Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Audit useradd/userdel - Solaris 11
Operating Systems Solaris Audit useradd/userdel - Solaris 11 Post 303018258 by rbatte1 on Friday 1st of June 2018 11:12:56 AM
Old 06-01-2018
You could intercept the command and insert your own script perhaps. If you have a new directory called /usr/sbin/secure and move the real executables in there, your script to replace them could be something like:-
Code:
#!/bin/ksh

# Record the activity
logger "$(who am i) running $0 $@"
echo   "$(who am i) running $0 $@" >> /var/log/myauditlog

# Call the real command
/usr/bin/secure/${0##*/} $@

It's a bit quick and dirty, and of course could be bypassed, but does that help get you something? I haven't got a Solaris box at present and I recall having to fiddle around with this to get it to work, so this is not a fully tested and working solution but it might get you started on the way.



Kind regards,
Robin
These 2 Users Gave Thanks to rbatte1 For This Post:
Nvizn priyadarshan
 

10 More Discussions You Might Find Interesting

1. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

2. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

3. Solaris

audit useradd, userdel on solaris 10

I just want to audit and log to syslog when a user is added, removed or modified from the system. According to the docs I have: #/etc/security/audit_control dir:/var/audit flags:ua minfree:20 naflags:ua plugin:name=audit_syslog.so.1; p_flags=ua But neither syslog nor auditreduce -c ua... (7 Replies)
Discussion started by: glisha
7 Replies

4. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

5. Solaris

useradd giving error in solaris 10

Hi, I have installed Solaris 10 in my PC and now installing Oracle10, but while adding a user i am getting following error: useradd -g oinstall -G dba -d /export/home/oracle oracle UX: useradd: ERROR: Inconsistent password files. See pwconv(1M). I have tried pwconv command,... (4 Replies)
Discussion started by: amitanshu.verma
4 Replies

6. UNIX for Advanced & Expert Users

Problem with useradd, -p option in Solaris 10

Good day all. I'm trying to add a user with useradd and the -p option to assign a project name, but the result is that the user is created with an error message: "UX: useradd: user.root name should be all lower case or numeric." The command: useradd -d /export/home/tester -g rtpgrp -G... (2 Replies)
Discussion started by: BRH
2 Replies

7. Solaris

audit useradd userdel usermod in solaris 10

the previous thread on this problem was closed with no resolution/workaround that i could see...have there been any breakthroughs? :wall: (0 Replies)
Discussion started by: lisah66
0 Replies

8. UNIX for Advanced & Expert Users

Solaris 10 useradd confusion[solved]

I installed Solaris 10 (8/11) and added an account for myself. It lives in /export/home/{name} but /etc/passwd shows it is /home/{name} where it seems to be mounted like a filesystem. I tried to create another account from the command line but it doesn't work the same way. I can't find... (7 Replies)
Discussion started by: dokhebi
7 Replies

9. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

10. Solaris

Audit not working on Solaris 10

hi, I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies

LEARN ABOUT DEBIAN

snntpd

snntpd,v0.3.8(8)					      System Manager's Manual						  snntpd,v0.3.8(8)

NAME

       snntpd - small news server

SYNOPSIS

       snntpd [-t timeout] [-P] [-S] [logger...]

DESCRIPTION

       snntpd  is  a  small  news server.  It needs to be run under inetd or tcpserver, as root or as the owner of /var/spool/sn.  snntpd does not
       fork into the background.  It expects to read and write from and to the network on descriptors 0 and 1.

ARGUMENTS

       logger...  (usually /usr/bin/logger) is taken to be a logging program, and all log output is piped to it.  If logger...	is not	specified,
       log messages are directed to descriptor 2.

OPTIONS

       -t timeout
	      specifies how long snntpd should wait for input before it gives up and exits.  timeout is in seconds and defaults to 600.

       -P     snntpd includes it's pid in log output.

       -S     Suppress	NNTP  greeting on startup.  This is useful if you want to perform authentication before running snntpd, or want to provide
	      your own greeting, from a wrapper.

POSTING AND POSTING PERMISSIONS

       Posts are usually handled externally by the /usr/sbin/SNPOST script, which is responsible for fine-grain posting control; handling of  con-
       trol messages; and the ultimate distribution of the posted article.

       snntpd permits or denies posting in a very simple manner:

       If /var/spool/sn/.nopost exists, posting is not allowed.

       Otherwise, if the environment variable POSTING_OK is not set, posting is not allowed.

       Otherwise if POSTING_OK is set (to the empty string), posting is generally allowed, and all POSTed articles are piped to the SNPOST script,
       which has the final say in the matter.  The value of $POSTING_OK is not currently used, but is reserved.

FILES

       /var/spool/sn/.fifo
	      If this file exists, and is a fifo, snntpd will write the name of a newsgroup into it as that newsgroup becomes the current one.	If
	      the fifo does not exist snntpd will not create it.

       /var/spool/sn/.noservice
	      If  this file exists, snntpd will display its first line and exit.  If the file can't be read or is empty, a default message is dis-
	      played.  This is useful for temporarily disabling the news server while you perform any maintenance.

       /var/spool/sn/.nopost
	      See POSTING PERMISSIONS above.

       /var/spool/sn/.SNPOST
	      If this script or program exists, it is invoked instead of SNPOST to accept a posted article.

       /var/spool/sn/news.group.name/.nopost
	      These files really belong to SNPOST, and it is unfortunate that snntpd has to check for their existence  to  determine  the  posting
	      flag for the LIST command.  See /usr/sbin/SNPOST.

       /var/spool/sn/news.group.name/.info
	      If this file exists, its first line is taken as the description of that group for use with the LIST NEWSGROUPS command.

       /var/spool/sn/news.group.name/.times
	      is a binary file containing entry times, to support the NEWNEWS command.

       /var/spool/sn/news.group.name/.created
	      is an empty file retained for it's timestamp, to support the NEWGROUPS command.

SIGNALS

       If  snntpd  catches  SIGHUP,  the files /var/spool/sn/{.fifo,.noservice,.nopost} (see below) are checked again, as they are during startup.
       Other signals have default behaviour.

ENVIRONMENT VARIABLES

       See also /usr/sbin/SNPOST for a list of environment variables exported by snntpd.

       PATH   The PATH must be set such that snntpd can find SNPOST in order to accept postings.  If PATH does not  include  /usr/sbin,  /usr/sbin
	      will be appended to it.

       POSTING_OK
	      This variable helps determine the site-wide posting policy.  See POSTING PERMISSIONS above.

       TCPREMOTEIP
	      If  this	value is set, it is taken to be the dotted-quad IP address of the connecting client.  If it is not set, snntpd attempts to
	      derive it for itself, and then set its value.

       TCPLOCALIP
	      as above, but for the server's dotted-quad IP.

       SNROOT If this is set and is not empty, the value is used everywhere in place of /var/spool/sn, the default news spool directory.

SEE ALSO

       snsend(8), /usr/sbin/SNPOST

N.B.								    Harold Tay							  snntpd,v0.3.8(8)
All times are GMT -4. The time now is 07:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy