Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Audit useradd/userdel - Solaris 11
Operating Systems Solaris Audit useradd/userdel - Solaris 11 Post 303018255 by Nvizn on Friday 1st of June 2018 10:41:06 AM
Old 06-01-2018
Audit useradd/userdel - Solaris 11
Linux audits in syslog, any time a user is deleted or added. However, I'm running a Solaris11 VM, and find no such entries. How can I enable auditing for useradd and userdel? Oracle's documentation on managing the auditing service, has been of no assistance. Thanks.


Customizing What Is Audited -
Managing Auditing in Oracle(R) Solaris 11.3

CentOS, provides with nice and neat results:
Code:
# grep useradd /var/log/*
grep: /var/log/anaconda: Is a directory
grep: /var/log/audit: Is a directory
grep: /var/log/chrony: Is a directory
grep: /var/log/httpd: Is a directory
grep: /var/log/mariadb: Is a directory
grep: /var/log/qemu-ga: Is a directory
grep: /var/log/rhsm: Is a directory
grep: /var/log/sa: Is a directory
/var/log/secure-20180522:May 15 17:33:41 centos7host useradd[1054]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin
/var/log/secure-20180522:May 15 17:50:10 centos7host useradd[1387]: new user: name=mysql, UID=27, GID=27, home=/var/lib/mysql, shell=/sbin/nologin
/var/log/secure-20180522:May 15 18:16:19 centos7host useradd[5588]: new group: name=nagios, GID=1002
/var/log/secure-20180522:May 15 18:16:19 centos7host useradd[5588]: new user: name=nagios, UID=1001, GID=1002, home=/home/nagios, shell=/bin/bash

Last edited by Nvizn; 06-01-2018 at 12:14 PM..
 

10 More Discussions You Might Find Interesting

1. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

2. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

3. Solaris

audit useradd, userdel on solaris 10

I just want to audit and log to syslog when a user is added, removed or modified from the system. According to the docs I have: #/etc/security/audit_control dir:/var/audit flags:ua minfree:20 naflags:ua plugin:name=audit_syslog.so.1; p_flags=ua But neither syslog nor auditreduce -c ua... (7 Replies)
Discussion started by: glisha
7 Replies

4. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

5. Solaris

useradd giving error in solaris 10

Hi, I have installed Solaris 10 in my PC and now installing Oracle10, but while adding a user i am getting following error: useradd -g oinstall -G dba -d /export/home/oracle oracle UX: useradd: ERROR: Inconsistent password files. See pwconv(1M). I have tried pwconv command,... (4 Replies)
Discussion started by: amitanshu.verma
4 Replies

6. UNIX for Advanced & Expert Users

Problem with useradd, -p option in Solaris 10

Good day all. I'm trying to add a user with useradd and the -p option to assign a project name, but the result is that the user is created with an error message: "UX: useradd: user.root name should be all lower case or numeric." The command: useradd -d /export/home/tester -g rtpgrp -G... (2 Replies)
Discussion started by: BRH
2 Replies

7. Solaris

audit useradd userdel usermod in solaris 10

the previous thread on this problem was closed with no resolution/workaround that i could see...have there been any breakthroughs? :wall: (0 Replies)
Discussion started by: lisah66
0 Replies

8. UNIX for Advanced & Expert Users

Solaris 10 useradd confusion[solved]

I installed Solaris 10 (8/11) and added an account for myself. It lives in /export/home/{name} but /etc/passwd shows it is /home/{name} where it seems to be mounted like a filesystem. I tried to create another account from the command line but it doesn't work the same way. I can't find... (7 Replies)
Discussion started by: dokhebi
7 Replies

9. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

10. Solaris

Audit not working on Solaris 10

hi, I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies

LEARN ABOUT SUNOS

nislog

nislog(1M)						  System Administration Commands						nislog(1M)

NAME

       nislog - display the contents of the NIS+ transaction log

SYNOPSIS

       /usr/sbin/nislog [-h num | -t num]  [-v] [directory...]

DESCRIPTION

       nislog  displays  the  contents of the NIS+ server transaction log on the standard output. This command can be used to track changes in the
       namespace. The /var/nis/trans.log file contains the transaction log maintained by the NIS+ server. When updates occur, they are	logged	to
       this  file  and	then  propagated  to replicas as log transactions.  When the log is checkpointed, updates that have been propagated to the
       replicas are removed.

       The nislog command can only be run on an NIS+ server by superuser. It displays the log entries for that server only.

       If directory is not specified, the entire log is searched. Otherwise, only those logs entries that correspond to the specified  directories
       are displayed.

OPTIONS

       -h num	       Display num transactions from the ``head'' of the log. If the numeric parameter is  0, only the log header is displayed.

       -t num	       Display	num transactions from the ``tail'' of the log. If the numeric parameter is  0, only the log header is displayed.

       -v	       Verbose mode.

FILES

       /var/nis/trans.log      transaction log

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnisu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       nis+(1), rpc.nisd(1M), nisfiles(4), attributes(5)

NOTES

       NIS+  might  not  be  supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are
       available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.10							    12 Dec 2001 							nislog(1M)
All times are GMT -4. The time now is 10:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy