Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris user auditing
Operating Systems Solaris Solaris user auditing Post 302455198 by DukeNuke2 on Tuesday 21st of September 2010 04:48:26 AM
Old 09-21-2010
if the user doesn't disable auditing... you can. a better option would bei "RBAC" for a finer granularity in user rights. so you can have a user with almost root capability, just without the right to mess with auditing.

http://docs.sun.com/app/docs/doc/816...8?l=all&a=view
 

10 More Discussions You Might Find Interesting

1. AIX

Auditing User administrator

Background: I a trying to audit user administration on a AIX box. I am trying to make sure that any changes made by the System administrator to the user accounts (Add users, changing their attributes or deleting users) are accompanied by authorization i.e. the system admin does not make any... (0 Replies)
Discussion started by: gladiator
0 Replies

2. AIX

User Auditing

i want to audit user commands .. keep track of what commands each user has been giving .. can this be done by writing a script in engraving it in .profile of the user. or is there any other way of doing this ... rgds raj (2 Replies)
Discussion started by: rajesh_149
2 Replies

3. HP-UX

Auditing User's actions

Hi all I hope to find what i'm looking for in this forum as said in the topic i want to track user's actions on the system. i mean also the action of moving or removing files. I have an HP 9000 with HP UX 11i. the users log on the HP from a terminal window under WIndows XP Thx (3 Replies)
Discussion started by: Timberland
3 Replies

4. UNIX for Dummies Questions & Answers

solaris BSM and Auditing

Hi Guys, I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please. this is the config of the audit files: audit_conto # Copyright... (18 Replies)
Discussion started by: skywalker850i
18 Replies

5. Solaris

Solaris 9 Auditing

How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies

6. UNIX for Advanced & Expert Users

File Auditing in Sun Solaris environment

Hi All, I have a requirement to report us on changing a group of static files. Those are the binary files that run in Production every day. Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code. ... (1 Reply)
Discussion started by: mohan_kumarcs
1 Replies

7. Shell Programming and Scripting

Script for Oracle user activity auditing

Hi All, I need to put in place a UNIX shell script that calls three sql scripts & reports to the DBAs. I already have the three sql scripts in place & they perform the following database auditing actions: 1. actions.sql This script queries the DBA_AUDIT _TRAIL table to look for database user... (2 Replies)
Discussion started by: divroro12
2 Replies

8. Shell Programming and Scripting

user auditing

Hello, is there some way to track what shell commands some user is executing ? Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ... I have 2.6.13-1.1526_FC4smp (9 Replies)
Discussion started by: tonijel
9 Replies

9. AIX

User auditing from AIX server

I am trying to find out the information of my local desktop when i use putty to login to an AIX server. This is what I do: 1. login to my PC 2. take a putty session to an AIX server Can i get information of my local desktop from the AIX server ? Is there a command available ? Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies

10. Solaris

Exclude an specific directory for auditing in Solaris 10

Hello, Im glad to become a member of this forums, Im new on solaris and recentrly im introducing to use auditing service in that system. The need is, that I need how to exclude a directory to the audit service not audit it. And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies

LEARN ABOUT SUSE

apache::authznetldap

Apache::AuthzNetLDAP(3) 				User Contributed Perl Documentation				   Apache::AuthzNetLDAP(3)

NAME

       Apache::AuthzNetLDAP - Apache-Perl module that enables you to authorize a user for Website based on LDAP attributes.

SYNOPSIS

	 PerlSetVar BindDN "cn=Directory Manager"
	 PerlSetVar BindPWD "password"
	 PerlSetVar BaseDN "ou=people,o=unt.edu"
	 PerlSetVar LDAPServer ldap.unt.edu
	 PerlSetVar LDAPPort 389
	 PerlSetVar UIDAttr uid
	#PerlSetVar UIDAttr mail

	 PerlAuthenHandler Apache::AuthNetLDAP
	 PerlAuthzHandler Apache::AuthzNetLDAP

	 #require valid-user
	 #require user mewilcox
	 #require user mewilcox@venus.acs.unt.edu
	 #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu"
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith
	 #require ldap-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse=
       untcoursenumber=1999CCOMM2040001,ou=courses,ou=acad,o=unt.edu

DESCRIPTION

       After you have authenticated a user (perhaps with Apache::AuthNetLDAP ;) you can use this module to determine whether they are authorized
       to access the Web resource under this modules control.

       You can control authorization via one of four methods. The first two are pretty standard, the second two are unique to LDAP.

       "require" options --

       user -> Will authorize access if the authenticated user's username.

       valid-user -> Will authorize any authenticated user.

       group -> Will authorize any authenticated user who is a member of the LDAP group specified by groupdn. This module supports groupOfMember,
       groupOfUniquemember and Netscape's dynamic group object classes.

       ldap-url -> This will authorize any authenticated user who matches the query specified in the given LDAP URL. This is enables users to get
       the flexibility of Netscape's dynamic groups, even if their LDAP server does not support such a capability.

CONFIGURATION NOTES

	It is important to note that this module must be used in conjunction with an authentication module. (...?
       Is this true?  I just thought, that you might want to only authorize a user, instead of authenticate...)
       If you are using an authentication module, then the following lines will not need to be duplicated:

	 PerlSetVar BindDN "cn=Directory Manager"
	 PerlSetVar BindPWD "password"
	 PerlSetVar BaseDN "ou=people,o=unt.edu"
	 PerlSetVar LDAPServer ldap.unt.edu
	 PerlSetVar LDAPPort 389
	 PerlSetVar UIDAttr uid
	#PerlSetVar UIDAttr mail

	 PerlAuthenHandler Apache::AuthNetLDAP

       The following lines will not need to be duplicated if supported by the authentication module:

	 #require valid-user
	 #require user mewilcox
	 #require user mewilcox@venus.acs.unt.edu
	 #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu"
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith
	 #require ldap-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse=

       Obviously, the ldap-url attribute is probably only support by this module.

       Check out the following link for options to load the module:

       http://perl.apache.org/docs/1.0/guide/config.html#The_Startup_File http://perl.apache.org/docs/2.0/user/config/config.html#Startup_File

AUTHOR

       Mark Wilcox mewilcox@unt.edu and Shannon Eric Peevey speeves@unt.edu

SEE ALSO

       perl(1).

WARRANTY Hey, I didn't destroy mankind when testing the module. You're mileage may vary.
       This module is distributed with the same license as Perl's.

perl v5.12.1							    2010-07-05						   Apache::AuthzNetLDAP(3)
All times are GMT -4. The time now is 10:05 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy