Hello all!
During a network audit, I came across a host running a service on a high port (34604). Not recognizing the port, I used a tool called 'amap' (THC-AMAP - fast and reliable application fingerprint mapper) to fingerprint it.
This tool also did not fingerprint it correctly, but did... (2 Replies)
Hi
If You were the systems administrator of a mail server that services approximately 3,000 users. 2,000
users access their email via a POP-3 service, while the remaining 1,000 users access their email via a
Unix mail reader. Recently users have complained about speed of disk access, so a new 10... (1 Reply)
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
My /var partition is almost utilized ... Here am not sure where to release space now
OS/model : HP-UX B.11.11 U 9000/800
# bdf /var
Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol9 6144000 6142176 1824 100% /var
<root@pb>/var # du -sk * | sort -n |... (20 Replies)
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Hi,
I have Solaris-10 (having multiple non global zones running on it). Its /var is getting full to 100% and I can see, there are files getting added to /var/audit. There are large in number, so even if I clearing them, it is filling /var. In past 24 hours, there are 53000 files are added. I am... (1 Reply)
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Hi guys.
I have to set audit logs on certain events on a solaris 10 server.
While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .
I should be able to identify these 4 different events:
1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies
LEARN ABOUT DEBIAN
audit_binfile
audit_binfile(5) Standards, Environments, and Macros audit_binfile(5)NAME
audit_binfile - generation of Solaris audit logs
SYNOPSIS
/usr/lib/security/audit_binfile.so
DESCRIPTION
The audit_binfile plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in
audit_control(4); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4).
The audit_binfile plugin is loaded by auditd if audit_control contains one or more lines defining audit directories by means of the dir:
specification or if audit_control has a plugin: specification of name=audit_binfile.so.
OBJECT ATTRIBUTES
The p_dir and p_minfree attributes are equivalent to the dir: and minfree: lines described in audit_control. If both the dir: line and the
p_dir attribute are used, the plugin combines all directories into a single list with those specified by means of dir: at the front of the
list. If both the minfree and the p_minfree attributes are given, the p_minfree value is used.
EXAMPLES
The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of
required free space per directory.
flags: lo,ad,-fm
naflags: lo,ad
plugin: name=audit_binfile.so;
p_minfree=20;
p_dir=/etc/security/jedgar/eggplant,
/etc/security/jedgar.aux/eggplant,
/etc/security/global/eggplant
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO auditd(1M), audit_control(4), syslog.conf(4), attributes(5)SunOS 5.10 20 May 2003 audit_binfile(5)