07-21-2009
Auditing events
Hi there,
I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file:
Authentication events (login success, login failure, logout)
Privilege use events (change to another user etc.)
System state events (shutdown, reboot)
Batch events (execution of batch processes)
Clock/Time Setting Change
Syslog Messages Cleared
User Account Administration
For testing purpose, I want to turn off all other events but for the ones listed above. Please let me know how it's done.
Thanks,
V
Last edited by zaxxon; 07-21-2009 at 10:07 AM..
Reason: Changed title into something senseful
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs.
Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies
2. Cybersecurity
Hi dear friends
I have an RHEL5 installed and I gave all users on it rbash shell, Now I want to audit all commands that they did in there shell once they enter them, Can any guide me to the way
Thanks (2 Replies)
Discussion started by: reaky
2 Replies
3. Cybersecurity
Hi all
I'm busy testing auditing on Solaris 10.
I am using the syslog plugin to get real time view of what's happening on the system. Initially I am only monitoring lo events. The audit_control file looked like this:
dir:/var/audit
flags:lo
minfree:20
naflags:lo... (1 Reply)
Discussion started by: notreallyhere
1 Replies
4. Shell Programming and Scripting
I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies
5. AIX
Hi All,
i've a problem on a AIX server with audit config...
when i start the audit i receive this error:
root@****:/etc/security/audit > /usr/sbin/audit start
Audit start cleanup: The system call does not exist on this system.
** failed setting kernel audit objects
I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies
6. AIX
can some give some tips, most common security issues or and kind of advice about auditing aix system?
regards (2 Replies)
Discussion started by: bongo
2 Replies
7. AIX
In our customer place somebody removed and PV from the server. I want the information like which user removed this PV.
Is there any way to get PV removal information.
When did the PV removed from the server ?
Whether AIX auding will help ?
Where i can get these information ?
Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies
8. Solaris
Hello Solaris Team,
We would like to implement some audit policy (using a log file) in Solaris 10 in order to record the following data in columns per all users:
1. Date
2. Time
3. User
4. Command executed
5. Terminal
6. IP Address
Could you please help me in order to... (2 Replies)
Discussion started by: csierra
2 Replies
LEARN ABOUT OSF1
xselectinput
XSelectInput(3X11) XSelectInput(3X11)
NAME
XSelectInput - select input events
SYNOPSIS
XSelectInput(display, w, event_mask)
Display *display;
Window w;
long event_mask;
ARGUMENTS
Specifies the connection to the X server. Specifies the event mask. Specifies the window whose events you are interested in.
DESCRIPTION
The XSelectInput function requests that the X server report the events associated with the specified event mask. Initially, X will not
report any of these events. Events are reported relative to a window. If a window is not interested in a device event, it usually propa-
gates to the closest ancestor that is interested, unless the do_not_propagate mask prohibits it.
Setting the event-mask attribute of a window overrides any previous call for the same window but not for other clients. Multiple clients
can select for the same events on the same window with the following restrictions: Multiple clients can select events on the same window
because their event masks are disjoint. When the X server generates an event, it reports it to all interested clients. Only one client at
a time can select CirculateRequest, ConfigureRequest, or MapRequest events, which are associated with the event mask SubstructureRedirect-
Mask. Only one client at a time can select a ResizeRequest event, which is associated with the event mask ResizeRedirectMask. Only one
client at a time can select a ButtonPress event, which is associated with the event mask ButtonPressMask.
The server reports the event to all interested clients.
XSelectInput can generate a BadWindow error.
DIAGNOSTICS
A value for a Window argument does not name a defined Window.
SEE ALSO
Xlib -- C Language X Interface
XSelectInput(3X11)