09-21-2010
if the user doesn't disable auditing... you can. a better option would bei "RBAC" for a finer granularity in user rights. so you can have a user with almost root capability, just without the right to mess with auditing.
http://docs.sun.com/app/docs/doc/816...8?l=all&a=view
10 More Discussions You Might Find Interesting
1. AIX
Background:
I a trying to audit user administration on a AIX box. I am trying to make sure that any changes made by the System administrator to the user accounts (Add users, changing their attributes or deleting users) are accompanied by authorization i.e. the system admin does not make any... (0 Replies)
Discussion started by: gladiator
0 Replies
2. AIX
i want to audit user commands ..
keep track of what commands each user has been giving ..
can this be done by writing a script in engraving it in .profile of the user.
or is there any other way of doing this ...
rgds
raj (2 Replies)
Discussion started by: rajesh_149
2 Replies
3. HP-UX
Hi all
I hope to find what i'm looking for in this forum
as said in the topic i want to track user's actions on the system. i mean also the action of moving or removing files. I have an HP 9000 with HP UX 11i. the users log on the HP from a terminal window under WIndows XP
Thx (3 Replies)
Discussion started by: Timberland
3 Replies
4. UNIX for Dummies Questions & Answers
Hi Guys,
I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please.
this is the config of the audit files:
audit_conto
# Copyright... (18 Replies)
Discussion started by: skywalker850i
18 Replies
5. Solaris
How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies
6. UNIX for Advanced & Expert Users
Hi All,
I have a requirement to report us on changing a group of static files.
Those are the binary files that run in Production every day.
Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code.
... (1 Reply)
Discussion started by: mohan_kumarcs
1 Replies
7. Shell Programming and Scripting
Hi All,
I need to put in place a UNIX shell script that calls three sql scripts & reports to the DBAs.
I already have the three sql scripts in place & they perform the following database auditing actions:
1. actions.sql
This script queries the DBA_AUDIT _TRAIL table to look for database user... (2 Replies)
Discussion started by: divroro12
2 Replies
8. Shell Programming and Scripting
Hello,
is there some way to track what shell commands some user is executing ?
Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ...
I have 2.6.13-1.1526_FC4smp (9 Replies)
Discussion started by: tonijel
9 Replies
9. AIX
I am trying to find out the information of my local desktop when i use putty to login to an AIX server.
This is what I do:
1. login to my PC
2. take a putty session to an AIX server
Can i get information of my local desktop from the AIX server ? Is there a command available ?
Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies
10. Solaris
Hello,
Im glad to become a member of this forums,
Im new on solaris and recentrly im introducing to use auditing service in that system.
The need is, that I need how to exclude a directory to the audit service not audit it.
And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies
LEARN ABOUT HPUX
audswitch
audswitch(2) System Calls Manual audswitch(2)
NAME
audswitch() - suspend or resume auditing on the current process
SYNOPSIS
DESCRIPTION
suspends or resumes auditing within the current process. This call is restricted to users with the privilege.
One of the following flags must be used for aflag:
Suspend auditing on the current process.
Resume auditing on the current process.
can be used in processes with the privilege to temporarily suspend auditing during intervals where auditing is to be handled by the process
itself. Auditing is suspended by a call to with the parameter and resumed later by a call to with the parameter.
An call to resume auditing serves only to reverse the action of a previous call to suspend auditing. A call to to resume auditing when
auditing is not suspended has no effect.
affects only the current process. For example, cannot suspend auditing for processes from the current process. (Use (see setaudproc(2))
to enable or disable auditing for a process and its children).
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, returns If an error occurs, is returned and the global variable is set to indicate the error.
ERRORS
fails if one of the following is true:
The user does not possess the
privilege.
The input parameter is neither
nor
AUTHOR
was developed by HP.
SEE ALSO
audevent(1M), audusr(1M), setaudproc(2), audit(5), privileges(5).
audswitch(2)