Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC & Logging
Operating Systems Solaris RBAC & Logging Post 302402309 by incredible on Tuesday 9th of March 2010 11:16:09 AM
Old 03-09-2010
/var/adm/sulog file will show you who sued to a profile.
the .sh_history or .bash_history file within the profile's/user's home directory would capture the commands issued.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

RBAC logging

Hi gurus: I have not come accross any links on the internet that shows how to set up logging in RBAC and also is it possible to get the granularity and simplicity of sudo logging in RBAC. I have heard that RBAC logs are complicated to read and not as simple and granular as sudo logs. Your help... (0 Replies)
Discussion started by: geomonap
0 Replies

2. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies

3. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

4. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

5. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

6. Solaris

Difference between sudo & RBAC

Hello Everybody I would like to know any major difference between sudo & RBAC as I am bit familiar with RBAC but not with sudo (2 Replies)
Discussion started by: girish.batra
2 Replies

7. HP-UX

RBAC question

hi every one i tried rbac and i made 1- role called GizaRoot 2- group called gizagroup 3- added privlage autherization called "m.k" /usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt: i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies

8. Solaris

Sol10 + OpenLDAP = excessive logging & full file system??!!

Hello all, new to this forum (member of many others). Hopefully I can find help here. SERVER: Brand new server Oracle Enterprise SPARC T4-1 Loaded Solaris SPARC 10 u10, patched to 147440-27 Loaded OpenLDAP v2.4.30 Loaded Berkley DB 4.7.25.NC Loaded OpenSSL 1.0.1c Note: All packages are... (2 Replies)
Discussion started by: Wraith_G2IC
2 Replies

9. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

10. Solaris

Connection Logging in Solaris 10 & 11 - Beginner

Excuse my ignorance as I am very new to working with Solaris. I'm looking for documentation on how to create a network log in Solaris 10 & 11. I don't wish to edit any of the logs currently the system. I simply want a log that will capture all incoming IP addresses and log them with a time-in... (8 Replies)
Discussion started by: FamousAv8er
8 Replies

LEARN ABOUT OPENSOLARIS

scstat

scstat(1M)						  System Administration Commands						scstat(1M)

NAME

       scstat - monitor the status of a Sun Cluster configuration

SYNOPSIS

       scstat [-DWginpqv [v]] [-h node]

DESCRIPTION

       Note -

	 Beginning  with  the Sun Cluster 3.2 release, Sun Cluster software includes an object-oriented command set. Although Sun Cluster software
	 still supports the original command set, Sun Cluster procedural documentation uses only the object-oriented command set. For more  infor-
	 mation about the object-oriented command set, see the Intro(1CL) man page.

       The  scstat  command  displays  the  current  state  of Sun Cluster components. Only one instance of the scstat command needs to run on any
       machine in the Sun Cluster configuration.

       When run without any options, scstat displays the status for all components of the cluster. This display includes  the  following  informa-
       tion:

	   o	  A list of cluster members

	   o	  The status of each cluster member

	   o	  The status of resource groups and resources

	   o	  The status of every path on the cluster interconnect

	   o	  The status of every disk device group

	   o	  The status of every quorum device

	   o	  The status of every IP network multipathing (IPMP) group and public network adapter

       From  a	non-global zone, referred to simply as a zone, you can run all forms of this command except the -i option. When you run the scstat
       command from a non-global zone, the output is the same as when run from the global zone except that no status information is displayed  for
       IP network multipathing groups or public network adapters.

       You    need    solaris.cluster.device.read,   solaris.cluster.transport.read,   solaris.cluster.resource.read,	solaris.cluster.node.read,
       solaris.cluster.quorum.read, and solaris.cluster.system.read RBAC authorization to use this command without options. See rbac(5).

   Resources and Resource Groups
       The resource state, resource group state, and resource status are all maintained on a per-node basis. For example, a given resource  has  a
       distinct state on each cluster node and a distinct status on each cluster node.

       The  resource state is set by the Resource Group Manager (RGM) on each node, based only on which methods have been invoked on the resource.
       For example, after the STOP method has run successfully on a resource on a given node, the resource's state will be OFFLINE on  that  node.
       If the STOP method exits nonzero or times out, then the state of the resource is Stop_failed.

       Possible resource states include: Online, Offline, Start_failed, Stop_failed, Monitor_failed, Online_not_monitored, Starting, and Stopping.

       Possible  resource  group  states  are: Unmanaged, Online, Offline, Pending_online, Pending_offline, Error_stop_failed, Online_faulted, and
       Pending_online_blocked.

       In addition to resource state, the RGM also maintains a resource status that can be set by the resource itself by using the API. The  field
       Status Message actually consists of two components: status keyword and status message. Status message is optionally set by the resource and
       is an arbitrary text string that is printed after the status keyword.

       Descriptions of possible values for a resource's status are as follows:

       DEGRADED 	   The resource is online, but its performance or availability might be compromised in some way.

       FAULTED		   The resource has encountered an error that prevents it from functioning.

       OFFLINE		   The resource is offline.

       ONLINE		   The resource is online and providing service.

       UNKNOWN		   The current status is unknown or is in transition.

   Device Groups
       Device group status reflects the availability of the devices in that group.

       The following are possible values for device group status and their descriptions:

       DEGRADED 	   The device group is online, but not all of its potential primaries (secondaries) are  up.  For  two-node  connectivity,
			   this  status basically indicates that a stand-by primary does not exist, which means a failure of the primary node will
			   result in a loss of access to the devices in the group.

       OFFLINE		   The device group is offline. There is no primary node. The device group must  be  brought  online  before  any  of  its
			   devices can be used.

       ONLINE		   The device group is online. There is a primary node, and devices within the group are ready for I/O.

       WAIT		   The	device group is between one status and another. This status might occur, for example, when a device group is going
			   from offline to online.

   IP Network Multipathing Groups
       IP network multipathing (IPMP) group status reflects the availability of the backup group and the adapters in the group.

       The following are possible values for IPMP group status and their descriptions:

       OFFLINE		   The backup group failed. All adapters in the group are offline.

       ONLINE		   The backup group is functional. At least one adapter in the group is online.

       UNKNOWN		   Any other state than those listed before. This could result when an adapter is detached or marked as  down  by  Solaris
			   commands such as if_mpadm or ifconfig.

       The following are possible values for IPMP adapter status and their descriptions:

       OFFLINE		   The adapter failed or the backup group is offline.

       ONLINE		   The adapter is functional.

       STANDBY		   The adapter is on standby.

       UNKNOWN		   Any	other  state  than those listed before. This could result when an adapter is detached or marked as down by Solaris
			   commands such as if_mpadm or ifconfig.

OPTIONS

       You can specify command options to request the status for specific components.

       If more than one option is specified, the scstat command prints the status in the specified order.

       The following options are supported:

       -D	    Shows status for all disk device groups.

		    You can use this option in the global zone or in a non-global zone. For ease of administration, use this form of  the  command
		    in the global zone.

		    Output is the same when run from a zone as when run from the global zone.

		    You need solaris.cluster.device.read RBAC authorization to use this command option. See rbac(5).

       -g	    Shows status for all resource groups.

		    You  can  use this option in the global zone or in a non-global zone. For ease of administration, use this form of the command
		    in the global zone.

		    Output is the same when run from a zone as when run from the global zone.

		    You need solaris.cluster.resource.read RBAC authorization to use this command option. See rbac(5).

       -h node	    Shows status for the specified node (node) and status of the disk device groups of which this node is the primary  node.  Also
		    shows  the	status	of  the quorum devices to which this node holds reservations of the resource groups to which the node is a
		    potential master, and holds reservations of the transport paths to which the node is attached.

		    You   need	 solaris.cluster.device.read,	solaris.cluster.transport.read,    solaris.cluster.resource.read,    solaris.clus-
		    ter.node.read, solaris.cluster.quorum.read, and solaris.cluster.system.read RBAC authorization to use this command option. See
		    rbac(5).

       -i	    Shows status for all IPMP groups and public network adapters.

		    You can use this option only in the global zone.

       -n	    Shows status for all nodes.

		    You can use this option in the global zone or in a non-global zone. For ease of administration, use this form of  the  command
		    in the global zone.

		    Output is the same when run from a zone as when run from the global zone.

		    You need solaris.cluster.node.read RBAC authorization to use this command option. See rbac(5).

       -p	    Shows status for all components in the cluster. Use with -v to display more verbose output.

		    You  can  use this option in the global zone or in a non-global zone. For ease of administration, use this form of the command
		    in the global zone.

		    Output is the same when run from a zone as when run from the global zone, except that no status for IPMP groups or public net-
		    work adapters is displayed.

		    You    need    solaris.cluster.device.read,   solaris.cluster.transport.read,   solaris.cluster.resource.read,   solaris.clus-
		    ter.node.read, solaris.cluster.quorum.read, and solaris.cluster.system.read RBAC authorization to use -p with -v. See rbac(5).

       -q	    Shows status for all device quorums and node quorums.

		    You can use this option in the global zone or in a non-global zone. For ease of administration, use this form of  the  command
		    in the global zone.

		    Output is the same when run from a zone as when run from the global zone.

		    You need solaris.cluster.quorum.read RBAC authorization to use this command option. See rbac(5).

       -v[v]	    Shows verbose output.

       -W	    Shows status for cluster transport path.

		    You  can  use this option in the global zone or in a non-global zone. For ease of administration, use this form of the command
		    in the global zone.

		    Output is the same when run from a zone as when run from the global zone.

		    You need solaris.cluster.transport.read RBAC authorization to use this command option. See rbac(5).

EXAMPLES

       Example 1 Using the scstat Command

       The following command displays the status of all resource groups followed by the status of all components related to the specified host:

	 % scstat -g -h host

       The output that is displayed appears in the order in which the options are specified.

       These results are the same results you would see by typing the two commands:

	 % scstat -g

       and

	 % scstat -h host

EXIT STATUS

       The following exit values are returned:

       0		   The command completed successfully.

       nonzero		   An error has occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsczu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       Intro(1CL), cluster(1CL), if_mpadm(1M), ifconfig(1M), scha_resource_setstatus(1HA), scha_resource_setstatus(3HA), attributes(5)

NOTES

       An online quorum device means that the device was available for contributing to the formation of quorum when quorum was	last  established.
       From  the  context  of  the  quorum algorithm, the device is online because it actively contributed to the formation of quorum. However, an
       online quorum device might not necessarily continue to be in a healthy enough state to contribute to the formation of quorum when quorum is
       re-established. The current version of Sun Cluster does not include a disk monitoring facility or regular probes to the quorum devices.

Sun Cluster 3.2 						    10 Jul 2006 							scstat(1M)
All times are GMT -4. The time now is 04:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy