06-20-2013
having my fill of audit requests, the issue is more likely the auditors saw an account of a terminated employee still active when they last did their audit. since auditors ask for copies of the user-related security files (i.e., /etc/passwd, etc/group, etc.) during an audit, they are able to correlate the listed users with currently active employees/consultants so any account that stands out needs to be reviewed.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e'
thanks :confused: (1 Reply)
Discussion started by: damian
1 Replies
2. UNIX for Dummies Questions & Answers
I have a question about show all create user account. What commend do that
thank`s for your help :) (6 Replies)
Discussion started by: Deux
6 Replies
3. Post Here to Contact Site Administrators and Moderators
hi
how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies
4. HP-UX
example
root::0:3::/:/sbin/sh
daemon:*:1:5::/:/sbin/sh
bin:*:2:2::/usr/bin:/sbin/sh
sys:*:3:3::/:
adm:*:4:4::/var/adm:/sbin/sh
uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico
lp:*:9:7::/var/spool/lp:/sbin/sh
nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico... (1 Reply)
Discussion started by: alert0919
1 Replies
5. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
6. Shell Programming and Scripting
Hi, guys. I have two questions:
I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account.
There are two things I am not sure:
1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Discussion started by: daikeyang
2 Replies
7. Solaris
I want create user. That user should be login to any server without asking password. How? tell me in detail.
:wall: (3 Replies)
Discussion started by: Navkreddy
3 Replies
8. AIX
Hi Admins,
As per my knowledge there are two types of user accounts in unix. root and normal users.
If there are any user types for which we can give some priviledges..?
Actually i want to restrict root access and create new accounts for admins with some of the priviledges.
Please let me... (6 Replies)
Discussion started by: newsol
6 Replies
9. UNIX for Dummies Questions & Answers
Hi - I want to log commands typed by oraapps user with time into some log file on runtime.
HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.
OS : RHEl 5.6
Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
LEARN ABOUT MOJAVE
auditd
AUDITD(8) BSD System Manager's Manual AUDITD(8)
NAME
auditd -- audit log management daemon
SYNOPSIS
auditd [-d | -l]
DESCRIPTION
The auditd daemon responds to requests from the audit(8) utility and notifications from the kernel. It manages the resulting audit log files
and specified log file locations.
The options are as follows:
-d Starts the daemon in debug mode -- it will not daemonize.
-l This option is for when auditd is configured to start on-demand using launchd(8).
Optionally, the audit review group "audit" may be created. Non-privileged users that are members of this group may read the audit trail log
files.
NOTE
To assure uninterrupted audit support, the auditd daemon should not be started and stopped manually. Instead, the audit(8) command should be
used to inform the daemon to change state/configuration after altering the audit_control file.
If auditd is started on-demand by launchd(8) then auditing should only be started and stopped with audit(8).
On Mac OS X, auditd uses the asl(3) API for writing system log messages. Therefore, only the audit administrator and members of the audit
review group will be able to read the system log entries.
FILES
/var/audit Default directory for storing audit log files.
/etc/security The directory containing the auditing configuration files audit_class(5), audit_control(5), audit_event(5), and audit_warn(5).
COMPATIBILITY
The historical -h and -s flags are now configured using audit_control(5) policy flags ahlt and cnt, and are no longer available as arguments
to auditd.
SEE ALSO
asl(3), libauditd(3), audit(4), audit_class(5), audit_control(5), audit_event(5), audit_warn(5), audit(8), launchd(8)
HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD
December 11, 2008 BSD