|
|
Sponsored Content
Operating Systems
Solaris
audit in solaris
Post 302172148 by auditd on Sunday 2nd of March 2008 08:56:19 PM
03-02-2008
|
|
10 More Discussions You Might Find Interesting
1. Solaris
Hi All,
Any one has, sun solaris audit program which covers everything one need to check as a security auditor.
Audit Program will help.
Thanks,
Ghanshyam
Emails not allowed - see the Rules (4 Replies)
Discussion started by: ghanshyampatel
4 Replies
2. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
3. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
4. Solaris
I just want to audit and log to syslog when a user is added, removed or modified from the system.
According to the docs I have:
#/etc/security/audit_control
dir:/var/audit
flags:ua
minfree:20
naflags:ua
plugin:name=audit_syslog.so.1; p_flags=ua
But neither syslog nor auditreduce -c ua... (7 Replies)
Discussion started by: glisha
7 Replies
5. Solaris
Hi Friends
I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.
Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
6. Solaris
Looking for some way of running a script on one machine, giving it a list of IP addresses and it goes away and gets info from them.
Things such as server type, memory, processors etc.
Does such a thing exist? (3 Replies)
Discussion started by: psychocandy
3 Replies
7. Solaris
Dear All,
I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers.
After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies
8. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
9. Solaris
Hello,
I've installed solaris audit on a Solaris 10 SPARC system.
Latest patch 143962-04 is installed.
My problem is that while I can catch all arguments and processes created, I cannot catch a redirection. ie
cat /tmp/test.txt > /tmp/test2.txtCatches the first part but not the redirection.... (5 Replies)
Discussion started by: gowron
5 Replies
10. Solaris
hi,
I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies
LEARN ABOUT HPUX
audusr
audusr(1M) audusr(1M) NAME
audusr - select users to audit SYNOPSIS
user] ...] user] ...] DESCRIPTION
is used to specify users to be audited or excluded from auditing. The command only works for systems that have been converted to trusted mode. To select users to audit on systems that have not been converted to trusted mode, use the command. See also audit(5), userdbset(1M), userdb(4), and in security(4). If no arguments are specified, displays the audit setting of every user. is restricted to privileged users. Options recognizes the following options: Audit the specified user. The auditing system records audit records to the ``current'' audit file when the specified user executes audited events or system calls. Use to specify events to be audited (see audevent(1M)). Do not audit the specified user. Audit all users. Do not audit any users. The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified. Users specified with are audited (or excluded from auditing) beginning with their next login session, until excluded from auditing (or specified for auditing) with a subsequent invocation. Users already logged into the system when is invoked are unaffected during that login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly. WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality. AUTHOR
was developed by HP. FILES
File containing flags to indicate whether users are audited. SEE ALSO
audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5). TO BE OBSOLETED audusr(1M)