|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
solaris BSM and Auditing
Post 302109473 by skywalker850i on Tuesday 6th of March 2007 04:50:37 AM
03-06-2007
audit user/root command
|
|
10 More Discussions You Might Find Interesting
1. Solaris
I'm looking for a software to capture my systems logs, and bsm (basic security module) logs to centralise the administration. Do you have a suggestions. Opensource or not. (6 Replies)
Discussion started by: simquest
6 Replies
2. Programming
I have a C program and want to write messages to a log. BSM is being used for O/S auditing. Can I write my messages to the BSM log? If so, how do I do that? I'm not finding any API's for that. Any URLs, samples, guidance would be appreciated. (0 Replies)
Discussion started by: JDO
0 Replies
3. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
4. Solaris
How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies
5. Solaris
Hello,
I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" )
Thanks. (2 Replies)
Discussion started by: niyazi
2 Replies
6. Solaris
Let me preface with I am semi-new to Solaris. I work with it in the labs at work and that's about my extent (although I run Linux at home).
Well, a week ago security comes around with updated requirements, some of which are the need to audit all failures. For the life of me I cannot get a... (0 Replies)
Discussion started by: mph275
0 Replies
7. Solaris
Hi ,
I don't want logs from a particular "library" to get recorded in the audit.log file. Is that possible with BSM? Please guide.
Thanks. (2 Replies)
Discussion started by: chinchao
2 Replies
8. Solaris
New to Solaris in general (coming from a RHEL background) I'm trying to enable auditing on the system with the following in /etc/security/audit_control:
But there are two areas where it seems to break with expected behavior (maybe it's poor expectations on my part):
1) it seems to be... (0 Replies)
Discussion started by: thmnetwork
0 Replies
9. Solaris
Hi all,
I'm trying to read Solaris BSM log in user friendly form. Found old tools including bsmparser java tool and php code. But none of them working. What are you using for parsing BSM log? (2 Replies)
Discussion started by: sembii
2 Replies
10. Solaris
Hello,
Im glad to become a member of this forums,
Im new on solaris and recentrly im introducing to use auditing service in that system.
The need is, that I need how to exclude a directory to the audit service not audit it.
And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies
LEARN ABOUT BSD
praudit
praudit(1M) System Administration Commands praudit(1M) NAME
praudit - print contents of an audit trail file SYNOPSIS
praudit [-lrsx] [-ddel] [filename...] DESCRIPTION
praudit reads the listed filenames (or standard input, if no filename is specified) and interprets the data as audit trail records as defined in audit.log(4). By default, times, user and group IDs (UIDs and GIDs, respectively) are converted to their ASCII representation. Record type and event fields are converted to their ASCII representation. A maximum of 100 audit files can be specified on the command line. OPTIONS
The following options are supported: -ddel Use del as the field delimiter instead of the default delimiter, which is the comma. If del has special meaning for the shell, it must be quoted. The maximum size of a delimiter is three characters. The delimiter is not meaningful and is not used when the -x option is specified. -l Print one line per record. -r Print records in their raw form. Times, UIDs, GIDs, record types, and events are displayed as integers. This option and the -s option are exclusive. If both are used, a format usage error message is output. -s Print records in their short form. All numeric fields are converted to ASCII and displayed. The short ASCII representations for the record type and event fields are used. This option and the -r option are exclusive. If both are used, a format usage error message is output. -x Print records in XML form. Tags are included in the output to identify tokens and fields within tokens. Output begins with a valid XML prolog, which includes identification of the DTD which can be used to parse the XML. FILES
/etc/security/audit_event Audit event definition and class mappings. /etc/security/audit_class Audit class definitions. /usr/share/lib/xml/dtd Directory containing the verisioned DTD file referenced in XML output, for example, adt_record.dtd.1. /usr/share/lib/xml/style Directory containing the versioned XSL file referenced in XML output, for example, adt_record.xsl.1. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ |Interface Stability |See below | +-----------------------------+-----------------------------+ The command stability is evolving. The output format is unstable. SEE ALSO
bsmconv(1M), audit(2), getauditflags(3BSM), audit.log(4), audit_class(4), audit_event(4), group(4), passwd(4), attributes(5) NOTES
This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. SunOS 5.10 6 Jan 2003 praudit(1M)