Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: File Auditing in Sun Solaris environment
Top Forums UNIX for Advanced & Expert Users File Auditing in Sun Solaris environment Post 302370161 by mohan_kumarcs on Tuesday 10th of November 2009 03:15:34 PM
Old 11-10-2009
File Auditing in Sun Solaris environment
Hi All,

I have a requirement to report us on changing a group of static files.
Those are the binary files that run in Production every day.

Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code.

We have decided to have an audit system for all those files and report a group(send email) on changes in the files we are looking for.

I searched a lot and got the below link:
Linux audit files to see who made changes to a file

But, this needs system admin to enter the picture.

Please let me know, is there a way/script to do the same.

The environment is Sun Solaris E20K.

Regards,
Mohan Kumar CS
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

speeding up the compilation on SUN Solaris environment

Dear friends, Please let me know how do I increase the speed of my compilation in SUN Solaris environment. actually I have many subfolders which contains .cc files. when I compile makefile at the root it will take much time to compile all the subfolders and generates object(.o) files. Can... (2 Replies)
Discussion started by: swamymns
2 Replies

2. UNIX for Dummies Questions & Answers

solaris BSM and Auditing

Hi Guys, I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please. this is the config of the audit files: audit_conto # Copyright... (18 Replies)
Discussion started by: skywalker850i
18 Replies

3. Solaris

Solaris 9 Auditing

How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies

4. Programming

Uncompress a gzip and bzip file using java on unix solaris environment

Hi, I need to uncompress a gzip and bzip file using java on unix solaris environment. I also need to retreive the header information of the file inorder to differentiate between gzip and bzip file. Please help Pooja (0 Replies)
Discussion started by: wadhwa.pooja
0 Replies

5. UNIX for Advanced & Expert Users

Solaris auditing (file access logging) for specific directory only.

Hello, We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies

6. Solaris

Solaris user auditing

Hello, I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" ) Thanks. (2 Replies)
Discussion started by: niyazi
2 Replies

7. Cybersecurity

Solaris Auditing: Newly specified events not being logged

Hi all I'm busy testing auditing on Solaris 10. I am using the syslog plugin to get real time view of what's happening on the system. Initially I am only monitoring lo events. The audit_control file looked like this: dir:/var/audit flags:lo minfree:20 naflags:lo... (1 Reply)
Discussion started by: notreallyhere
1 Replies

8. Solaris

Auditing Sun Servers

Hi All, I am new joinee to this forum and recently promoted as sun administrator from dba. I still dont know whether i can handle it fully . My first task is to audit set of sun servers and findout what it is doing and whether it can be upgraded or decommissioned and if upgraded whether it can... (5 Replies)
Discussion started by: sundba
5 Replies

9. Solaris

Exclude an specific directory for auditing in Solaris 10

Hello, Im glad to become a member of this forums, Im new on solaris and recentrly im introducing to use auditing service in that system. The need is, that I need how to exclude a directory to the audit service not audit it. And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies

LEARN ABOUT FREEBSD

auditd

AUDITD(8)						    BSD System Manager's Manual 						 AUDITD(8)

NAME

     auditd -- audit log management daemon

SYNOPSIS

     auditd [-d | -l]

DESCRIPTION

     The auditd daemon responds to requests from the audit(8) utility and notifications from the kernel.  It manages the resulting audit log files
     and specified log file locations.

     The options are as follows:

     -d      Starts the daemon in debug mode -- it will not daemonize.

     -l      This option is for when auditd is configured to start on-demand using launchd(8).

     Optionally, the audit review group "audit" may be created.  Non-privileged users that are members of this group may read the audit trail log
     files.

NOTE

     To assure uninterrupted audit support, the auditd daemon should not be started and stopped manually.  Instead, the audit(8) command should be
     used to inform the daemon to change state/configuration after altering the audit_control file.

     If auditd is started on-demand by launchd(8) then auditing should only be started and stopped with audit(8).

     On Mac OS X, auditd uses the asl(3) API for writing system log messages.  Therefore, only the audit administrator and members of the audit
     review group will be able to read the system log entries.

FILES

     /var/audit     Default directory for storing audit log files.

     /etc/security  The directory containing the auditing configuration files audit_class(5), audit_control(5), audit_event(5), and audit_warn(5).

COMPATIBILITY

     The historical -h and -s flags are now configured using audit_control(5) policy flags ahlt and cnt, and are no longer available as arguments
     to auditd.

SEE ALSO

     asl(3), libauditd(3), audit(4), audit_class(5), audit_control(5), audit_event(5), audit_warn(5), audit(8), auditdistd(8), launchd(8)

HISTORY

     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
     2004.  It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

AUTHORS

     This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc.  Addi-
     tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

BSD
								 December 11, 2008							       BSD
All times are GMT -4. The time now is 05:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy