03-13-2007
Quote:
Originally Posted by auditd
It can audit all activities on Mac OS X, you just need to tell it what to audit. E.g.
file deletion corresponds to the
fd class.
If you give me a list of things you want to audit, I can help you put together a suitable audit policy.
Thanks for your response. We are trying to audit the actions of non-admin users who access the shared volumes in the server. The actions we would like to record are: file creation, file deletion, file modification. We would also like to record directory creation, deletion and modification.
We are basically failing to record anything that has not been performed by an admin user.
Thanks again for the response to my question.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Dear Experts,
I would like to know whether there are any tools available to view the Security Audit Trail files (SAT) in UNIX in a easier and customized way. If there is any similar type of S/W is available, please let me know.
Thanks,
Aswin (1 Reply)
Discussion started by: na100006
1 Replies
2. Shell Programming and Scripting
Hi,
I'm automatically FTPing few files daily as a cron job to a remote server.
I wanted to know if there is a way to log the successful transfer in a log on the remote server?
The log on the remote server should look something like this.
10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies
3. UNIX for Advanced & Expert Users
hi need you advise...
in my company, we have to use mgmt server in order to access to other servers. so basically we need to login to our mgmt server (solaris) before we ssh to any other servers.
my boss ask me to do some reporting on who access some "specific servers" by weekly. any idea how... (4 Replies)
Discussion started by: ashterix
4 Replies
4. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
5. UNIX for Advanced & Expert Users
Hi,
I would like to audit a connection of a specific account to HPUX and LINUX redhat O.S
I need audit the IP address of the client machine , and the date&time the connection to the server has been done.
Is it possible ?
Thanks (1 Reply)
Discussion started by: yoavbe
1 Replies
6. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
7. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
8. UNIX for Dummies Questions & Answers
Hi everyone,
I have a situation where I need my personal account (say bob1) to login into a Red Hat 6 server, su to a system/application account (say app1) and kick off a script to do x,y and z. This isn't an issue.
Now once I su- to the app1 account and kick-off the script this script then... (3 Replies)
Discussion started by: solomani
3 Replies
9. News, Links, Events and Announcements
Wine is a project that allow user to run windows apps on linux os.
It does that by reimplementation of the windows api.
However Oracle claim that API are copyrightable able and sue google for reimplementation of Java api.
If they win, then wine project will be in the same problem.
... (0 Replies)
Discussion started by: programAngel
0 Replies
10. Shell Programming and Scripting
Hi,
Im going to use shell script for load the data into DB.
First i need to read the trail file(csv file has two columns with comma separated ) like file name trail1024(last 4 digitsMMDD).
In this trail file 27 entries will have like below,I need to read first csv file name and get the 4... (1 Reply)
Discussion started by: krajasekhar.v
1 Replies
LEARN ABOUT X11R4
praudit
praudit(1M) System Administration Commands praudit(1M)
NAME
praudit - print contents of an audit trail file
SYNOPSIS
praudit [-lrsx] [-ddel] [filename...]
DESCRIPTION
praudit reads the listed filenames (or standard input, if no filename is specified) and interprets the data as audit trail records as
defined in audit.log(4). By default, times, user and group IDs (UIDs and GIDs, respectively) are converted to their ASCII representation.
Record type and event fields are converted to their ASCII representation. A maximum of 100 audit files can be specified on the command
line.
OPTIONS
The following options are supported:
-ddel Use del as the field delimiter instead of the default delimiter, which is the comma. If del has special meaning for the shell, it
must be quoted. The maximum size of a delimiter is three characters. The delimiter is not meaningful and is not used when the -x
option is specified.
-l Print one line per record.
-r Print records in their raw form. Times, UIDs, GIDs, record types, and events are displayed as integers. This option and the -s
option are exclusive. If both are used, a format usage error message is output.
-s Print records in their short form. All numeric fields are converted to ASCII and displayed. The short ASCII representations for
the record type and event fields are used. This option and the -r option are exclusive. If both are used, a format usage error
message is output.
-x Print records in XML form. Tags are included in the output to identify tokens and fields within tokens. Output begins with a valid
XML prolog, which includes identification of the DTD which can be used to parse the XML.
FILES
/etc/security/audit_event Audit event definition and class mappings.
/etc/security/audit_class Audit class definitions.
/usr/share/lib/xml/dtd Directory containing the verisioned DTD file referenced in XML output, for example, adt_record.dtd.1.
/usr/share/lib/xml/style Directory containing the versioned XSL file referenced in XML output, for example, adt_record.xsl.1.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
|Interface Stability |See below |
+-----------------------------+-----------------------------+
The command stability is evolving. The output format is unstable.
SEE ALSO
bsmconv(1M), audit(2), getauditflags(3BSM), audit.log(4), audit_class(4), audit_event(4), group(4), passwd(4), attributes(5)
NOTES
This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
SunOS 5.10 6 Jan 2003 praudit(1M)