03-25-2008
environment history/audit
hi there,
im going down a few rabbit holes with this one and hoped somebody could point me straight... im not sure if im looking for a log, cmd, or script but i want to know when and where the current environment got set.
eg, if i type env or set i get some entries like:
HOSTNAME=myhost.meh
...
FTP_PROXY=myproxy.meh
...
ftp_proxy=myproxy.meh
...
now we dont use a proxy and i want to prevent those vars from being set.
does a mechanism exist to track what process/file exported those variables? im thinking something like a log level or trigger or anything besides grep -R varstring / since this seems like itd be a fairly common admin task, not to mention greping wont give load order or precedence.
thanks for the help! r, /matt
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have been resently working on some ksh script. One of the line in the file writes:
.. /etc/.environment dev_env
I can not understand what this mean, all I know is .environment is unix system environment file. Is ".." a command? If some one can give me some clue where can I find information... (7 Replies)
Discussion started by: zzwu3591
7 Replies
2. UNIX for Dummies Questions & Answers
Hello every body,
Kindly inform me How Do i find out the time I executed a command previously on UNIX Solaris??
To be more specific and more clear about what i want to know is that I want a command the enables me to know the history and which command i run at this history/time.
FYI I used... (5 Replies)
Discussion started by: ahmedamer12
5 Replies
3. UNIX for Advanced & Expert Users
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies
4. Shell Programming and Scripting
Is it possible to find out the history of recently typed in commands of a particular user in a multi user system?
the history command expects a numeric argument with it. is it possible to find out the history o commands of a particular user say John_smith for example? (2 Replies)
Discussion started by: arindamlive
2 Replies
5. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
6. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
7. UNIX for Dummies Questions & Answers
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies
8. What is on Your Mind?
I am pleased to announce this new video in 1080 HD for UNIX lovers honoring thirty years of UNIX history spanning from 1969 to 1999 presented in 150 seconds (two and a half minutes) in 1080 HD, celebrating the 50th anniversary of UNIX.
The Great History of UNIX (1969-1999) | 30 Years of UNIX... (8 Replies)
Discussion started by: Neo
8 Replies
AUDIT(8) BSD System Manager's Manual AUDIT(8)
NAME
audit -- audit management utility
SYNOPSIS
audit -e | -i | -n | -s | -t
DESCRIPTION
The audit utility controls the state of the audit system. One of the following flags is required as an argument to audit:
-e Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file
without doing a log rotation.
-i Initializes and starts auditing. This option is currently for Mac OS X only and requires auditd(8) to be configured to run under
launchd(8).
-n Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit con-
trol file. Also, audit log files that meet the expiration criteria specified in the audit control file will be removed.
-s Specifies that the audit system should [re]synchronize its configuration from the audit control file. A new log file will be cre-
ated.
-t Specifies that the audit system should terminate. Log files are closed and renamed to indicate the time of the shutdown.
NOTES
The auditd(8) daemon must already be running. Optionally, it can be configured to be started on-demand by launchd(8) (Mac OS X only). The
audit utility requires audit administrator privileges for successful operation.
FILES
/etc/security/audit_control Audit policy file used to configure the auditing system.
SEE ALSO
audit(4), audit_control(5), auditd(8), launchd(8)
HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD
January 29, 2009 BSD