Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Cron audit problem in Solaris 8
Operating Systems Solaris Cron audit problem in Solaris 8 Post 302456960 by Mr.AIX on Monday 27th of September 2010 03:04:28 AM
Old 09-27-2010
Space is not the issue , space came when I copied it here!


I discovered it

I discovered the reason of cron audit problem. job failed


Reason is :

With auditing on there's an additional file /var/spool/cron/crontab/root.au that crond uses to set the audit flags. If you run the crontab command when you're logged into the system in a way that can't be properly audited, like via ssh, the values in root.au are set wrong and your cron jobs will fail.

To avoid the crontab interruption

Log into the console and run crontab -e then save it and all should work fine ..

Our main issue:

Our main issue why there is conflicting between crontab , auditing and ssh


I'm still investigating any one has idea in this regard , Pls advice …

.
Last edited by Mr.AIX; 09-29-2010 at 03:12 AM..
 

10 More Discussions You Might Find Interesting

1. Solaris

Sun Solaris Audit Program

Hi All, Any one has, sun solaris audit program which covers everything one need to check as a security auditor. Audit Program will help. Thanks, Ghanshyam Emails not allowed - see the Rules (4 Replies)
Discussion started by: ghanshyampatel
4 Replies

2. Solaris

I need to audit users on a Solaris box

Is there a command to find out all the commands ran by a certain user id? TiA (5 Replies)
Discussion started by: PapaPark
5 Replies

3. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

4. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

5. Solaris

Solaris 10.5 perl and cron job execution problem

Hi, I want to run a crontab job on solaris 10.5. I have configured the crontab accordingly 10 * * * * /scripts/dbalter.pl >> /scripts/cronout.txt However this does not work .Then I go to /var/mail/root and find an error in the output: From root@myserver Wed Feb 4 17:02:00 2009... (1 Reply)
Discussion started by: sonu2die4
1 Replies

6. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

7. Solaris

Solaris 10 Services - Audit and Closure

Hello We have recently been through an audit of our solaris servers. All our solaris servers are running version 10. We have been told to close down all the services and we have closed what we could by using svcadm disable We only wish to let ssh and the ftp service to run. Below is a... (3 Replies)
Discussion started by: sollyshah
3 Replies

8. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

9. Solaris

Solaris 10 audit, need to catch redirections

Hello, I've installed solaris audit on a Solaris 10 SPARC system. Latest patch 143962-04 is installed. My problem is that while I can catch all arguments and processes created, I cannot catch a redirection. ie cat /tmp/test.txt > /tmp/test2.txtCatches the first part but not the redirection.... (5 Replies)
Discussion started by: gowron
5 Replies

10. Solaris

Audit not working on Solaris 10

hi, I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies

LEARN ABOUT LINUX

crontab

CRONTAB(1)						      General Commands Manual							CRONTAB(1)

NAME

       crontab - maintain crontab files for individual users (Vixie Cron)

SYNOPSIS

       crontab [ -u user ] file
       crontab [ -u user ] [ -i ] { -e | -l | -r }

DESCRIPTION

       crontab	is  the  program used to install, deinstall or list the tables used to drive the cron(8) daemon in Vixie Cron.	Each user can have
       their own crontab, and though these are files in /var/spool/cron/crontabs, they are not intended to be edited directly.

       If the /etc/cron.allow file exists, then you must be listed (one user per line) therein in order to be allowed to use this command.  If the
       /etc/cron.allow file does not exist but the /etc/cron.deny file does exist, then you must not be listed in the /etc/cron.deny file in order
       to use this command.

       If neither of these files exists, then depending on site-dependent configuration parameters, only the super user will  be  allowed  to  use
       this command, or all users will be able to use this command.

       If  both  files exist then /etc/cron.allow takes precedence. Which means that /etc/cron.deny is not considered and your user must be listed
       in /etc/cron.allow in order to be able to use the crontab.

       Regardless of the existance of any of these files, the root administrative user is always allowed to setup a crontab.  For standard  Debian
       systems, all users may use this command.

       If the -u option is given, it specifies the name of the user whose crontab is to be used (when listing) or modified (when editing). If this
       option is not given, crontab examines "your" crontab, i.e., the crontab of the person executing the command.  Note that su(8)  can  confuse
       crontab and that if you are running inside of su(8) you should always use the -u option for safety's sake.

       The  first  form  of  this  command is used to install a new crontab from some named file or standard input if the pseudo-filename ``-'' is
       given.

       The -l option causes the current crontab to be displayed on standard output. See the note under DEBIAN SPECIFIC below.

       The -r option causes the current crontab to be removed.

       The -e option is used to edit the current crontab using the editor specified by the VISUAL or EDITOR environment variables.  After you exit
       from the editor, the modified crontab will be installed automatically. If neither of the environment variables is defined, then the default
       editor /usr/bin/editor is used.

       The -i option modifies the -r option to prompt the user for a 'y/Y' response before actually removing the crontab.

DEBIAN SPECIFIC

       The "out-of-the-box" behaviour for crontab -l is to display the three line "DO NOT EDIT THIS FILE" header that is placed at  the  beginning
       of the crontab when it is installed. The problem is that it makes the sequence

       crontab -l | crontab -

       non-idempotent  -- you keep adding copies of the header. This causes pain to scripts that use sed to edit a crontab. Therefore, the default
       behaviour of the -l option has been changed to not output such header. You may obtain the original behaviour  by  setting  the  environment
       variable CRONTAB_NOHEADER to 'N', which will cause the crontab -l command to emit the extraneous header.

SEE ALSO

       crontab(5), cron(8)

FILES

       /etc/cron.allow
       /etc/cron.deny
       /var/spool/cron/crontabs

       There  is one file for each user's crontab under the /var/spool/cron/crontabs directory. Users are not allowed to edit the files under that
       directory directly to ensure that only users allowed by the system to run periodic tasks can  add  them,  and  only  syntactically  correct
       crontabs  will  be written there.  This is enforced by having the directory writable only by the crontab group and configuring crontab com-
       mand with the setgid bid set for that specific group.

STANDARDS

       The crontab command conforms to IEEE Std1003.2-1992 (``POSIX'').  This new command syntax differs from previous versions of Vixie Cron,	as
       well as from the classic SVR3 syntax.

DIAGNOSTICS

       A fairly informative usage message appears if you run it with a bad command line.

       cron  requires  that  each  entry in a crontab end in a newline character. If the last entry in a crontab is missing the newline, cron will
       consider the crontab (at least partially) broken and refuse to install it.

AUTHOR

       Paul Vixie <paul@vix.com>

4th Berkeley Distribution					   19 April 2010							CRONTAB(1)
All times are GMT -4. The time now is 01:32 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy