|
|
Sponsored Content
Operating Systems
Solaris
Configuring 'auditd' service to not store the audit logs in /var partition
Post 302888455 by bartus11 on Friday 14th of February 2014 10:12:10 AM
02-14-2014
|
|
10 More Discussions You Might Find Interesting
1. HP-UX
Hello all!
During a network audit, I came across a host running a service on a high port (34604). Not recognizing the port, I used a tool called 'amap' (THC-AMAP - fast and reliable application fingerprint mapper) to fingerprint it.
This tool also did not fingerprint it correctly, but did... (2 Replies)
Discussion started by: dan.king
2 Replies
2. Filesystems, Disks and Memory
Hi
If You were the systems administrator of a mail server that services approximately 3,000 users. 2,000
users access their email via a POP-3 service, while the remaining 1,000 users access their email via a
Unix mail reader. Recently users have complained about speed of disk access, so a new 10... (1 Reply)
Discussion started by: semaphore
1 Replies
3. Linux
I have the auditd running and I need to send the audit logs to a remote syslog server.
Anyideas on how to do that? (1 Reply)
Discussion started by: jmathenge
1 Replies
4. Red Hat
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies
5. HP-UX
My /var partition is almost utilized ... Here am not sure where to release space now
OS/model : HP-UX B.11.11 U 9000/800
# bdf /var
Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol9 6144000 6142176 1824 100% /var
<root@pb>/var # du -sk * | sort -n |... (20 Replies)
Discussion started by: Shirishlnx
20 Replies
6. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I have Solaris-10 (having multiple non global zones running on it). Its /var is getting full to 100% and I can see, there are files getting added to /var/audit. There are large in number, so even if I clearing them, it is filling /var. In past 24 hours, there are 53000 files are added. I am... (1 Reply)
Discussion started by: solaris_1977
1 Replies
8. Solaris
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Discussion started by: bentech4u
9 Replies
9. Shell Programming and Scripting
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies
10. Solaris
Hi guys.
I have to set audit logs on certain events on a solaris 10 server.
While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .
I should be able to identify these 4 different events:
1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies
LEARN ABOUT DEBIAN
audit_binfile
audit_binfile(5) Standards, Environments, and Macros audit_binfile(5) NAME
audit_binfile - generation of Solaris audit logs SYNOPSIS
/usr/lib/security/audit_binfile.so DESCRIPTION
The audit_binfile plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in audit_control(4); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4). The audit_binfile plugin is loaded by auditd if audit_control contains one or more lines defining audit directories by means of the dir: specification or if audit_control has a plugin: specification of name=audit_binfile.so. OBJECT ATTRIBUTES
The p_dir and p_minfree attributes are equivalent to the dir: and minfree: lines described in audit_control. If both the dir: line and the p_dir attribute are used, the plugin combines all directories into a single list with those specified by means of dir: at the front of the list. If both the minfree and the p_minfree attributes are given, the p_minfree value is used. EXAMPLES
The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of required free space per directory. flags: lo,ad,-fm naflags: lo,ad plugin: name=audit_binfile.so; p_minfree=20; p_dir=/etc/security/jedgar/eggplant, /etc/security/jedgar.aux/eggplant, /etc/security/global/eggplant ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |MT Level |MT-Safe | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
auditd(1M), audit_control(4), syslog.conf(4), attributes(5) SunOS 5.10 20 May 2003 audit_binfile(5)