Solaris Auditing: Newly specified events not being logged
Hi all
I'm busy testing auditing on Solaris 10.
I am using the syslog plugin to get real time view of what's happening on the system. Initially I am only monitoring lo events. The audit_control file looked like this:
I then wanted to add the the class, fd, as well. I did this as follows:
I ran the command to reread the audit_control file:
Also just, in case, I restarted the box using
I am however not seeing file delete events being tracked when I test it.
Is there something I am doing wrong? The documentation I have found is not helping me much in this regard.
Hi Guys,
I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please.
this is the config of the audit files:
audit_conto
# Copyright... (18 Replies)
Hi there,
I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file:
Authentication events (login success, login failure, logout)
Privilege use events (change to another user etc.) ... (1 Reply)
Hi All,
I have a requirement to report us on changing a group of static files.
Those are the binary files that run in Production every day.
Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code.
... (1 Reply)
Hello,
I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" )
Thanks. (2 Replies)
Hello experts,
This issue has kept me busy all day long. It started off with openssl compilation which was giving linking error with following message:
/usr/local/bin/ld: target elf32-sparc not found
collect2: ld returned 1 exit status
I tried every step possible thing that I could think... (2 Replies)
Hi folks,
How can I scan newly attached network interfaces to server without reboot?
Is there any command or something to scan without reboot.
Thanks (5 Replies)
We are having a problem with initializing Solaris 8 installed on a Sunblade 1500 after having cloned the hard disc.
(The cloning process was done in a windows environment. Not a UNIX environment.)
Immediately after the cloning process neither hard disc would boot until the format label... (10 Replies)
Dear Solaris 11 experts,
I can not logon to a newly installed Solaris 5.11 11.2 i86pc i386 i86pc just downloaded today, despite having entered username and password to be created. However, I cannot get on to this workstation after Solaris installation completion. Can you advice how to reset my... (5 Replies)
Hello,
Im glad to become a member of this forums,
Im new on solaris and recentrly im introducing to use auditing service in that system.
The need is, that I need how to exclude a directory to the audit service not audit it.
And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies
LEARN ABOUT PHP
audit_binfile
audit_binfile(5) Standards, Environments, and Macros audit_binfile(5)NAME
audit_binfile - generation of Solaris audit logs
SYNOPSIS
/usr/lib/security/audit_binfile.so
DESCRIPTION
The audit_binfile plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in
audit_control(4); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4).
The audit_binfile plugin is loaded by auditd if audit_control contains one or more lines defining audit directories by means of the dir:
specification or if audit_control has a plugin: specification of name=audit_binfile.so.
OBJECT ATTRIBUTES
The p_dir and p_minfree attributes are equivalent to the dir: and minfree: lines described in audit_control. If both the dir: line and the
p_dir attribute are used, the plugin combines all directories into a single list with those specified by means of dir: at the front of the
list. If both the minfree and the p_minfree attributes are given, the p_minfree value is used.
EXAMPLES
The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of
required free space per directory.
flags: lo,ad,-fm
naflags: lo,ad
plugin: name=audit_binfile.so;
p_minfree=20;
p_dir=/etc/security/jedgar/eggplant,
/etc/security/jedgar.aux/eggplant,
/etc/security/global/eggplant
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO auditd(1M), audit_control(4), syslog.conf(4), attributes(5)SunOS 5.10 20 May 2003 audit_binfile(5)