|
|
Sponsored Content
Operating Systems
Solaris
Enabling Solaris Audit log: Solaris 9
Post 302755987 by sumeet1806 on Tuesday 15th of January 2013 01:01:25 AM
01-15-2013
|
|
10 More Discussions You Might Find Interesting
1. Cybersecurity
hey guys,
im going to enable C2 auditing on a sun box, i know how to do it, but im just wondering if there are any issues or problems that i may run into. this will be my first major change (since i have to reset the box) since i joined this company and i dont really wanna kill their servers, so... (2 Replies)
Discussion started by: roguekitton
2 Replies
2. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
3. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
4. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
5. Solaris
Hi Friends
I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.
Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
6. Solaris
cron audit problem. job failed
I’m getting problem with crontab in Solaris 8
Crontab stop and is not running for all the cron jobs
under cat /var/cron/log
> CMD: /var/sh/go.sh
> root 24835 c Sun Sep 26 08:06:00 2010
< root 24835 c Sun Sep 26 08:06:00 2010 rc=1
! cron audit problem.... (5 Replies)
Discussion started by: Mr.AIX
5 Replies
7. Solaris
Hi,
I was trying to enable TFTP on my Solaris 10. I started with un-commenting the tftp line in /etc/inetd.conf and inetconv -i /etc/inetd.conf for tftp installation. I did reboot the server afterwards, but i still cannot find the /tftpboot directory. though the return of svcs -a | grep -i tftp... (0 Replies)
Discussion started by: A.Salama
0 Replies
8. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
9. Solaris
Hi Guys,
Hope you can shed the light to this issue.
I have enabled SFTP logging on Linux this way and it works:
But trying this on Solaris it wont work, the ssh goes to maintenance in when checking with svcs.
The logs said a syntax error it doesn't recognize "-l" (3 Replies)
Discussion started by: batas
3 Replies
10. Solaris
hi,
I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies
LEARN ABOUT V7
audit_data
audit_data(4) File Formats audit_data(4) NAME
audit_data - current information on audit daemon SYNOPSIS
/etc/security/audit_data DESCRIPTION
The audit_data file contains information about the audit daemon. The file contains the process ID of the audit daemon, and the pathname of the current audit log file. The format of the file is: pid>:<pathname> Where pid is the process ID for the audit daemon, and pathname is the full pathname for the current audit log file. EXAMPLES
Example 1: A sample audit_data file. 64:/etc/security/audit/server1/19930506081249.19930506230945.bongos FILES
/etc/security/audit_data ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Obsolete | +-----------------------------+-----------------------------+ SEE ALSO
audit(1M), auditd(1M), bsmconv(1M), audit(2), audit_control(4), audit.log(4) NOTES
The functionality described on this manual page is internal to audit(1M) and might not be supported in a future release. The auditd utility is the only supported mechanism to communicate with auditd(1M). The current audit log can be determined by examining the configured audit directories. See audit_control(4). The functionality described on this manual page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. SunOS 5.10 14 Nov 2002 audit_data(4)