Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Audit useradd/userdel - Solaris 11
Operating Systems Solaris Audit useradd/userdel - Solaris 11 Post 303018255 by Nvizn on Friday 1st of June 2018 10:41:06 AM
Old 06-01-2018
Audit useradd/userdel - Solaris 11
Linux audits in syslog, any time a user is deleted or added. However, I'm running a Solaris11 VM, and find no such entries. How can I enable auditing for useradd and userdel? Oracle's documentation on managing the auditing service, has been of no assistance. Thanks.


Customizing What Is Audited -
Managing Auditing in Oracle(R) Solaris 11.3

CentOS, provides with nice and neat results:
Code:
# grep useradd /var/log/*
grep: /var/log/anaconda: Is a directory
grep: /var/log/audit: Is a directory
grep: /var/log/chrony: Is a directory
grep: /var/log/httpd: Is a directory
grep: /var/log/mariadb: Is a directory
grep: /var/log/qemu-ga: Is a directory
grep: /var/log/rhsm: Is a directory
grep: /var/log/sa: Is a directory
/var/log/secure-20180522:May 15 17:33:41 centos7host useradd[1054]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin
/var/log/secure-20180522:May 15 17:50:10 centos7host useradd[1387]: new user: name=mysql, UID=27, GID=27, home=/var/lib/mysql, shell=/sbin/nologin
/var/log/secure-20180522:May 15 18:16:19 centos7host useradd[5588]: new group: name=nagios, GID=1002
/var/log/secure-20180522:May 15 18:16:19 centos7host useradd[5588]: new user: name=nagios, UID=1001, GID=1002, home=/home/nagios, shell=/bin/bash

Last edited by Nvizn; 06-01-2018 at 12:14 PM..
 

10 More Discussions You Might Find Interesting

1. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

2. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

3. Solaris

audit useradd, userdel on solaris 10

I just want to audit and log to syslog when a user is added, removed or modified from the system. According to the docs I have: #/etc/security/audit_control dir:/var/audit flags:ua minfree:20 naflags:ua plugin:name=audit_syslog.so.1; p_flags=ua But neither syslog nor auditreduce -c ua... (7 Replies)
Discussion started by: glisha
7 Replies

4. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

5. Solaris

useradd giving error in solaris 10

Hi, I have installed Solaris 10 in my PC and now installing Oracle10, but while adding a user i am getting following error: useradd -g oinstall -G dba -d /export/home/oracle oracle UX: useradd: ERROR: Inconsistent password files. See pwconv(1M). I have tried pwconv command,... (4 Replies)
Discussion started by: amitanshu.verma
4 Replies

6. UNIX for Advanced & Expert Users

Problem with useradd, -p option in Solaris 10

Good day all. I'm trying to add a user with useradd and the -p option to assign a project name, but the result is that the user is created with an error message: "UX: useradd: user.root name should be all lower case or numeric." The command: useradd -d /export/home/tester -g rtpgrp -G... (2 Replies)
Discussion started by: BRH
2 Replies

7. Solaris

audit useradd userdel usermod in solaris 10

the previous thread on this problem was closed with no resolution/workaround that i could see...have there been any breakthroughs? :wall: (0 Replies)
Discussion started by: lisah66
0 Replies

8. UNIX for Advanced & Expert Users

Solaris 10 useradd confusion[solved]

I installed Solaris 10 (8/11) and added an account for myself. It lives in /export/home/{name} but /etc/passwd shows it is /home/{name} where it seems to be mounted like a filesystem. I tried to create another account from the command line but it doesn't work the same way. I can't find... (7 Replies)
Discussion started by: dokhebi
7 Replies

9. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

10. Solaris

Audit not working on Solaris 10

hi, I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies

LEARN ABOUT OPENSOLARIS

grablogs.conf

grablogs.conf(4)						   File Formats 						  grablogs.conf(4)

NAME

       grablogs.conf - grablogs configuration for libgrablogs.so of the plugins of
	gnome-system-log file

SYNOPSIS

       /usr/lib/gnome-system-log/plugins/grablogs.conf

DESCRIPTION

       The  libgrablogs.so  is	a plugin for gnome-system-log(1), it colloct the log files from the system as many as possible. grablogs.conf is a
       configuration file that contains a set of lines mixed with sh(1) syntax codes and individual
	log files. libgrablogs.so will read the file try to get a log files list for
	gnome-system-log(1). Users can copy the file into $HOME/.gnome2/gnome-system-log/plugins/`uname -p` to overwrite the system default one.

       The grablogs.conf file contains the following configuration categories:

	      [configs]
		     Each line under this category is interpreted as a config file of System. The plugin will open the config file and try to find
		     all system paths of the logs.

	      [commands]
		     Each line under this category is interpreted as a shell command and will be execute through a pipe. And each line of the out-
		     put of the command will be interpreted as a log path.

	      [logs] Each line under this category is interpreted as a log path.

FILES

       /usr/lib/gnome-system-log/plugins/grablogs.conf
	      The system default configuration file for the plugin libgrablogs.so

       $HOME/.gnome2/gnome-system-log/plugins/`uname -p`/grablogs.conf
	      The user specific configuration file for the plugin libgrablogs.so

EMAMPLE

       [configs]
       /etc/syslog.conf
       [commands]
       for i in `svcs -aH -o FMRI | grep -v lrc `; do svcprop -p restarter/logfile $i  2>/dev/null  ||	svcprop  -q  -p  restarter/alt_logfile	$i
       2>/dev/null ; done
       [logs]
       /var/log/messages
       /var/log/secure
       /var/log/maillog
       /var/log/cron
       /var/log/Xorg.0.log
       /var/log/XFree86.0.log
       /var/log/auth.log
       /var/log/cups/error_log

SEE ALSO

       gnome-system-log(1), pipelog.conf(1)

gnome-utils 2.16.0						    13 Oct 2006 						  grablogs.conf(4)
All times are GMT -4. The time now is 11:53 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy