Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: solaris BSM and Auditing
Top Forums UNIX for Dummies Questions & Answers solaris BSM and Auditing Post 302109544 by auditd on Tuesday 6th of March 2007 02:32:43 PM
Old 03-06-2007
Quote:
Originally Posted by skywalker850i
dir:/var/audit
flags:lo,ad,cc,ex
minfree:20
naflags:lo

23:AUE_EXECVE:execve(2):ps,ex,cc
Since you added cc which contains AUE_EXECVE you don't need ex.

What other events have you tagged with cc?
Quote:
Now, I cann't see things like (cd / or ls -ltr) command or i may need to look deep into the log files. In addation, the size of the logs is in Gigs, it looks like i am going to need to acquire more disk space soon!!
It is strange that you see events from the ot and cl classes, as you don't have those in audit_control. What does audit_user look like?

Could you run auditconfig -getpinfo pid where pid is the shell where you want to see the exec(s)'s?

To pick out the exec(2)'s you should run:
auditreduce -m AUE_EXECVE /path/to/audit-trail | praudit

Quote:
the idea behind this auditing thing is, to have all commands logged now, i didn't think the output is going to be like that. Now, if i get a request from management to produce the command set for one the users is going to be a nightmare to have something that will explaine to them what that users did in a nice layout.
If you want to work with just one user, you can use the -u aid option to auditreduce in conjunction with the example above. That way you'll just get the exec(2)'s belonging to that user.

Quote:
any idea when the gui will be downloadable
The beta will be out in about one to two months. It is more or less ready now, we there is a lot of polishing to do...
 

10 More Discussions You Might Find Interesting

1. Solaris

Solaris BSM log software

I'm looking for a software to capture my systems logs, and bsm (basic security module) logs to centralise the administration. Do you have a suggestions. Opensource or not. (6 Replies)
Discussion started by: simquest
6 Replies

2. Programming

how to write to Solaris BSM log

I have a C program and want to write messages to a log. BSM is being used for O/S auditing. Can I write my messages to the BSM log? If so, how do I do that? I'm not finding any API's for that. Any URLs, samples, guidance would be appreciated. (0 Replies)
Discussion started by: JDO
0 Replies

3. Solaris

Solaris BSM audit log

I got a lot of this message in my /var/audit log how can I exclude this message? header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument ,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies

4. Solaris

Solaris 9 Auditing

How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies

5. Solaris

Solaris user auditing

Hello, I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" ) Thanks. (2 Replies)
Discussion started by: niyazi
2 Replies

6. Solaris

BSM auditing issues, need to audit "permission denied"

Let me preface with I am semi-new to Solaris. I work with it in the labs at work and that's about my extent (although I run Linux at home). Well, a week ago security comes around with updated requirements, some of which are the need to audit all failures. For the life of me I cannot get a... (0 Replies)
Discussion started by: mph275
0 Replies

7. Solaris

BSM auditing

Hi , I don't want logs from a particular "library" to get recorded in the audit.log file. Is that possible with BSM? Please guide. Thanks. (2 Replies)
Discussion started by: chinchao
2 Replies

8. Solaris

Needs some orientation on BSM/auditing

New to Solaris in general (coming from a RHEL background) I'm trying to enable auditing on the system with the following in /etc/security/audit_control: But there are two areas where it seems to break with expected behavior (maybe it's poor expectations on my part): 1) it seems to be... (0 Replies)
Discussion started by: thmnetwork
0 Replies

9. Solaris

How can I read Solaris BSM log?

Hi all, I'm trying to read Solaris BSM log in user friendly form. Found old tools including bsmparser java tool and php code. But none of them working. What are you using for parsing BSM log? (2 Replies)
Discussion started by: sembii
2 Replies

10. Solaris

Exclude an specific directory for auditing in Solaris 10

Hello, Im glad to become a member of this forums, Im new on solaris and recentrly im introducing to use auditing service in that system. The need is, that I need how to exclude a directory to the audit service not audit it. And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies

LEARN ABOUT DEBIAN

nwdiag

NWDIAG(1)						      General Commands Manual							 NWDIAG(1)

NAME

       nwdiag - generate network-diagram image file from spec-text file.

SYNOPSIS

       nwdiag [options] files

DESCRIPTION

       This manual page documents briefly the nwdiag commands.

       nwdiag is generate sequence-diagram image file from spec-text file.

OPTIONS

       These  programs	follow	the  usual  GNU  command  line	syntax, with long options starting with two dashes (`-').  A summary of options is
       included below.	For a complete description, see the Info files.

       -h, --help
	      show this help message and exit.

       --version
	      show program's version number and exit.

       -a, --antialias
	      Pass diagram image to anti-alias filter.

       -c FILE, --config=FILE
	      read configurations from FILE.

       -o FILE
	      write diagram to FILE.

       -f FONT, --font=FONT
	      use FONT to draw diagram.

       -T TYPE
	      Output diagram as TYPE format.

SEE ALSO

       The programs are documented fully by
       http://blockdiag.com/en/nwdiag/

AUTHOR

       nwdiag was written by Takeshi Komiya <i.tkomiya@gmail.com>

       This manual page was written by Kouhei Maeda <mkouhei@palmtb.net>, for the Debian project (and may be used by others).

								   June 11, 2011							 NWDIAG(1)
All times are GMT -4. The time now is 10:57 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy