Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Audit Trail problems
Top Forums UNIX for Dummies Questions & Answers Audit Trail problems Post 302110499 by iarnum on Tuesday 13th of March 2007 08:58:57 AM
Old 03-13-2007
Quote:
Originally Posted by auditd
It can audit all activities on Mac OS X, you just need to tell it what to audit. E.g. file deletion corresponds to the fd class.

If you give me a list of things you want to audit, I can help you put together a suitable audit policy.
Thanks for your response. We are trying to audit the actions of non-admin users who access the shared volumes in the server. The actions we would like to record are: file creation, file deletion, file modification. We would also like to record directory creation, deletion and modification.

We are basically failing to record anything that has not been performed by an admin user.

Thanks again for the response to my question.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Security Audit Trail

Dear Experts, I would like to know whether there are any tools available to view the Security Audit Trail files (SAT) in UNIX in a easier and customized way. If there is any similar type of S/W is available, please let me know. Thanks, Aswin (1 Reply)
Discussion started by: na100006
1 Replies

2. Shell Programming and Scripting

Is it possible to create audit trail on remote server using FTP

Hi, I'm automatically FTPing few files daily as a cron job to a remote server. I wanted to know if there is a way to log the successful transfer in a log on the remote server? The log on the remote server should look something like this. 10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies

3. UNIX for Advanced & Expert Users

ssh trail

hi need you advise... in my company, we have to use mgmt server in order to access to other servers. so basically we need to login to our mgmt server (solaris) before we ssh to any other servers. my boss ask me to do some reporting on who access some "specific servers" by weekly. any idea how... (4 Replies)
Discussion started by: ashterix
4 Replies

4. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

5. UNIX for Advanced & Expert Users

Audit connect

Hi, I would like to audit a connection of a specific account to HPUX and LINUX redhat O.S I need audit the IP address of the client machine , and the date&time the connection to the server has been done. Is it possible ? Thanks (1 Reply)
Discussion started by: yoavbe
1 Replies

6. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

7. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

8. UNIX for Dummies Questions & Answers

OS level audit trail for SSH?

Hi everyone, I have a situation where I need my personal account (say bob1) to login into a Red Hat 6 server, su to a system/application account (say app1) and kick off a script to do x,y and z. This isn't an issue. Now once I su- to the app1 account and kick-off the script this script then... (3 Replies)
Discussion started by: solomani
3 Replies

9. News, Links, Events and Announcements

Wine project and Oracle google trail over aoi copyright

Wine is a project that allow user to run windows apps on linux os. It does that by reimplementation of the windows api. However Oracle claim that API are copyrightable able and sue google for reimplementation of Java api. If they win, then wine project will be in the same problem. ... (0 Replies)
Discussion started by: programAngel
0 Replies

10. Shell Programming and Scripting

Script fro file check and load the trail file

Hi, Im going to use shell script for load the data into DB. First i need to read the trail file(csv file has two columns with comma separated ) like file name trail1024(last 4 digitsMMDD). In this trail file 27 entries will have like below,I need to read first csv file name and get the 4... (1 Reply)
Discussion started by: krajasekhar.v
1 Replies

LEARN ABOUT HPUX

audwrite

audwrite(2)							System Calls Manual						       audwrite(2)

NAME

       audwrite() - write an audit record for a self-auditing process

SYNOPSIS

DESCRIPTION

       is  called  by  self-auditing processes, which are capable of turning off the regular auditing using the system call (see audswitch(2)) and
       doing higher-level auditing on their own.  is restricted to users with the privilege.

       checks to see if the auditing system is on and the calling process and the event specified are being audited.  If these conditions are met,
       writes  the  audit  record  pointed to by audrec_p into the audit trail.  The record consists of an audit record body and a header with the
       following fields:

	      /* Date/time (tv_sec of timeval) */
	      /* Process ID */
	      /* Success/failure */
	      /* Event being audited */
	      /* Length of variant part */

       The body contains additional information about the high-level audit event.  The header fields and are specified	by  the  calling  process.
       fills  in  and fields with the correct values.  this is done to reduce the risk of forgery.  Beginning with 11i version 3 release, converts
       the record into a different format before writing it into the current audit trail.

   Security Restrictions
       Some or all of the actions associated with this system call require the privilege.  Processes owned by the superuser have  this	privilege.
       Processes  owned  by  other users may have this privilege, depending on system configuration.  See privileges(5) for more information about
       privileged access on systems that support fine-grained privileges.

RETURN VALUE

       If the write is successful, a value of is returned.  Otherwise, a value of is returned and is set to indicate the reason for the failure.

ERRORS

       fails if one of the following is true:

	      The caller does not possess the
			     privilege.

	      The event number in the audit record is invalid.

WARNINGS

       If causes a file space overflow, the calling process might be suspended until the file space is cleaned up.  However, a returned call  with
       the return value of indicates that the audit record has been successfully written.

AUTHOR

       was developed by HP.

SEE ALSO

       audswitch(2), audit(4), privileges(5).

																       audwrite(2)
All times are GMT -4. The time now is 10:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy