03-13-2007
Quote:
Originally Posted by auditd
It can audit all activities on Mac OS X, you just need to tell it what to audit. E.g.
file deletion corresponds to the
fd class.
If you give me a list of things you want to audit, I can help you put together a suitable audit policy.
Thanks for your response. We are trying to audit the actions of non-admin users who access the shared volumes in the server. The actions we would like to record are: file creation, file deletion, file modification. We would also like to record directory creation, deletion and modification.
We are basically failing to record anything that has not been performed by an admin user.
Thanks again for the response to my question.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Dear Experts,
I would like to know whether there are any tools available to view the Security Audit Trail files (SAT) in UNIX in a easier and customized way. If there is any similar type of S/W is available, please let me know.
Thanks,
Aswin (1 Reply)
Discussion started by: na100006
1 Replies
2. Shell Programming and Scripting
Hi,
I'm automatically FTPing few files daily as a cron job to a remote server.
I wanted to know if there is a way to log the successful transfer in a log on the remote server?
The log on the remote server should look something like this.
10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies
3. UNIX for Advanced & Expert Users
hi need you advise...
in my company, we have to use mgmt server in order to access to other servers. so basically we need to login to our mgmt server (solaris) before we ssh to any other servers.
my boss ask me to do some reporting on who access some "specific servers" by weekly. any idea how... (4 Replies)
Discussion started by: ashterix
4 Replies
4. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
5. UNIX for Advanced & Expert Users
Hi,
I would like to audit a connection of a specific account to HPUX and LINUX redhat O.S
I need audit the IP address of the client machine , and the date&time the connection to the server has been done.
Is it possible ?
Thanks (1 Reply)
Discussion started by: yoavbe
1 Replies
6. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
7. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
8. UNIX for Dummies Questions & Answers
Hi everyone,
I have a situation where I need my personal account (say bob1) to login into a Red Hat 6 server, su to a system/application account (say app1) and kick off a script to do x,y and z. This isn't an issue.
Now once I su- to the app1 account and kick-off the script this script then... (3 Replies)
Discussion started by: solomani
3 Replies
9. News, Links, Events and Announcements
Wine is a project that allow user to run windows apps on linux os.
It does that by reimplementation of the windows api.
However Oracle claim that API are copyrightable able and sue google for reimplementation of Java api.
If they win, then wine project will be in the same problem.
... (0 Replies)
Discussion started by: programAngel
0 Replies
10. Shell Programming and Scripting
Hi,
Im going to use shell script for load the data into DB.
First i need to read the trail file(csv file has two columns with comma separated ) like file name trail1024(last 4 digitsMMDD).
In this trail file 27 entries will have like below,I need to read first csv file name and get the 4... (1 Reply)
Discussion started by: krajasekhar.v
1 Replies
LEARN ABOUT HPUX
audwrite
audwrite(2) System Calls Manual audwrite(2)
NAME
audwrite() - write an audit record for a self-auditing process
SYNOPSIS
DESCRIPTION
is called by self-auditing processes, which are capable of turning off the regular auditing using the system call (see audswitch(2)) and
doing higher-level auditing on their own. is restricted to users with the privilege.
checks to see if the auditing system is on and the calling process and the event specified are being audited. If these conditions are met,
writes the audit record pointed to by audrec_p into the audit trail. The record consists of an audit record body and a header with the
following fields:
/* Date/time (tv_sec of timeval) */
/* Process ID */
/* Success/failure */
/* Event being audited */
/* Length of variant part */
The body contains additional information about the high-level audit event. The header fields and are specified by the calling process.
fills in and fields with the correct values. this is done to reduce the risk of forgery. Beginning with 11i version 3 release, converts
the record into a different format before writing it into the current audit trail.
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
If the write is successful, a value of is returned. Otherwise, a value of is returned and is set to indicate the reason for the failure.
ERRORS
fails if one of the following is true:
The caller does not possess the
privilege.
The event number in the audit record is invalid.
WARNINGS
If causes a file space overflow, the calling process might be suspended until the file space is cleaned up. However, a returned call with
the return value of indicates that the audit record has been successfully written.
AUTHOR
was developed by HP.
SEE ALSO
audswitch(2), audit(4), privileges(5).
audwrite(2)