|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
Auditing
Post 302304927 by Neo on Tuesday 7th of April 2009 03:25:38 PM
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi all,
Have been asked to learn up on providing Sytem Auditing on two SCO boxes.
Where should I start and what pointers can anyone provide.
Whilst I'm learning to look after these two SCO boxes, I'm also to eventually look after three Compaq DS20E True64 Unix boxes also in the near future. (2 Replies)
Discussion started by: Cameron
2 Replies
2. Solaris
How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies
3. UNIX for Advanced & Expert Users
I need to log or 'audit' any access to a shared directory which is stored on a NetApp appliance. I need to be able to 'prove' who has acessed the data in this directory at any time. I am just not sure how to do this. The systems that will be accessing this are Linux systems.
Any help is... (2 Replies)
Discussion started by: frankkahle
2 Replies
4. AIX
Hi there,
I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file:
Authentication events (login success, login failure, logout)
Privilege use events (change to another user etc.) ... (1 Reply)
Discussion started by: venksel
1 Replies
5. Cybersecurity
Hi dear friends
I have an RHEL5 installed and I gave all users on it rbash shell, Now I want to audit all commands that they did in there shell once they enter them, Can any guide me to the way
Thanks (2 Replies)
Discussion started by: reaky
2 Replies
6. AIX
I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only?
Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies
7. Shell Programming and Scripting
I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies
8. AIX
Hi All,
i've a problem on a AIX server with audit config...
when i start the audit i receive this error:
root@****:/etc/security/audit > /usr/sbin/audit start
Audit start cleanup: The system call does not exist on this system.
** failed setting kernel audit objects
I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies
9. Solaris
Hi ,
I don't want logs from a particular "library" to get recorded in the audit.log file. Is that possible with BSM? Please guide.
Thanks. (2 Replies)
Discussion started by: chinchao
2 Replies
10. UNIX for Advanced & Expert Users
I have implemented solaris login authenticating against an active directory server, using solaris x86 on a Dell R810 8xXeon CPUs and 262Gb RAM.
The actual OS is:
# uname -a
SunOS ms-svr012 5.10 Generic_142910-17 i86pc i386 i86pc
# cat /etc/release
Oracle Solaris 10 9/10... (2 Replies)
Discussion started by: jabberwocky
2 Replies
LEARN ABOUT OPENSOLARIS
audit
audit(2) System Calls audit(2) NAME
audit - write a record to the audit log SYNOPSIS
cc [ flag ... ] file ... -lbsm -lsocket -lnsl [ library... ] #include <sys/param.h> #include <bsm/libbsm.h> int audit(caddr_t record, int length); DESCRIPTION
The audit() function queues a record for writing to the system audit log. The data pointed to by record is queued for the log after a mini- mal consistency check, with the length parameter specifying the size of the record in bytes. The data should be a well-formed audit record as described by audit.log(4). The kernel validates the record header token type and length, and sets the time stamp value before writing the record to the audit log. The kernel does not do any preselection for user-level generated events. If the audit policy is set to include sequence or trailer tokens, the kernel will append them to the record. RETURN VALUES
Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error. ERRORS
The audit() function will fail if: E2BIG The record length is greater than the maximum allowed record length. EFAULT The record argument points outside the process's allocated address space. EINVAL The header token in the record is invalid. ENOTSUP Solaris Audit is not defined for this system. EPERM The {PRIV_PROC_AUDIT} privilege is not asserted in the effective set of the calling process. USAGE
Only privileged processes can successfully execute this call. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Committed | +-----------------------------+-----------------------------+ |MT-Level |MT-Safe | +-----------------------------+-----------------------------+ SEE ALSO
bsmconv(1M), audit(1M), auditd(1M), svcadm(1M), auditon(2), getaudit(2), audit.log(4), attributes(5), privileges(5) NOTES
The functionality described in this man page is available only if the Solaris Auditing has been enabled and the audit daemon auditd(1M) has not been disabled by audit(1M) or svcadm(1M). See bsmconv(1M) for more information. SunOS 5.11 16 Apr 2008 audit(2)