02-19-2009
Everything looks OK in your audit_control file, do you have something like the following in your syslog.conf file?
audit.debug /var/adm/message
Also, is auditd enabled?
svcadm enable svc:/system/auditd:default
Also you need to enable BSM by running /etc/security/bsmconv then rebooting. You probably already did that, but just checking.
Last edited by seg; 02-19-2009 at 07:45 PM..
10 More Discussions You Might Find Interesting
1. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
2. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
3. Solaris
Hi Friends
I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.
Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
4. Solaris
Hi,
I have installed Solaris 10 in my PC and now installing Oracle10, but while adding a user i am getting following error:
useradd -g oinstall -G dba -d /export/home/oracle oracle
UX: useradd: ERROR: Inconsistent password files. See pwconv(1M).
I have tried pwconv command,... (4 Replies)
Discussion started by: amitanshu.verma
4 Replies
5. UNIX for Advanced & Expert Users
Good day all.
I'm trying to add a user with useradd and the -p option to assign a project name, but the result is that the user is created with an error message: "UX: useradd: user.root name should be all lower case or numeric."
The command:
useradd -d /export/home/tester -g rtpgrp -G... (2 Replies)
Discussion started by: BRH
2 Replies
6. Solaris
the previous thread on this problem was closed with no resolution/workaround that i could see...have there been any breakthroughs? :wall: (0 Replies)
Discussion started by: lisah66
0 Replies
7. UNIX for Advanced & Expert Users
I installed Solaris 10 (8/11) and added an account for myself. It lives in
/export/home/{name} but /etc/passwd shows it is
/home/{name} where it seems to be mounted like a filesystem. I tried to
create another account from the command line but it doesn't work the same way.
I can't find... (7 Replies)
Discussion started by: dokhebi
7 Replies
8. Solaris
Dear All,
I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers.
After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies
9. Solaris
Linux audits in syslog, any time a user is deleted or added. However, I'm running a Solaris11 VM, and find no such entries. How can I enable auditing for useradd and userdel? Oracle's documentation on managing the auditing service, has been of no assistance. Thanks.
Customizing What Is... (7 Replies)
Discussion started by: Nvizn
7 Replies
10. Solaris
hi,
I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies
LEARN ABOUT XFREE86
audit_data
audit_data(4) File Formats audit_data(4)
NAME
audit_data - current information on audit daemon
SYNOPSIS
/etc/security/audit_data
DESCRIPTION
The audit_data file contains information about the audit daemon. The file contains the process ID of the audit daemon, and the pathname of
the current audit log file. The format of the file is:
pid>:<pathname>
Where pid is the process ID for the audit daemon, and pathname is the full pathname for the current audit log file.
EXAMPLES
Example 1: A sample audit_data file.
64:/etc/security/audit/server1/19930506081249.19930506230945.bongos
FILES
/etc/security/audit_data
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Obsolete |
+-----------------------------+-----------------------------+
SEE ALSO
audit(1M), auditd(1M), bsmconv(1M), audit(2), audit_control(4), audit.log(4)
NOTES
The functionality described on this manual page is internal to audit(1M) and might not be supported in a future release.
The auditd utility is the only supported mechanism to communicate with auditd(1M). The current audit log can be determined by examining the
configured audit directories. See audit_control(4).
The functionality described on this manual page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
more information.
SunOS 5.10 14 Nov 2002 audit_data(4)