|
|
Sponsored Content
Operating Systems
Solaris
Limit Audited directories
Post 302931629 by Peasant on Wednesday 14th of January 2015 08:19:39 AM
01-14-2015
Moderator
ex class will monitor exec and execve system calls and audit those.
Be careful if your apps are running as root (which they should not), since auditing every root exec or execve call will generate alot of logs.
Other then that argv will also audit everything that is passed to program as an argument.
Sounds reasonable if that is what you want to audit and it is ran by user not root.
Of course, test it, don't deploy auditing on production system before careful testing on test systems. Experiment with various classes to achive the needed results, then go forward.
If deployed wrong, it can halt your system if, for instance, there is no space left for audit logs (if configured like that).
Handle with care
Be careful if your apps are running as root (which they should not), since auditing every root exec or execve call will generate alot of logs.
Other then that argv will also audit everything that is passed to program as an argument.
Sounds reasonable if that is what you want to audit and it is ran by user not root.
Of course, test it, don't deploy auditing on production system before careful testing on test systems. Experiment with various classes to achive the needed results, then go forward.
If deployed wrong, it can halt your system if, for instance, there is no space left for audit logs (if configured like that).
Handle with care
|
|
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi ,
I 'm trying to check if multiple directories exist on a server, if not create the missing ones and print " creating missing directory.
how to write this in a simple script, I have made my code complex
if ; then
taskStatus="Schema extract directory exists, checking if SQL,Count and... (7 Replies)
Discussion started by: ramky79
7 Replies
2. Shell Programming and Scripting
Hello all,
Here's the deal...I have one directory with many subdirs and files.
What I want to find out is who is keeping old files and directories...say files and dirs that they didn't use since a number of n days, only one level under the initial dir. Output to a file.
A script for... (5 Replies)
Discussion started by: ejianu
5 Replies
3. Shell Programming and Scripting
Hi,
I need help in writing unix script for checking space of some directories on the system and also send an email when it reaches the threshold limit.
I have written the followng code;
#!/bin/ksh
ADMIN="me@somewhere.com"
# set alert level 80% is default
THRESHOLD=80
df | grep -E... (5 Replies)
Discussion started by: jmathew99
5 Replies
4. Shell Programming and Scripting
Hi ,
I am very new to unix as well as shell scripting. I have to write a script for the following requirement.
In a particular mount, have to list all the directories and sub directories along with size of the directory and sub directory in ascending order.
Please help me in this regard and many... (4 Replies)
Discussion started by: nmakkena
4 Replies
5. UNIX for Dummies Questions & Answers
Hi all,
Using grep command, i want to find the pattern of text in all directories and sub-directories.
e.g: if i want to search for a pattern named "parmeter", i used the command
grep -i "param" ../*
is this correct? (1 Reply)
Discussion started by: vinothrajan55
1 Replies
6. Solaris
Hi all, I'm using to Solaris machine. When I run a simple script this messenger come out:"limit: stacksize: Can't remove limit". Any one know the way to resolve this problem without reboot the machine?
Thanks in advance. (3 Replies)
Discussion started by: Diabolist9
3 Replies
7. Shell Programming and Scripting
How to list all the files, directories and sub-directories in the current path except one directory?
Can anyone come up with a unix command that lists
all the files, directories and sub-directories in the current directory
except a folder called log.?
Thank you in advance. (7 Replies)
Discussion started by: Manjunath B
7 Replies
8. UNIX for Dummies Questions & Answers
It is for HP-Unix B.11.31.
Requirement:
1. List the directories, having given pattern in the directories name, sorted by creation date.
Example: Directories with name "pkg32*" or "pkg33*"
2. On the output of 1. list the directories by creation date as sort order, with creation date... (2 Replies)
Discussion started by: Siva SQL
2 Replies
9. Solaris
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. This is for Solaris. Please help. (1 Reply)
Discussion started by: blinkingdan
1 Replies
LEARN ABOUT SUNOS
audit
audit(1M) audit(1M) NAME
audit - control the behavior of the audit daemon SYNOPSIS
audit -n | -s | -t | -v [path] The audit command is the system administrator's interface to maintaining the audit trail. The audit daemon can be notified to read the con- tents of the audit_control(4) file and re-initialize the current audit directory to the first directory listed in the audit_control file or to open a new audit file in the current audit directory specified in the audit_control file, as last read by the audit daemon. Reading audit_control also causes the minfree and plugin configuration lines to be re-read and reset within auditd. The audit daemon can also be signaled to close the audit trail and disable auditing. -n Notify the audit daemon to close the current audit file and open a new audit file in the current audit directory. -s Notify the audit daemon to read the audit control file. The audit daemon stores the information internally. If the audit daemon is not running but audit has been enabled by means of bsmconv(1M), the audit daemon is started. -t Direct the audit daemon to close the current audit trail file, disable auditing, and die. Use -s to restart auditing. -v path Verify the syntax for the audit control file stored in path. The audit command displays an approval message or outputs specific error messages for each error found. The audit command will exit with 0 upon success and a positive integer upon failure. /etc/security/audit_user /etc/security/audit_control See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ |Stability |Evolving | +-----------------------------+-----------------------------+ bsmconv(1M), praudit(1M), audit(2), audit_control(4), audit_user(4), attributes(5) The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. The audit command does not modify a process's preselection mask. It functions are limited to the following: o affects which audit directories are used for audit data storage; o specifies the minimum free space setting; o resets the parameters supplied by means of the plugin directive. For the -s option, audit validates the audit_control syntax and displays an error message if a syntax error is found. If a syntax error message is displayed, the audit daemon does not re-read audit_control. Because audit_control is processed at boot time, the -v option is provided to allow syntax checking of an edited copy of audit_control. Using -v, audit exits with 0 if the syntax is correct; otherwise, it returns a positive integer. The -v option can be used in any zone, but the -t, -s, and -n options are valid only in local zones and, then, only if the perzone audit policy is set. See auditd(1M) and auditconfig(1M) for per-zone audit configuration. 25 May 2004 audit(1M)