Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Audit Trail problems
Top Forums UNIX for Dummies Questions & Answers Audit Trail problems Post 302110499 by iarnum on Tuesday 13th of March 2007 08:58:57 AM
Old 03-13-2007
Quote:
Originally Posted by auditd
It can audit all activities on Mac OS X, you just need to tell it what to audit. E.g. file deletion corresponds to the fd class.

If you give me a list of things you want to audit, I can help you put together a suitable audit policy.
Thanks for your response. We are trying to audit the actions of non-admin users who access the shared volumes in the server. The actions we would like to record are: file creation, file deletion, file modification. We would also like to record directory creation, deletion and modification.

We are basically failing to record anything that has not been performed by an admin user.

Thanks again for the response to my question.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Security Audit Trail

Dear Experts, I would like to know whether there are any tools available to view the Security Audit Trail files (SAT) in UNIX in a easier and customized way. If there is any similar type of S/W is available, please let me know. Thanks, Aswin (1 Reply)
Discussion started by: na100006
1 Replies

2. Shell Programming and Scripting

Is it possible to create audit trail on remote server using FTP

Hi, I'm automatically FTPing few files daily as a cron job to a remote server. I wanted to know if there is a way to log the successful transfer in a log on the remote server? The log on the remote server should look something like this. 10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies

3. UNIX for Advanced & Expert Users

ssh trail

hi need you advise... in my company, we have to use mgmt server in order to access to other servers. so basically we need to login to our mgmt server (solaris) before we ssh to any other servers. my boss ask me to do some reporting on who access some "specific servers" by weekly. any idea how... (4 Replies)
Discussion started by: ashterix
4 Replies

4. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

5. UNIX for Advanced & Expert Users

Audit connect

Hi, I would like to audit a connection of a specific account to HPUX and LINUX redhat O.S I need audit the IP address of the client machine , and the date&time the connection to the server has been done. Is it possible ? Thanks (1 Reply)
Discussion started by: yoavbe
1 Replies

6. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

7. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

8. UNIX for Dummies Questions & Answers

OS level audit trail for SSH?

Hi everyone, I have a situation where I need my personal account (say bob1) to login into a Red Hat 6 server, su to a system/application account (say app1) and kick off a script to do x,y and z. This isn't an issue. Now once I su- to the app1 account and kick-off the script this script then... (3 Replies)
Discussion started by: solomani
3 Replies

9. News, Links, Events and Announcements

Wine project and Oracle google trail over aoi copyright

Wine is a project that allow user to run windows apps on linux os. It does that by reimplementation of the windows api. However Oracle claim that API are copyrightable able and sue google for reimplementation of Java api. If they win, then wine project will be in the same problem. ... (0 Replies)
Discussion started by: programAngel
0 Replies

10. Shell Programming and Scripting

Script fro file check and load the trail file

Hi, Im going to use shell script for load the data into DB. First i need to read the trail file(csv file has two columns with comma separated ) like file name trail1024(last 4 digitsMMDD). In this trail file 27 entries will have like below,I need to read first csv file name and get the 4... (1 Reply)
Discussion started by: krajasekhar.v
1 Replies

LEARN ABOUT HPUX

audit

audit(4)						     Kernel Interfaces Manual							  audit(4)

NAME

       audit - audit trail format and other information for auditing

DESCRIPTION

       Audit  records  are  generated  when  users  make security-relevant system calls, as well as by self-auditing processes that call (see aud-
       write(2)).  Access to the auditing system is restricted to super-user.

       Each audit record consists of an audit record header and a record body.	The record header is comprised of  sequence  number,  process  ID,
       event  type,  and record body length.  The sequence number gives relative order of all records; the process ID belongs to the process being
       audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes.

       The record body is the variable-length component of an audit record containing more information about the audited  activity.   For  records
       generated  by  system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the
       system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the  high-
       level description of the event (see audwrite(2)).

       The  records  in  the audit trail are compressed to save file space.  When a process is audited the first time, a pid identification record
       (PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process.   This  includes
       the  parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective,  permit-
       ted, and retained privileges, compartment ID, and the terminal ID (tty).  The PIR is entered only once per process per audit trail.

       Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)).

AUTHOR

       was developed by HP.

SEE ALSO

       audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5).

																	  audit(4)
All times are GMT -4. The time now is 06:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy