12-13-2008
If you are using Linux you should be able to use the AUDIT program.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
hi!,
is there any way to retrieve a file that I have deleted few minutes back?? I am using Solaris- 5.6..
:rolleyes: (2 Replies)
Discussion started by: jyotipg
2 Replies
2. Linux
I am a relatively new linux user.would like to know how to undo a deleted file (2 Replies)
Discussion started by: wojtyla
2 Replies
3. Solaris
Bymistake I deleted a file and there is no backup.Is there anyway to get that file. (1 Reply)
Discussion started by: csreenivas
1 Replies
4. Solaris
Hi Folks ,
Would be grateful if someone could help me out in one of the question that came to my mind . If the /etc/passwd file has been deleted and the system has been rebooted . Then i dont think that any user would be able to login and the system will be useless . Whats the best solution for... (5 Replies)
Discussion started by: gera_sachin125
5 Replies
5. Shell Programming and Scripting
Hi
In my script, users have the option to delete files from a directory, however, I don't want them to be able to delete the automatically generated log file.
Is there anyway to lock a file from being deleted?
Note: The file can't be read only as it has to be written to quite frequently.
... (3 Replies)
Discussion started by: Darren Taylor
3 Replies
6. Shell Programming and Scripting
I accidently deleted the files from linux machine. How to restore back the files. (1 Reply)
Discussion started by: sandy1028
1 Replies
7. Solaris
hi there,
Is there any way to retrive the deleted files from solaris,
we are using solaris 10 and the file seems delete when it is opened.
I search over by Google but no good result...
tnx :-) (4 Replies)
Discussion started by: dagigg
4 Replies
8. UNIX for Dummies Questions & Answers
I attempted to delete a swap file (rm .<filename>.swp).
Now the system is trying to delete one file that doesn't exist anymore and the file is adding a number in increments to the name of the file it is attempting to delete (filename1.csv, filename2.csv)
The log says the filename1.csv does... (0 Replies)
Discussion started by: student21
0 Replies
9. UNIX for Dummies Questions & Answers
Hi All
By mistake i have deleted some file in a directory, is there any way to get it back in Unix( i am using sh ) (2 Replies)
Discussion started by: parthmittal2007
2 Replies
10. UNIX for Dummies Questions & Answers
Is there a way I could recover a deleted text file with "rm -rf" command.
Running CentOS 6.5.
Thank you. (5 Replies)
Discussion started by: galford
5 Replies
AUDIT(8) BSD System Manager's Manual AUDIT(8)
NAME
audit -- audit management utility
SYNOPSIS
audit -e | -i | -n | -s | -t
DESCRIPTION
The audit utility controls the state of the audit system. One of the following flags is required as an argument to audit:
-e Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file
without doing a log rotation.
-i Initializes and starts auditing. This option is currently for Mac OS X only and requires auditd(8) to be configured to run under
launchd(8).
-n Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit con-
trol file. Also, audit log files that meet the expiration criteria specified in the audit control file will be removed.
-s Specifies that the audit system should [re]synchronize its configuration from the audit control file. A new log file will be cre-
ated. The attributable flags parameter from the audit_control(5) configuration file is set at login time and is not synchronized with
this flag.
-t Specifies that the audit system should terminate. Log files are closed and renamed to indicate the time of the shutdown.
NOTES
The auditd(8) daemon must already be running. Optionally, it can be configured to be started on-demand by launchd(8) (Mac OS X only). The
audit utility requires audit administrator privileges for successful operation.
FILES
/etc/security/audit_control Audit policy file used to configure the auditing system.
SEE ALSO
audit(4), audit_control(5), auditd(8), launchd(8)
HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD
January 29, 2009 BSD