03-13-2007
Quote:
Originally Posted by auditd
It can audit all activities on Mac OS X, you just need to tell it what to audit. E.g.
file deletion corresponds to the
fd class.
If you give me a list of things you want to audit, I can help you put together a suitable audit policy.
Thanks for your response. We are trying to audit the actions of non-admin users who access the shared volumes in the server. The actions we would like to record are: file creation, file deletion, file modification. We would also like to record directory creation, deletion and modification.
We are basically failing to record anything that has not been performed by an admin user.
Thanks again for the response to my question.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Dear Experts,
I would like to know whether there are any tools available to view the Security Audit Trail files (SAT) in UNIX in a easier and customized way. If there is any similar type of S/W is available, please let me know.
Thanks,
Aswin (1 Reply)
Discussion started by: na100006
1 Replies
2. Shell Programming and Scripting
Hi,
I'm automatically FTPing few files daily as a cron job to a remote server.
I wanted to know if there is a way to log the successful transfer in a log on the remote server?
The log on the remote server should look something like this.
10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies
3. UNIX for Advanced & Expert Users
hi need you advise...
in my company, we have to use mgmt server in order to access to other servers. so basically we need to login to our mgmt server (solaris) before we ssh to any other servers.
my boss ask me to do some reporting on who access some "specific servers" by weekly. any idea how... (4 Replies)
Discussion started by: ashterix
4 Replies
4. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
5. UNIX for Advanced & Expert Users
Hi,
I would like to audit a connection of a specific account to HPUX and LINUX redhat O.S
I need audit the IP address of the client machine , and the date&time the connection to the server has been done.
Is it possible ?
Thanks (1 Reply)
Discussion started by: yoavbe
1 Replies
6. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
7. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
8. UNIX for Dummies Questions & Answers
Hi everyone,
I have a situation where I need my personal account (say bob1) to login into a Red Hat 6 server, su to a system/application account (say app1) and kick off a script to do x,y and z. This isn't an issue.
Now once I su- to the app1 account and kick-off the script this script then... (3 Replies)
Discussion started by: solomani
3 Replies
9. News, Links, Events and Announcements
Wine is a project that allow user to run windows apps on linux os.
It does that by reimplementation of the windows api.
However Oracle claim that API are copyrightable able and sue google for reimplementation of Java api.
If they win, then wine project will be in the same problem.
... (0 Replies)
Discussion started by: programAngel
0 Replies
10. Shell Programming and Scripting
Hi,
Im going to use shell script for load the data into DB.
First i need to read the trail file(csv file has two columns with comma separated ) like file name trail1024(last 4 digitsMMDD).
In this trail file 27 entries will have like below,I need to read first csv file name and get the 4... (1 Reply)
Discussion started by: krajasekhar.v
1 Replies
audit(4) Kernel Interfaces Manual audit(4)
NAME
audit - audit trail format and other information for auditing
DESCRIPTION
Audit records are generated when users make security-relevant system calls, as well as by self-auditing processes that call (see aud-
write(2)). Access to the auditing system is restricted to super-user.
Each audit record consists of an audit record header and a record body. The record header is comprised of sequence number, process ID,
event type, and record body length. The sequence number gives relative order of all records; the process ID belongs to the process being
audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes.
The record body is the variable-length component of an audit record containing more information about the audited activity. For records
generated by system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the
system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the high-
level description of the event (see audwrite(2)).
The records in the audit trail are compressed to save file space. When a process is audited the first time, a pid identification record
(PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process. This includes
the parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective, permit-
ted, and retained privileges, compartment ID, and the terminal ID (tty). The PIR is entered only once per process per audit trail.
Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)).
AUTHOR
was developed by HP.
SEE ALSO
audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5).
audit(4)