Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: turning auditing on AIX 4.3
Operating Systems AIX turning auditing on AIX 4.3 Post 302146328 by bakunin on Tuesday 20th of November 2007 03:07:42 AM
Old 11-20-2007
Sorry, but i think you are asking the "wrong question":

"auditing" is a feature in AIX, which you may or may not to switch on. I suppose you probably won't need it.

What do you want to achieve? Please tell us some of the requirements and we eventually could tell you what is needed to fulfill them.

"sudo" can be brought to log any usage of "su", but of course anybody with the possibility of becoming root will be able to circumvent the logging-mechanism given sufficient intent and sufficient effort.

What you could do is (this is just a sketch!):

1) set up a logging server. Login on this server is prohibited save for the person checking the logs.

2) disable root login and "su - root" on the servers you want to audit.

3) allow "su - root" through sudo. Put the mechanism into a small script, which not only issues the "sudo su ...." command but also sends a log entry to the logging server mentioned in 1). This prevents the log files from being altered by the people becoming root on the machine under audit. (If you'd save it somewhere on the same machine root would be able to edit them.)

bakunin
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Turning off the CDE

I am running Solaris 9 and wanted the CDE stopped when my users login. Can this be done by adding something to the .profile? Basically when they login they should be at the command line and have to start the CDE themselves. Thanks (11 Replies)
Discussion started by: meyersp
11 Replies

2. UNIX for Dummies Questions & Answers

Turning Echo off

Hi, Is there any way like in dos to turn the echo off in a script? i have some lines popping up that i dont wish to be viewed when i am unziping a file it brings up the message updating: log.txt (deflated 72%) and extracting: log.txt i dont want these be viewed. Andy (4 Replies)
Discussion started by: chapmana
4 Replies

3. AIX

Aix auditing : performance impact

can someone help me find out the impact of enabling audting on the entire root filesystem. does it have a major hit on the overall performance of the system Thanks so much (0 Replies)
Discussion started by: iam
0 Replies

4. AIX

AIX auditing

I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only? Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies

5. AIX

AIX Auditing problam

i have sucessfully enable the auditing on AIX with adding som onjects. but when i go for auditpr -v < /audit/trail vlets say i reset audit at last dat 5 pm auditpr -v < /audit/trail will show up to last day 5 pm. i have to reset audit every time to check latest logs. please... (3 Replies)
Discussion started by: prashantjain07
3 Replies

6. AIX

Help me! AUDITING AIX

Hi All, i've a problem on a AIX server with audit config... when i start the audit i receive this error: root@****:/etc/security/audit > /usr/sbin/audit start Audit start cleanup: The system call does not exist on this system. ** failed setting kernel audit objects I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies

7. AIX

AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system? regards (2 Replies)
Discussion started by: bongo
2 Replies

8. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

9. AIX

User auditing from AIX server

I am trying to find out the information of my local desktop when i use putty to login to an AIX server. This is what I do: 1. login to my PC 2. take a putty session to an AIX server Can i get information of my local desktop from the AIX server ? Is there a command available ? Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies

10. AIX

Configure AIX server to send logs and auditing to Qradar

Hi All I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,, The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc ) my skype account khaled_ly84 ... (4 Replies)
Discussion started by: khaled_ly84
4 Replies

LEARN ABOUT X11R4

bsmconv

bsmconv(1M)						  System Administration Commands					       bsmconv(1M)

NAME

       bsmconv, bsmunconv - enable or disable the Basic Security Module (BSM) on Solaris

SYNOPSIS

       /etc/security/bsmconv [rootdir...]

       /etc/security/bsmunconv [rootdir...]

DESCRIPTION

       The  bsmconv  and  bsmunconv scripts are used to enable or disable the BSM features on a Solaris system. The optional argument rootdir is a
       list of one or more root directories of diskless clients that have already been configured. See smdiskless(1M).

       To enable or disable BSM on a diskless client, a server, or a stand-alone system, logon as super-user to the system being converted and use
       the bsmconv or bsmunconv commands without any options.

       To  enable or disable BSM on a diskless client from that client's server, logon to the server as super-user and use bsmconv, specifying the
       root directory of each diskless client you wish to affect. For example, the command:

       myhost# bsmconv /export/root/client1 /export/root/client2

       enables BSM on the two machines named client1 and client2. While the command:

       myhost# bsmconv

       enables BSM only on the machine called myhost. It is no longer necessary to enable BSM on both the server and its diskless clients.

       After running bsmconv the system can be configured by editing the files in /etc/security. Each diskless client has its own copy of configu-
       ration files in its root directory. You might want to edit these files before rebooting each client.

       Following  the  completion  of either script, the affected system(s) should be rebooted to allow the auditing subsystem to come up properly
       initialized.

FILES

       The following files are created by bsmconv:

       /etc/security/device_maps       Administrative file defining the mapping of device special files to allocatable device names.

       /etc/security/device_allocate   Administrative file defining parameters for device allocation.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsr			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auditconfig(1M), auditd(1M), audit_startup(1M), audit.log(4), audit_control(4), attributes(5)

NOTES

       bsmconv and bsmunconv are not valid in a non-global zone.

SunOS 5.10							    26 May 2004 						       bsmconv(1M)
All times are GMT -4. The time now is 04:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy