01-16-2011
AIX auditing
I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only?
Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which application accessing that file at what time. So can we set this type of auditing?
THANKS & REGARDS,
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi all,
Have been asked to learn up on providing Sytem Auditing on two SCO boxes.
Where should I start and what pointers can anyone provide.
Whilst I'm learning to look after these two SCO boxes, I'm also to eventually look after three Compaq DS20E True64 Unix boxes also in the near future. (2 Replies)
Discussion started by: Cameron
2 Replies
2. AIX
Hi,
What's the best way to turn on the auditing in AIX 4.3? I'm in an environment where root password are shared with many users.
Can sudoers member be audited properly?
Thanks (1 Reply)
Discussion started by: itik
1 Replies
3. AIX
can someone help me find out the impact of enabling audting on the entire root filesystem. does it have a major hit on the overall performance of the system
Thanks so much (0 Replies)
Discussion started by: iam
0 Replies
4. UNIX for Advanced & Expert Users
:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs.
Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies
5. AIX
i have sucessfully enable the auditing on AIX with adding som onjects.
but when i go for
auditpr -v < /audit/trail
vlets say i reset audit at last dat 5 pm
auditpr -v < /audit/trail
will show up to last day 5 pm.
i have to reset audit every time to check latest logs.
please... (3 Replies)
Discussion started by: prashantjain07
3 Replies
6. AIX
Hi All,
i've a problem on a AIX server with audit config...
when i start the audit i receive this error:
root@****:/etc/security/audit > /usr/sbin/audit start
Audit start cleanup: The system call does not exist on this system.
** failed setting kernel audit objects
I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies
7. AIX
can some give some tips, most common security issues or and kind of advice about auditing aix system?
regards (2 Replies)
Discussion started by: bongo
2 Replies
8. AIX
In our customer place somebody removed and PV from the server. I want the information like which user removed this PV.
Is there any way to get PV removal information.
When did the PV removed from the server ?
Whether AIX auding will help ?
Where i can get these information ?
Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies
9. AIX
I am trying to find out the information of my local desktop when i use putty to login to an AIX server.
This is what I do:
1. login to my PC
2. take a putty session to an AIX server
Can i get information of my local desktop from the AIX server ? Is there a command available ?
Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies
10. AIX
Hi All
I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,,
The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc )
my skype account
khaled_ly84
... (4 Replies)
Discussion started by: khaled_ly84
4 Replies
LEARN ABOUT CENTOS
pam_tty_audit
PAM_TTY_AUDIT(8) Linux-PAM Manual PAM_TTY_AUDIT(8)
NAME
pam_tty_audit - Enable or disable TTY auditing for specified users
SYNOPSIS
pam_tty_audit.so [disable=patterns] [enable=patterns]
DESCRIPTION
The pam_tty_audit PAM module is used to enable or disable TTY auditing. By default, the kernel does not audit input on any TTY.
OPTIONS
disable=patterns
For each user matching one of comma-separated glob patterns, disable TTY auditing. This overrides any previous enable option matching
the same user name on the command line.
enable=patterns
For each user matching one of comma-separated glob patterns, enable TTY auditing. This overrides any previous disable option matching
the same user name on the command line.
open_only
Set the TTY audit flag when opening the session, but do not restore it when closing the session. Using this option is necessary for
some services that don't fork() to run the authenticated session, such as sudo.
log_passwd
Log keystrokes when ECHO mode is off but ICANON mode is active. This is the mode in which the tty is placed during password entry. By
default, passwords are not logged. This option may not be available on older kernels (3.9?).
MODULE TYPES PROVIDED
Only the session type is supported.
RETURN VALUES
PAM_SESSION_ERR
Error reading or modifying the TTY audit flag. See the system log for more details.
PAM_SUCCESS
Success.
NOTES
When TTY auditing is enabled, it is inherited by all processes started by that user. In particular, daemons restarted by an user will still
have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled. Therefore, it is
recommended to use disable=* as the first option for most daemons using PAM.
To view the data that was logged by the kernel to audit use the command aureport --tty.
EXAMPLES
Audit all administrative actions.
session required pam_tty_audit.so disable=* enable=root
SEE ALSO
aureport(8), pam.conf(5), pam.d(5), pam(8)
AUTHOR
pam_tty_audit was written by Miloslav Trma <mitr@redhat.com>. The log_passwd option was added by Richard Guy Briggs <rgb@redhat.com>.
Linux-PAM Manual 09/04/2013 PAM_TTY_AUDIT(8)