|
|
Sponsored Content
Operating Systems
Solaris
how to find whether audit log is secure?
Post 302581716 by ShouTenraku on Tuesday 13th of December 2011 11:39:55 PM
12-14-2011
|
|
10 More Discussions You Might Find Interesting
1. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
2. AIX
Hi guys,
I've googled this quite a bit, and tried searching on these forums, but haven't found a solution to my problem. I wanted to inquire about AIX's audit subsystem - more specifically, how to rotate its log file.
So far I've been able to find how to rotate AIX syslog log files, and I... (2 Replies)
Discussion started by: w1r3d
2 Replies
3. Solaris
hi all,
i enabled audit in my server it is working fine, now i want to delete old logs from audit file ,plz find a solution for it,
Regards
spandan (2 Replies)
Discussion started by: spandhan
2 Replies
4. Cybersecurity
Hi,
I keep encountering events in the BSM/C2 logs which shows that the audit-user who performed the event is the user (e.g. ongkk in the example below). However, the user is able to show me that he wasn't logged in at that time nor have the rights to perform the event (e.g. su in this example).... (5 Replies)
Discussion started by: BERNIELEE68
5 Replies
5. Solaris
I am aware that the timestamps of the audit log files are in the following format :
file, 2011-09-13 07:40:24 .000 -4
Is there anyway that I can display the timestamps in local time format.
Thanks for the help.
---------- Post updated at 02:18 PM ---------- Previous update was at 01:06... (0 Replies)
Discussion started by: chinchao
0 Replies
6. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
7. Red Hat
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies
8. Red Hat
Hi,
I'm fairly new to administering RedHat (or any Linux system for that matter), and was wondering if someone could help me work out how to best manage audit logs.
In a nutshell, this is what I need to do:
- Compress audit.log file(s) once a month and delete the originals
- The... (0 Replies)
Discussion started by: Seonix
0 Replies
9. SuSE
Dear users,
I have SLES 11 and SLES 10 servers.
I'd like to receive an alert when audit log files reach certain percentage of full.
1. Is '/etc/audit/auditd.conf' the right file to modify?
2. I'd like to receive email alert. Can I specify my email in this parameter 'action_mail_acct... (1 Reply)
Discussion started by: JDBA
1 Replies
10. Shell Programming and Scripting
I am trying to parse the audit log to find a particular date that associated with a user record. The Date and the context of the record that I need to extract from the audit.log are 11-07-2015, the username and the activity he or she performed that day.
Here is my code:
grep -c date -d... (3 Replies)
Discussion started by: dellanicholson
3 Replies
LEARN ABOUT SUSE
pivot_root
PIVOT_ROOT(2) Linux Programmer's Manual PIVOT_ROOT(2) NAME
pivot_root - change the root file system SYNOPSIS
int pivot_root(const char *new_root, const char *put_old); DESCRIPTION
pivot_root() moves the root file system of the calling process to the directory put_old and makes new_root the new root file system of the calling process. The typical use of pivot_root() is during system startup, when the system mounts a temporary root file system (e.g., an initrd), then mounts the real root file system, and eventually turns the latter into the current root of all relevant processes or threads. pivot_root() may or may not change the current root and the current working directory of any processes or threads which use the old root directory. The caller of pivot_root() must ensure that processes with root or current working directory at the old root operate correctly in either case. An easy way to ensure this is to change their root and current working directory to new_root before invoking pivot_root(). The paragraph above is intentionally vague because the implementation of pivot_root() may change in the future. At the time of writing, pivot_root() changes root and current working directory of each process or thread to new_root if they point to the old root directory. This is necessary in order to prevent kernel threads from keeping the old root directory busy with their root and current working direc- tory, even if they never access the file system in any way. In the future, there may be a mechanism for kernel threads to explicitly relinquish any access to the file system, such that this fairly intrusive mechanism can be removed from pivot_root(). Note that this also applies to the calling process: pivot_root() may or may not affect its current working directory. It is therefore rec- ommended to call chdir("/") immediately after pivot_root(). The following restrictions apply to new_root and put_old: - They must be directories. - new_root and put_old must not be on the same file system as the current root. - put_old must be underneath new_root, that is, adding a nonzero number of /.. to the string pointed to by put_old must yield the same directory as new_root. - No other file system may be mounted on put_old. See also pivot_root(8) for additional usage examples. If the current root is not a mount point (e.g., after chroot(2) or pivot_root(), see also below), not the old root directory, but the mount point of that file system is mounted on put_old. new_root does not have to be a mount point. In this case, /proc/mounts will show the mount point of the file system containing new_root as root (/). RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set appropriately. ERRORS
pivot_root() may return (in errno) any of the errors returned by stat(2). Additionally, it may return: EBUSY new_root or put_old are on the current root file system, or a file system is already mounted on put_old. EINVAL put_old is not underneath new_root. ENOTDIR new_root or put_old is not a directory. EPERM The calling process does not have the CAP_SYS_ADMIN capability. VERSIONS
pivot_root() was introduced in Linux 2.3.41. CONFORMING TO
pivot_root() is Linux-specific and hence is not portable. NOTES
Glibc does not provide a wrapper for this system call; call it using syscall(2). BUGS
pivot_root() should not have to change root and current working directory of all other processes in the system. Some of the more obscure uses of pivot_root() may quickly lead to insanity. SEE ALSO
chdir(2), chroot(2), stat(2), initrd(4), pivot_root(8) COLOPHON
This page is part of release 3.25 of the Linux man-pages project. A description of the project, and information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/. Linux 2007-06-01 PIVOT_ROOT(2)