Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Audit not working on Solaris 10
Operating Systems Solaris Audit not working on Solaris 10 Post 303036640 by solaris_1977 on Friday 5th of July 2019 04:28:49 PM
Old 07-05-2019
Audit not working on Solaris 10
hi,
I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how can I enable it.
Code:
# cat /etc/security/audit_control
#
# Copyright (c) 1988 by Sun Microsystems, Inc.
#
# ident "@(#)audit_control.txt  1.4     00/07/17 SMI"
#
dir:/var/audit/audit-sol
flags:lo,ad
minfree:20
naflags:lo
# audit -v /etc/security/audit_control
syntax ok
# 
# svcs -a | grep audit
maintenance    13:18:04 svc:/system/auditd:default
# tail -5 /var/svc/log/system-auditd:default.log
[ Jul  5 13:18:04 Stopping for maintenance due to administrative_request. ]
[ Jul  5 13:18:04 Stopping for maintenance due to administrative_request. ]
[ Jul  5 13:18:04 Stopping for maintenance due to administrative_request. ]
[ Jul  5 13:18:04 Stopping for maintenance due to administrative_request. ]
[ Jul  5 13:18:04 Stopping for maintenance due to administrative_request. ]
#

Thanks
 

10 More Discussions You Might Find Interesting

1. Solaris

Sun Solaris Audit Program

Hi All, Any one has, sun solaris audit program which covers everything one need to check as a security auditor. Audit Program will help. Thanks, Ghanshyam Emails not allowed - see the Rules (4 Replies)
Discussion started by: ghanshyampatel
4 Replies

2. Solaris

Solaris BSM audit log

I got a lot of this message in my /var/audit log how can I exclude this message? header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument ,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies

3. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

4. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

5. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

6. Solaris

Solaris 10 Services - Audit and Closure

Hello We have recently been through an audit of our solaris servers. All our solaris servers are running version 10. We have been told to close down all the services and we have closed what we could by using svcadm disable We only wish to let ssh and the ftp service to run. Below is a... (3 Replies)
Discussion started by: sollyshah
3 Replies

7. Solaris

Cron audit problem in Solaris 8

cron audit problem. job failed I’m getting problem with crontab in Solaris 8 Crontab stop and is not running for all the cron jobs under cat /var/cron/log > CMD: /var/sh/go.sh > root 24835 c Sun Sep 26 08:06:00 2010 < root 24835 c Sun Sep 26 08:06:00 2010 rc=1 ! cron audit problem.... (5 Replies)
Discussion started by: Mr.AIX
5 Replies

8. Solaris

Solaris - remote server audit

Looking for some way of running a script on one machine, giving it a list of IP addresses and it goes away and gets info from them. Things such as server type, memory, processors etc. Does such a thing exist? (3 Replies)
Discussion started by: psychocandy
3 Replies

9. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

10. Solaris

Solaris 10 audit, need to catch redirections

Hello, I've installed solaris audit on a Solaris 10 SPARC system. Latest patch 143962-04 is installed. My problem is that while I can catch all arguments and processes created, I cannot catch a redirection. ie cat /tmp/test.txt > /tmp/test2.txtCatches the first part but not the redirection.... (5 Replies)
Discussion started by: gowron
5 Replies

LEARN ABOUT LINUX

audit_binfile

audit_binfile(5)					Standards, Environments, and Macros					  audit_binfile(5)

NAME

       audit_binfile - generation of Solaris audit logs

SYNOPSIS

       /usr/lib/security/audit_binfile.so

DESCRIPTION

       The  audit_binfile  plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in
       audit_control(4); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4).

       The audit_binfile plugin is loaded by auditd if audit_control contains one or more lines defining audit directories by means  of  the  dir:
       specification or if audit_control has a plugin: specification of name=audit_binfile.so.

OBJECT ATTRIBUTES

       The  p_dir and p_minfree attributes are equivalent to the dir: and minfree: lines described in audit_control. If both the dir: line and the
       p_dir attribute are used, the plugin combines all directories into a single list with those specified by means of dir: at the front of  the
       list. If both the minfree and the p_minfree attributes are given, the p_minfree value is used.

EXAMPLES

       The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of
       required free space per directory.

       flags: lo,ad,-fm
       naflags: lo,ad
       plugin: name=audit_binfile.so;
       p_minfree=20;
       p_dir=/etc/security/jedgar/eggplant,
       /etc/security/jedgar.aux/eggplant,
       /etc/security/global/eggplant

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auditd(1M), audit_control(4), syslog.conf(4), attributes(5)

SunOS 5.10							    20 May 2003 						  audit_binfile(5)
All times are GMT -4. The time now is 08:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy