|
|
Sponsored Content
Operating Systems
Linux
Red Hat
Secure & Audit logs
Post 302591223 by hedkandi on Wednesday 18th of January 2012 10:02:53 PM
01-18-2012
Solved
|
|
10 More Discussions You Might Find Interesting
1. Cybersecurity
I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand:
1. How to review the existing unix system or audit for the settings?
2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies
2. UNIX and Linux Applications
Folks
I am on a quest....
I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server.
The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies
3. Solaris
How do i find if audit logs is secured inside Solaris 10?
· Verify that that audit log files are secured and owned appropriately.
this is the question (1 Reply)
Discussion started by: werbotim
1 Replies
4. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
5. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
6. Solaris
Hello all,
I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.
However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.
So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies
7. Red Hat
Hello All,
I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status.
I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies
8. Solaris
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Discussion started by: bentech4u
9 Replies
9. UNIX for Beginners Questions & Answers
MyLOG:
2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate
Output Required:
If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us
once mailed wait for 2 hours for second mail.
mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies
10. Solaris
Hi guys.
I have to set audit logs on certain events on a solaris 10 server.
While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .
I should be able to identify these 4 different events:
1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies
LEARN ABOUT OPENSOLARIS
audit_user
audit_user(4) File Formats audit_user(4) NAME
audit_user - per-user auditing data file SYNOPSIS
/etc/security/audit_user DESCRIPTION
audit_user is a database that stores per-user auditing preselection data. You can use the audit_user file with other authorization sources, including the NIS map audit_user.byname and the NIS+ table audit_user. Programs use the getauusernam(3BSM) routines to access this informa- tion. The search order for multiple user audit information sources is specified in the /etc/nsswitch.conf file. See nsswitch.conf(4). The lookup follows the search order for passwd(4). The fields for each user entry are separated by colons (:). Each user is separated from the next by a newline. audit_user does not have general read permission. Each entry in the audit_user file has the form: username:always-audit-flags:never-audit-flags The fields are defined as follows: username User's login name. always-audit-flags Flags specifying event classes to always audit. never-audit-flags Flags specifying event classes to never audit. For a complete description of the audit flags and how to combine them, see audit_control(4). EXAMPLES
Example 1 Using the audit_user File other:lo,am:io,cl fred:lo,ex,+fc,-fr,-fa:io,cl ethyl:lo,ex,nt:io,cl FILES
/etc/nsswitch.conf /etc/passwd /etc/security/audit_user ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability | See below. | +-----------------------------+-----------------------------+ The file format stability is Committed. The file content is Uncommitted. SEE ALSO
bsmconv(1M), getauusernam(3BSM), audit_control(4), nsswitch.conf(4), passwd(4) Part VII, Solaris Auditing, in System Administration Guide: Security Services NOTES
This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. Configuration changes do not affect audit sessions that are currently running, as the changes do not modify a process's preselection mask. To change the preselection mask on a running process, use the -setpmask option of the auditconfig command (see auditconfig(1M)). If the user logs out and logs back in, the new configuration changes will be reflected in the next audit session. SunOS 5.11 26 Jun 2008 audit_user(4)