Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: audit useradd, userdel on solaris 10
Operating Systems Solaris audit useradd, userdel on solaris 10 Post 302289490 by seg on Thursday 19th of February 2009 06:59:07 PM
Old 02-19-2009
Ah, good to see it's functioning on some level. Very odd that it doesn't log useradd/del- one would think they fit in the ua 'user administration' category. You might try some different flags like 'am' or 'as'. audit_class has the list of flags.

I'm sticking with this issue as long as I can because I'm very interested to find out how to make this work.
 

10 More Discussions You Might Find Interesting

1. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

2. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

3. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

4. Solaris

useradd giving error in solaris 10

Hi, I have installed Solaris 10 in my PC and now installing Oracle10, but while adding a user i am getting following error: useradd -g oinstall -G dba -d /export/home/oracle oracle UX: useradd: ERROR: Inconsistent password files. See pwconv(1M). I have tried pwconv command,... (4 Replies)
Discussion started by: amitanshu.verma
4 Replies

5. UNIX for Advanced & Expert Users

Problem with useradd, -p option in Solaris 10

Good day all. I'm trying to add a user with useradd and the -p option to assign a project name, but the result is that the user is created with an error message: "UX: useradd: user.root name should be all lower case or numeric." The command: useradd -d /export/home/tester -g rtpgrp -G... (2 Replies)
Discussion started by: BRH
2 Replies

6. Solaris

audit useradd userdel usermod in solaris 10

the previous thread on this problem was closed with no resolution/workaround that i could see...have there been any breakthroughs? :wall: (0 Replies)
Discussion started by: lisah66
0 Replies

7. UNIX for Advanced & Expert Users

Solaris 10 useradd confusion[solved]

I installed Solaris 10 (8/11) and added an account for myself. It lives in /export/home/{name} but /etc/passwd shows it is /home/{name} where it seems to be mounted like a filesystem. I tried to create another account from the command line but it doesn't work the same way. I can't find... (7 Replies)
Discussion started by: dokhebi
7 Replies

8. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

9. Solaris

Audit useradd/userdel - Solaris 11

Linux audits in syslog, any time a user is deleted or added. However, I'm running a Solaris11 VM, and find no such entries. How can I enable auditing for useradd and userdel? Oracle's documentation on managing the auditing service, has been of no assistance. Thanks. Customizing What Is... (7 Replies)
Discussion started by: Nvizn
7 Replies

10. Solaris

Audit not working on Solaris 10

hi, I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies

LEARN ABOUT OPENDARWIN

audit_class

audit_class(4)							   File Formats 						    audit_class(4)

NAME

       audit_class - audit class definitions

SYNOPSIS

       /etc/security/audit_class

DESCRIPTION

       /etc/security/audit_class  is a user-configurable ASCII system file that stores class definitions used in the audit system. Audit events in
       audit_event(4) are mapped to one or more of the defined	audit  classes.  audit_event  can  be  updated	in  conjunction  with  changes	to
       audit_class.  See  audit_control(4) and audit_user(4) for information about changing the preselection of audit classes in the audit system.
       Programs can use the getauclassent(3BSM) routines to access audit class information.

       The fields for each class entry are separated by colons. Each class entry is a bitmap and is separated from each other by a newline.

       Each entry in the audit_class file has the form:

       mask:name:description

       The fields are defined as follows:

       mask	       class mask

       name	       class name

       description     class description

       Each class is represented as a bit in the class mask which is an unsigned integer. Thus, there are 32 different	classes  available.  Meta-
       classes	can  also  be  defined. These are supersets composed of multiple base classes, and thus will have more than 1 bit in its mask. See
       EXAMPLES.  Two special meta-classes are also pre-defined: all, and no.

       all	Represents a conjunction of all allowed classes, and is provided as a shorthand method of specifying all classes.

       no	Is the invalid class, and any event mapped solely to this class will not be audited. Turning auditing on to  the  all  meta  class
		will  not  cause  events  mapped  solely to the no class to be written to the audit trail. This class is also used to map obsolete
		events which are no longer generated. Obsolete events are retained to process old audit trails files.

EXAMPLES

       Example 1: Using an audit_class File

       The following is an example of an audit_class file:

       0x00000000:no:invalid class
       0x00000001:fr:file read
       0x00000002:fw:file write
       0x00000004:fa:file attribute access
       0x00000008:fm:file attribute modify
       0x00000010:fc:file create
       0x00000020:fd:file delete
       0x00000040:cl:file close
       0x00000100:nt:network
       0x00000200:ip:ipc
       0x00000400:na:non-attribute
       0x00001000:lo:login or logout
       0x00004000:ap:application
       0x000f0000:ad:old administrative (meta-class)
       0x00070000:am:administrative (meta-class)
       0x00010000:ss:change system state
       0x00020000:as:system-wide administration
       0x00040000:ua:user administration
       0x00080000:aa:audit utilization
       0x00300000:pc:process (meta-class)
       0x00100000:ps:process start/stop
       0x00200000:pm:process modify
       0x20000000:io:ioctl
       0x40000000:ex:exec
       0x80000000:ot:other
       0xffffffff:all:all classes (meta-class)

FILES

       /etc/security/audit_class

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     | See below		   |
       +-----------------------------+-----------------------------+

       The file format stability is evolving. The file content is unstable.

SEE ALSO

       bsmconv(1M), au_preselect(3BSM), getauclassent(3BSM), audit_control(4), audit_event(4), audit_user(4), attributes(5)

NOTES

       It is possible to deliberately turn on the no class in the kernel, in which case the audit trail will be flooded with records for the audit
       event AUE_NULL.

       This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

SunOS 5.10							    6 Jan 2003							    audit_class(4)
All times are GMT -4. The time now is 03:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy