Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Configuring Auditing
Operating Systems Solaris Configuring Auditing Post 302993315 by MadeInGermany on Wednesday 8th of March 2017 02:38:04 PM
Old 03-08-2017
dtrace has the focus on problem analysis (debugging). You can certainly (mis-)use it for some auditing targets.
The official auditing (with the focus on security) is described in some Oracle documents; google for "auditing solaris 10".
Before you consider to go this way, ensure you have enough disk capacity!
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Question about Auditing

I was just going thru the auditing script .. 2 questions pop in mind .. Why did they move S81volmgmt .. What is the logic behind not loading it .. 2) Why the purpose of the device allocate entries (2 Replies)
Discussion started by: DPAI
2 Replies

2. Solaris

BMS Auditing

Hi, I was wondering if anyone has had the problem I'm having or knows how to fix it. I need to audit one of our servers at work. I turned on BSM auditing and modified the audit_control file to only flag the "lo" class(login/outs) then I rebooted. I viewed the log BSM created and it shows a whole... (0 Replies)
Discussion started by: BlueKalel
0 Replies

3. AIX

User Auditing

i want to audit user commands .. keep track of what commands each user has been giving .. can this be done by writing a script in engraving it in .profile of the user. or is there any other way of doing this ... rgds raj (2 Replies)
Discussion started by: rajesh_149
2 Replies

4. UNIX for Dummies Questions & Answers

File auditing

Hello everbody: I have a file on the system, I need to check who was the last user who accessed or modified it, and if i can get any further details i can get like IP or access time,etc. do you have any idea about simple concept or way i can do that in unix tru64 or solaris 9? thanks in advance... (2 Replies)
Discussion started by: aladdin
2 Replies

5. UNIX for Advanced & Expert Users

Unix Auditing.

I need to log or 'audit' any access to a shared directory which is stored on a NetApp appliance. I need to be able to 'prove' who has acessed the data in this directory at any time. I am just not sure how to do this. The systems that will be accessing this are Linux systems. Any help is... (2 Replies)
Discussion started by: frankkahle
2 Replies

6. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

7. AIX

AIX auditing

I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only? Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies

8. AIX

AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system? regards (2 Replies)
Discussion started by: bongo
2 Replies

9. UNIX for Advanced & Expert Users

kinit auditing

I have implemented solaris login authenticating against an active directory server, using solaris x86 on a Dell R810 8xXeon CPUs and 262Gb RAM. The actual OS is: # uname -a SunOS ms-svr012 5.10 Generic_142910-17 i86pc i386 i86pc # cat /etc/release Oracle Solaris 10 9/10... (2 Replies)
Discussion started by: jabberwocky
2 Replies

10. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

LEARN ABOUT HPUX

audswitch

audswitch(2)							System Calls Manual						      audswitch(2)

NAME

       audswitch() - suspend or resume auditing on the current process

SYNOPSIS

DESCRIPTION

       suspends or resumes auditing within the current process.  This call is restricted to users with the privilege.

       One of the following flags must be used for aflag:

	  Suspend auditing on the current process.

	  Resume auditing on the current process.

       can be used in processes with the privilege to temporarily suspend auditing during intervals where auditing is to be handled by the process
       itself.	Auditing is suspended by a call to with the parameter and resumed later by a call to with the parameter.

       An call to resume auditing serves only to reverse the action of a previous call to suspend auditing.  A call to	to  resume  auditing  when
       auditing is not suspended has no effect.

       affects	only  the current process.  For example, cannot suspend auditing for processes from the current process.  (Use (see setaudproc(2))
       to enable or disable auditing for a process and its children).

   Security Restrictions
       Some or all of the actions associated with this system call require the privilege.  Processes owned by the superuser have  this	privilege.
       Processes  owned  by  other users may have this privilege, depending on system configuration.  See privileges(5) for more information about
       privileged access on systems that support fine-grained privileges.

RETURN VALUE

       Upon successful completion, returns If an error occurs, is returned and the global variable is set to indicate the error.

ERRORS

       fails if one of the following is true:

       The user does not possess the
		      privilege.

       The input parameter is neither
		      nor

AUTHOR

       was developed by HP.

SEE ALSO

       audevent(1M), audusr(1M), setaudproc(2), audit(5), privileges(5).

																      audswitch(2)
All times are GMT -4. The time now is 07:34 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy