Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: File auditing
Top Forums UNIX for Dummies Questions & Answers File auditing Post 302100539 by ghostdog74 on Wednesday 20th of December 2006 09:06:11 AM
Old 12-20-2006
i guess you have to turn on BSM in solaris. check
here
 

10 More Discussions You Might Find Interesting

1. HP-UX

Hpux C2 Auditing

I am trying to find out if there are any recommendations regarding what events/system calls should be audited as a starting point. I am new to the auditing side of things and am not really to sure what best to log - any ideas or know of any resources which make recommendations in this respect ??? (1 Reply)
Discussion started by: gmh
1 Replies

2. Solaris

BMS Auditing

Hi, I was wondering if anyone has had the problem I'm having or knows how to fix it. I need to audit one of our servers at work. I turned on BSM auditing and modified the audit_control file to only flag the "lo" class(login/outs) then I rebooted. I viewed the log BSM created and it shows a whole... (0 Replies)
Discussion started by: BlueKalel
0 Replies

3. Solaris

how to enable file auditing

Hi expert , Can you show me the steps to enable file auditing ? Thanks . (2 Replies)
Discussion started by: skully
2 Replies

4. UNIX for Advanced & Expert Users

Unix Auditing.

I need to log or 'audit' any access to a shared directory which is stored on a NetApp appliance. I need to be able to 'prove' who has acessed the data in this directory at any time. I am just not sure how to do this. The systems that will be accessing this are Linux systems. Any help is... (2 Replies)
Discussion started by: frankkahle
2 Replies

5. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

6. UNIX for Advanced & Expert Users

File Auditing in Sun Solaris environment

Hi All, I have a requirement to report us on changing a group of static files. Those are the binary files that run in Production every day. Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code. ... (1 Reply)
Discussion started by: mohan_kumarcs
1 Replies

7. UNIX for Advanced & Expert Users

Solaris auditing (file access logging) for specific directory only.

Hello, We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies

8. AIX

AIX auditing

I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only? Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies

9. Solaris

Unix file, folder permissions, security auditing tools.

I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access. Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
Discussion started by: kchinnam
7 Replies

10. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

LEARN ABOUT HPUX

audusr

audusr(1M)																audusr(1M)

NAME

       audusr - select users to audit

SYNOPSIS

       user] ...] user] ...]

DESCRIPTION

       is  used  to specify users to be audited or excluded from auditing.  The command only works for systems that have been converted to trusted
       mode.

       To select users to audit on systems that have not been converted to trusted mode, use  the  command.   See  also  audit(5),  userdbset(1M),
       userdb(4), and in security(4).

       If no arguments are specified, displays the audit setting of every user.  is restricted to privileged users.

   Options
       recognizes the following options:

	      Audit the specified
			user.	The  auditing  system records audit records to the ``current'' audit file when the specified user executes audited
			events or system calls.  Use to specify events to be audited (see audevent(1M)).

	      Do not audit the specified
			user.

	      Audit all users.

	      Do not audit any users.

       The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified.

       Users specified with are audited (or excluded from auditing) beginning with their next login session,  until  excluded  from  auditing  (or
       specified  for  auditing)  with	a  subsequent invocation.  Users already logged into the system when is invoked are unaffected during that
       login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly.

WARNINGS

       HP-UX 11i Version 3 is the last release to support trusted systems functionality.

AUTHOR

       was developed by HP.

FILES

       File containing flags to indicate whether users are audited.

SEE ALSO

       audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5).

								  TO BE OBSOLETED							audusr(1M)
All times are GMT -4. The time now is 03:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy