Our policy is that every use of su or sudo has to be explained. Just collecting the records and challenging is a good start, however I added something in to /etc/profile that tries to log all the commands too. There are certainly some flaws with it and it depends on people doing su - or su - username to run the profile and therefore be effective, but that has always been the habit here, so I got away with that.
There were various other application specific things embedded in the code but having stripped that out, I think this might still work:-
You would need to determine the pseudo-terminal as $PTS but the rest gives you a fairly good trace to challenge people with.
Hello,
Please review the output below and suggest if you notice the parameters going out of limit.
netstat -p udp
udp:
382735172 datagrams received
0 incomplete headers
0 bad data length fields
0 bad checksums
12519 dropped due to no socket
... (2 Replies)
Discussion started by: Vishal_dba
2 Replies
2. Post Here to Contact Site Administrators and Moderators
Dears
if i want to run this job every Saturday at 6 AM that will be the code
* 6 * * 1 cd /export/home/jenova ; ls -ltr >> $HOME/jenova_dir (2 Replies)
Hi guys,
I 've been brewing this shellscript, but I can't test it until next tuesday.
In the meantime I am too curious wether it will work or not, so I'd like to hear your comments.
Background:
I want to watch the user quota for mailboxes in various email-domains on a IMAP-server.
I have... (1 Reply)
A very n00b question: After compiling and installing software, where does the original source code reside? I'd like to study the source code of some of the ports I've installed. Thanks! :D (1 Reply)
audit_binfile(5) Standards, Environments, and Macros audit_binfile(5)NAME
audit_binfile - generation of Solaris audit logs
SYNOPSIS
/usr/lib/security/audit_binfile.so
DESCRIPTION
The audit_binfile plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in
audit_control(4); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4).
The audit_binfile plugin is loaded by auditd if audit_control contains one or more lines defining audit directories by means of the dir:
specification or if audit_control has a plugin: specification of name=audit_binfile.so.
OBJECT ATTRIBUTES
The p_dir and p_minfree attributes are equivalent to the dir: and minfree: lines described in audit_control. If both the dir: line and the
p_dir attribute are used, the plugin combines all directories into a single list with those specified by means of dir: at the front of the
list. If both the minfree and the p_minfree attributes are given, the p_minfree value is used.
EXAMPLES
The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of
required free space per directory.
flags: lo,ad,-fm
naflags: lo,ad
plugin: name=audit_binfile.so;
p_minfree=20;
p_dir=/etc/security/jedgar/eggplant,
/etc/security/jedgar.aux/eggplant,
/etc/security/global/eggplant
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO auditd(1M), audit_control(4), syslog.conf(4), attributes(5)SunOS 5.10 20 May 2003 audit_binfile(5)