You could intercept the command and insert your own script perhaps. If you have a new directory called /usr/sbin/secure and move the real executables in there, your script to replace them could be something like:-
It's a bit quick and dirty, and of course could be bypassed, but does that help get you something? I haven't got a Solaris box at present and I recall having to fiddle around with this to get it to work, so this is not a fully tested and working solution but it might get you started on the way.
Kind regards,
Robin
These 2 Users Gave Thanks to rbatte1 For This Post:
I just want to audit and log to syslog when a user is added, removed or modified from the system.
According to the docs I have:
#/etc/security/audit_control
dir:/var/audit
flags:ua
minfree:20
naflags:ua
plugin:name=audit_syslog.so.1; p_flags=ua
But neither syslog nor auditreduce -c ua... (7 Replies)
Hi Friends
I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.
Any... (3 Replies)
Hi,
I have installed Solaris 10 in my PC and now installing Oracle10, but while adding a user i am getting following error:
useradd -g oinstall -G dba -d /export/home/oracle oracle
UX: useradd: ERROR: Inconsistent password files. See pwconv(1M).
I have tried pwconv command,... (4 Replies)
Good day all.
I'm trying to add a user with useradd and the -p option to assign a project name, but the result is that the user is created with an error message: "UX: useradd: user.root name should be all lower case or numeric."
The command:
useradd -d /export/home/tester -g rtpgrp -G... (2 Replies)
I installed Solaris 10 (8/11) and added an account for myself. It lives in
/export/home/{name} but /etc/passwd shows it is
/home/{name} where it seems to be mounted like a filesystem. I tried to
create another account from the command line but it doesn't work the same way.
I can't find... (7 Replies)
Dear All,
I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers.
After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
hi,
I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies
LEARN ABOUT DEBIAN
snntpd
snntpd,v0.3.8(8) System Manager's Manual snntpd,v0.3.8(8)NAME
snntpd - small news server
SYNOPSIS
snntpd [-t timeout] [-P] [-S] [logger...]
DESCRIPTION
snntpd is a small news server. It needs to be run under inetd or tcpserver, as root or as the owner of /var/spool/sn. snntpd does not
fork into the background. It expects to read and write from and to the network on descriptors 0 and 1.
ARGUMENTS
logger... (usually /usr/bin/logger) is taken to be a logging program, and all log output is piped to it. If logger... is not specified,
log messages are directed to descriptor 2.
OPTIONS -t timeout
specifies how long snntpd should wait for input before it gives up and exits. timeout is in seconds and defaults to 600.
-P snntpd includes it's pid in log output.
-S Suppress NNTP greeting on startup. This is useful if you want to perform authentication before running snntpd, or want to provide
your own greeting, from a wrapper.
POSTING AND POSTING PERMISSIONS
Posts are usually handled externally by the /usr/sbin/SNPOST script, which is responsible for fine-grain posting control; handling of con-
trol messages; and the ultimate distribution of the posted article.
snntpd permits or denies posting in a very simple manner:
If /var/spool/sn/.nopost exists, posting is not allowed.
Otherwise, if the environment variable POSTING_OK is not set, posting is not allowed.
Otherwise if POSTING_OK is set (to the empty string), posting is generally allowed, and all POSTed articles are piped to the SNPOST script,
which has the final say in the matter. The value of $POSTING_OK is not currently used, but is reserved.
FILES
/var/spool/sn/.fifo
If this file exists, and is a fifo, snntpd will write the name of a newsgroup into it as that newsgroup becomes the current one. If
the fifo does not exist snntpd will not create it.
/var/spool/sn/.noservice
If this file exists, snntpd will display its first line and exit. If the file can't be read or is empty, a default message is dis-
played. This is useful for temporarily disabling the news server while you perform any maintenance.
/var/spool/sn/.nopost
See POSTING PERMISSIONS above.
/var/spool/sn/.SNPOST
If this script or program exists, it is invoked instead of SNPOST to accept a posted article.
/var/spool/sn/news.group.name/.nopost
These files really belong to SNPOST, and it is unfortunate that snntpd has to check for their existence to determine the posting
flag for the LIST command. See /usr/sbin/SNPOST.
/var/spool/sn/news.group.name/.info
If this file exists, its first line is taken as the description of that group for use with the LIST NEWSGROUPS command.
/var/spool/sn/news.group.name/.times
is a binary file containing entry times, to support the NEWNEWS command.
/var/spool/sn/news.group.name/.created
is an empty file retained for it's timestamp, to support the NEWGROUPS command.
SIGNALS
If snntpd catches SIGHUP, the files /var/spool/sn/{.fifo,.noservice,.nopost} (see below) are checked again, as they are during startup.
Other signals have default behaviour.
ENVIRONMENT VARIABLES
See also /usr/sbin/SNPOST for a list of environment variables exported by snntpd.
PATH The PATH must be set such that snntpd can find SNPOST in order to accept postings. If PATH does not include /usr/sbin, /usr/sbin
will be appended to it.
POSTING_OK
This variable helps determine the site-wide posting policy. See POSTING PERMISSIONS above.
TCPREMOTEIP
If this value is set, it is taken to be the dotted-quad IP address of the connecting client. If it is not set, snntpd attempts to
derive it for itself, and then set its value.
TCPLOCALIP
as above, but for the server's dotted-quad IP.
SNROOT If this is set and is not empty, the value is used everywhere in place of /var/spool/sn, the default news spool directory.
SEE ALSO snsend(8), /usr/sbin/SNPOST
N.B. Harold Tay snntpd,v0.3.8(8)