Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to enable file auditing
Operating Systems Solaris how to enable file auditing Post 302203425 by skully on Sunday 8th of June 2008 09:29:49 PM
Old 06-08-2008
how to enable file auditing
Hi expert ,
Can you show me the steps to enable file auditing ? Thanks .
 

10 More Discussions You Might Find Interesting

1. Solaris

BMS Auditing

Hi, I was wondering if anyone has had the problem I'm having or knows how to fix it. I need to audit one of our servers at work. I turned on BSM auditing and modified the audit_control file to only flag the "lo" class(login/outs) then I rebooted. I viewed the log BSM created and it shows a whole... (0 Replies)
Discussion started by: BlueKalel
0 Replies

2. UNIX for Dummies Questions & Answers

File auditing

Hello everbody: I have a file on the system, I need to check who was the last user who accessed or modified it, and if i can get any further details i can get like IP or access time,etc. do you have any idea about simple concept or way i can do that in unix tru64 or solaris 9? thanks in advance... (2 Replies)
Discussion started by: aladdin
2 Replies

3. Solaris

Solaris 9 Auditing

How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies

4. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

5. UNIX for Advanced & Expert Users

File Auditing in Sun Solaris environment

Hi All, I have a requirement to report us on changing a group of static files. Those are the binary files that run in Production every day. Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code. ... (1 Reply)
Discussion started by: mohan_kumarcs
1 Replies

6. UNIX for Advanced & Expert Users

Solaris auditing (file access logging) for specific directory only.

Hello, We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies

7. Solaris

Unix file, folder permissions, security auditing tools.

I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access. Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
Discussion started by: kchinnam
7 Replies

8. Shell Programming and Scripting

Auditing script

I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies

9. SCO

Auditing: how to enable?

edit: solution found Auditing Quick Start and Compatibility Notes (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

10. Solaris

Configuring Auditing

Hello Solaris Team, We would like to implement some audit policy (using a log file) in Solaris 10 in order to record the following data in columns per all users: 1. Date 2. Time 3. User 4. Command executed 5. Terminal 6. IP Address Could you please help me in order to... (2 Replies)
Discussion started by: csierra
2 Replies

LEARN ABOUT HPUX

audit.conf

audit.conf(4)						     Kernel Interfaces Manual						     audit.conf(4)

NAME

       audit.conf, audit_site.conf - files containing event mapping information and  site-specific event mapping information

DESCRIPTION

       Files and store the event mapping information that can be used by and

       An  event is a particular system operation.  It may be either a self-auditing event or a system call.  Auditable events are classified into
       several event categories and/or profiles. Events and system calls may have aliases.

       When the auditing system is installed, a default set of event mapping information is provided in In order to  meet  site-specific  require-
       ments, users may also define event categories and profiles in

       In  general,  an event category is defined as a set of operations that affect a particular aspect of the system.  A profile is defined as a
       set of operations that affect a particular type of system.  With these classifications, a set of events can be selected when  using  or	by
       specifying the event category or the profile that the events are associated with.

       Here is the syntax of the directives in and

       Event categories are defined using the directive for base events and the directive for event aliases.

       Base  events are events that are pre-defined by the HP-UX operating system.  They are always associated with self-auditing events that have
       the same name and/or with a list of system calls with the names that are referred to by the HP-UX auditing system.

       Event aliases, distinct from base events, are combinations of base events, self-auditing events, system calls, and system call aliases.

       The system call name referred to by the auditing system usually matches the real system call name with a few  exceptions.   If  the  system
       call  is one of these exceptions, an alias name may be defined using the directive, and the alias name can be used by and system call level
       selection.  For example, the system call is referred to as the system call by the auditing  system.   The  interface  of  is  not  publicly
       exported,  but  the security relevant information of this system call is described in this file documents the security relevant information
       for all system calls that have names beginning with a period

       Profiles are defined using the directive.  Profiles can be combinations of any events.

       In only and directives are allowed; names picked for or must begin with a uppercase character and must have at least one lowercase  charac-
       ter.  Adding or at the end of an event name indicates only include successful or failed operations.

EXAMPLES

       Here are some example entries that could be in

       Selecting  for  auditing enables audit for the system calls (for both pass and fail), (for pass only), and (for fail only).  Note that con-
       tains and the fail events covered under Selecting this profile causes to be audited for both pass and fail, and to be audited for fail, and
       to not be audited at all.

AUTHOR

       was developed by HP.

FILES

       File containing event mapping information

       File containing audit information description for
	      HP-UX internal system calls which are not publicly supported

       File containing site-specific event
	      mapping information

SEE ALSO

       audevent(1M), audisp(1M).

																     audit.conf(4)
All times are GMT -4. The time now is 05:24 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy