06-08-2008
Any process name / configuration to check if file auditing is enabled ?
10 More Discussions You Might Find Interesting
1. Solaris
Hi, I was wondering if anyone has had the problem I'm having or knows how to fix it. I need to audit one of our servers at work. I turned on BSM auditing and modified the audit_control file to only flag the "lo" class(login/outs) then I rebooted. I viewed the log BSM created and it shows a whole... (0 Replies)
Discussion started by: BlueKalel
0 Replies
2. UNIX for Dummies Questions & Answers
Hello everbody:
I have a file on the system, I need to check who was the last user who accessed or modified it, and if i can get any further details i can get like IP or access time,etc.
do you have any idea about simple concept or way i can do that in unix tru64 or solaris 9?
thanks in advance... (2 Replies)
Discussion started by: aladdin
2 Replies
3. Solaris
How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies
4. UNIX for Advanced & Expert Users
:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs.
Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies
5. UNIX for Advanced & Expert Users
Hi All,
I have a requirement to report us on changing a group of static files.
Those are the binary files that run in Production every day.
Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code.
... (1 Reply)
Discussion started by: mohan_kumarcs
1 Replies
6. UNIX for Advanced & Expert Users
Hello,
We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies
7. Solaris
I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access.
Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
Discussion started by: kchinnam
7 Replies
8. Shell Programming and Scripting
I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies
9. SCO
edit: solution found
Auditing Quick Start and Compatibility Notes (1 Reply)
Discussion started by: Linusolaradm1
1 Replies
10. Solaris
Hello Solaris Team,
We would like to implement some audit policy (using a log file) in Solaris 10 in order to record the following data in columns per all users:
1. Date
2. Time
3. User
4. Command executed
5. Terminal
6. IP Address
Could you please help me in order to... (2 Replies)
Discussion started by: csierra
2 Replies
LEARN ABOUT HPUX
setaudproc
setaudproc(2) System Calls Manual setaudproc(2)
NAME
setaudproc() - controls process level auditing for the current process and its decendents
SYNOPSIS
DESCRIPTION
controls process level auditing for the current process and its decendents. It accomplishes this by setting or clearing the flag in the
area of the calling process. When this flag is set, the system audits the process; when it is cleared, the process is not audited. This
call is restricted to users with the privilege.
One of the following flags must be used for aflag:
Audit the calling process and its decendents.
Do not audit the calling process and its decendents.
The flag is inherited by the descendents of a process. consequently, the effect of a call to is not limited to the current process, but
propagates to all its decendents as well. For example, if is called with the flag, all subsequent audited system calls in the current
process are audited until is called with the flag.
Further, performs its action regardless of whether the user executing the process has been selected to be audited or not. For example, if
is called with the (or the flag, all subsequent audited system calls will be audited (or not audited), regardless of whether the user exe-
cuting the process has been selected for auditing or not.
Due to these features, should not be used in most self-auditing applications. should be used (see audswitch(2)) when the objective is to
suspend auditing within a process without affecting its decendents or overriding the user selection aspect of the auditing system.
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, returns 0; otherwise, it returns -1 and sets to indicate the error.
AUTHOR
was developed by HP.
SEE ALSO
audevent(1M), audusr(1M), audswitch(2), getaudproc(2), audit(5), privileges(5).
setaudproc(2)