The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
Audit Trail problems Audit Trail problems
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Enabling C2 audit roguekitton Security 2 10-19-2007 05:47 AM
ssh trail ashterix UNIX for Advanced & Expert Users 4 04-19-2007 10:20 PM
Is it possible to create audit trail on remote server using FTP dayanand Shell Programming and Scripting 0 10-31-2006 03:57 PM
Security Audit Trail na100006 UNIX for Advanced & Expert Users 1 03-07-2006 08:48 AM
Audit in SCO tatiana SCO 1 02-03-2006 09:52 AM

Reply
 
Submit Tools LinkBack Thread Tools Search this Thread Display Modes
  #1  
Old 01-11-2007
Registered User
  

Join Date: Jan 2007
Posts: 2
Audit Trail problems
I am trying to set up audit trail for our company server. (Mac OS X Server 10.3.9) We would like to record the activity of standard, non-administrative, users. We would like to record file creation, modification, deletion, among other things. We have installed the common criteria tools, but the seem to only record administrative users' activity.

Does anybody know how to implement this type of audit?

Thanks.
Reply With Quote
Forum Sponsor
  #2  
Old 03-07-2007
Registered User
  

Join Date: Feb 2007
Posts: 22
Quote:
Originally Posted by iarnum
I am trying to set up audit trail for our company server. (Mac OS X Server 10.3.9) We would like to record the activity of standard, non-administrative, users. We would like to record file creation, modification, deletion, among other things. We have installed the common criteria tools, but the seem to only record administrative users' activity.
It can audit all activities on Mac OS X, you just need to tell it what to audit. E.g. file deletion corresponds to the fd class.

If you give me a list of things you want to audit, I can help you put together a suitable audit policy.
Reply With Quote
  #3  
Old 03-13-2007
Registered User
  

Join Date: Jan 2007
Posts: 2
Quote:
Originally Posted by auditd
It can audit all activities on Mac OS X, you just need to tell it what to audit. E.g. file deletion corresponds to the fd class.

If you give me a list of things you want to audit, I can help you put together a suitable audit policy.
Thanks for your response. We are trying to audit the actions of non-admin users who access the shared volumes in the server. The actions we would like to record are: file creation, file deletion, file modification. We would also like to record directory creation, deletion and modification.

We are basically failing to record anything that has not been performed by an admin user.

Thanks again for the response to my question.
Reply With Quote
  #4  
Old 03-20-2007
Registered User
  

Join Date: Feb 2007
Posts: 22
To audit file (and directory) creation deletion and modification, you should add the following flags to the flags: line in audit_control so it reads:
flags: lo,fm,fc,fd

If you have an admin user who isn't generating these records, find the pid of the shell and run:
auditconfig -getpinfo pid
Reply With Quote
Google The UNIX and Linux Forums
Reply

« Make a copy of a unix HDD | help with sed »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 04:20 AM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0