03-08-2017
dtrace has the focus on problem analysis (debugging). You can certainly (mis-)use it for some auditing targets.
The official auditing (with the focus on security) is described in some Oracle documents; google for "auditing solaris 10".
Before you consider to go this way, ensure you have enough disk capacity!
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I was just going thru the auditing script ..
2 questions pop in mind .. Why did they move S81volmgmt .. What is the logic behind not loading it ..
2) Why the purpose of the device allocate entries (2 Replies)
Discussion started by: DPAI
2 Replies
2. Solaris
Hi, I was wondering if anyone has had the problem I'm having or knows how to fix it. I need to audit one of our servers at work. I turned on BSM auditing and modified the audit_control file to only flag the "lo" class(login/outs) then I rebooted. I viewed the log BSM created and it shows a whole... (0 Replies)
Discussion started by: BlueKalel
0 Replies
3. AIX
i want to audit user commands ..
keep track of what commands each user has been giving ..
can this be done by writing a script in engraving it in .profile of the user.
or is there any other way of doing this ...
rgds
raj (2 Replies)
Discussion started by: rajesh_149
2 Replies
4. UNIX for Dummies Questions & Answers
Hello everbody:
I have a file on the system, I need to check who was the last user who accessed or modified it, and if i can get any further details i can get like IP or access time,etc.
do you have any idea about simple concept or way i can do that in unix tru64 or solaris 9?
thanks in advance... (2 Replies)
Discussion started by: aladdin
2 Replies
5. UNIX for Advanced & Expert Users
I need to log or 'audit' any access to a shared directory which is stored on a NetApp appliance. I need to be able to 'prove' who has acessed the data in this directory at any time. I am just not sure how to do this. The systems that will be accessing this are Linux systems.
Any help is... (2 Replies)
Discussion started by: frankkahle
2 Replies
6. UNIX for Advanced & Expert Users
:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs.
Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies
7. AIX
I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only?
Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies
8. AIX
can some give some tips, most common security issues or and kind of advice about auditing aix system?
regards (2 Replies)
Discussion started by: bongo
2 Replies
9. UNIX for Advanced & Expert Users
I have implemented solaris login authenticating against an active directory server, using solaris x86 on a Dell R810 8xXeon CPUs and 262Gb RAM.
The actual OS is:
# uname -a
SunOS ms-svr012 5.10 Generic_142910-17 i86pc i386 i86pc
# cat /etc/release
Oracle Solaris 10 9/10... (2 Replies)
Discussion started by: jabberwocky
2 Replies
10. AIX
In our customer place somebody removed and PV from the server. I want the information like which user removed this PV.
Is there any way to get PV removal information.
When did the PV removed from the server ?
Whether AIX auding will help ?
Where i can get these information ?
Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies
LEARN ABOUT ULTRIX
secsetup
secsetup(8) System Manager's Manual secsetup(8)
Name
secsetup - enable the enhanced security features
Syntax
/usr/etc/sec/secsetup
Description
The command is an interactive facility that allows you to enable the enhanced security features on your system. You must first have loaded
the enhanced security subset onto your system before running the command.
The command allows you to configure your system either for security auditing, trusted path, enhanced login, or any combination of those
features. In addition, the command may add lines to the file. To remove entries from the you must edit it by hand. The command only adds
lines to this file if they aren't already present. You can run while the system is in multiuser mode (however, some inconsistencies may
result from this. See the Security Guide for Administrators for more information). To run type the following and then answer the ques-
tions that follow:
# /usr/etc/sec/secsetup
Depending on the security features chosen, when completes you may need to replace your system's kernel and reboot the system. For example,
chosing either the security auditing or trusted path feature may require you to re-build your kernel.
Files
See Also
set_audit_mask(8), auth(5), svc.conf(5)
Security Guide for Administrators
secsetup(8)