions You Might Find Interesting
1. Cybersecurity
hey guys,
im going to enable C2 auditing on a sun box, i know how to do it, but im just wondering if there are any issues or problems that i may run into. this will be my first major change (since i have to reset the box) since i joined this company and i dont really wanna kill their servers, so... (2 Replies)
Discussion started by: roguekitton
2 Replies
2. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
3. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
4. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
5. Solaris
Hi Friends
I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.
Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
6. Solaris
cron audit problem. job failed
I’m getting problem with crontab in Solaris 8
Crontab stop and is not running for all the cron jobs
under cat /var/cron/log
> CMD: /var/sh/go.sh
> root 24835 c Sun Sep 26 08:06:00 2010
< root 24835 c Sun Sep 26 08:06:00 2010 rc=1
! cron audit problem.... (5 Replies)
Discussion started by: Mr.AIX
5 Replies
7. Solaris
Hi,
I was trying to enable TFTP on my Solaris 10. I started with un-commenting the tftp line in /etc/inetd.conf and inetconv -i /etc/inetd.conf for tftp installation. I did reboot the server afterwards, but i still cannot find the /tftpboot directory. though the return of svcs -a | grep -i tftp... (0 Replies)
Discussion started by: A.Salama
0 Replies
8. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
9. Solaris
Hi Guys,
Hope you can shed the light to this issue.
I have enabled SFTP logging on Linux this way and it works:
But trying this on Solaris it wont work, the ssh goes to maintenance in when checking with svcs.
The logs said a syntax error it doesn't recognize "-l" (3 Replies)
Discussion started by: batas
3 Replies
10. Solaris
hi,
I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies
LEARN ABOUT OSX
praudit
PRAUDIT(1) BSD General Commands Manual PRAUDIT(1) NAME
praudit -- print the contents of audit trail files SYNOPSIS
praudit [-lnpx] [-r | -s] [-d del] [file ...] DESCRIPTION
The praudit utility prints the contents of the audit trail files to the standard output in human-readable form. If no file argument is spec- ified, the standard input is used by default. The options are as follows: -d del Specifies the delimiter. The default delimiter is the comma. -l Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line. -n Do not convert user and group IDs to their names but leave in their numeric forms. -p Specify this option if input to praudit is piped from the tail(1) utility. This causes praudit to sync to the start of the next record. -r Prints the records in their raw form. Show records and event types in a numeric form (also known as raw form). This option is exclusive from -s. -s Prints the records in their short form. Show records and events in a short textual representation. This option is exclusive from -r. -x Print audit records in the XML output format. If the raw or short forms are not specified, the default is to print the tokens in their raw form. Events are displayed as per their descriptions given in /etc/security/audit_event; UIDs and GIDs are expanded to their names; dates and times are displayed in human-readable format. FILES
/etc/security/audit_class Descriptions of audit event classes. /etc/security/audit_event Descriptions of audit events. SEE ALSO
auditreduce(1), audit(4), auditpipe(4), audit_class(5), audit_event(5) HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi- tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. BSD
August 4, 2009 BSD