11-08-2019
Settings audit logs for different tasks. Help me!!!
Hi guys.
I have to set audit logs on certain events on a solaris 10 server.
While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .
I should be able to identify these 4 different events:
1: Tracking all the activities performed by root account
2: Tracking all privilege escalation performed by sudo or su command
3: Tracking all account removal/add in the system
4: Detects system time changes which are not done by a local service or a service account.
Can you give me a hand? Thanks a lot to everyone!
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi guys! I have a dummy question for u :p
I cant find a solution for these tascks...tried everything (i know :cool: ).
1 Issue the following command sleep 1000
Note that sleep 1000 waits 1000 seconds!!! You cannot do anything now!!!
2 Open another terminal window and enter the tty... (1 Reply)
Discussion started by: RomeO
1 Replies
2. Shell Programming and Scripting
Hi,
I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows:
""""""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies
3. Homework & Coursework Questions
1. Write a shell program which renames the current directory with the given file extension to another extension. The playoffs are given on the command line.
Example usage:
$ Rename txt doc
will be renamed:
aaa.txt in aaa.doc
Juhutxt in Juhudoc
...
* To solve, you can also help with... (5 Replies)
Discussion started by: eclip
5 Replies
4. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
5. Red Hat
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies
6. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
7. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
8. Solaris
Hello all,
I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.
However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.
So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies
9. Solaris
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Discussion started by: bentech4u
9 Replies
10. Shell Programming and Scripting
Appreciate help for the below issue.
Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt..............
1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies
userdel(8) System Manager's Manual userdel(8)
NAME
userdel - delete an user account
SYNOPSIS
userdel [-D binddn] [-P path] [-r[-f]]
[--service service] [--help] [-u] [-v] account
DESCRIPTION
userdel deletes an user account from the local system files or a LDAP database and removes all entries that refer to account from the group
database. Before the account is removed, the USERDEL_PRECMD command as defined in login.defs(5) is called, after removal the
USERDEL_POSTCMD command is called.
OPTIONS
-r, --remove-home
Remove the whole home directory and the mail spool of the specified account. Files located in other directories will have to be
searched for and deleted manually.
-f, --force
This option is used to force the removal of files, even if not owned by the account.
--service service
Add the account to a special directory. The default is files, but ldap is also valid.
-D, --binddn binddn
Use the Distinguished Name binddn to bind to the LDAP directory. The user will be prompted for a password for simple authentica-
tion.
-P, --path path
The passwd and shadow files are located below the specified directory path. chpasswd will use this files, not /etc/passwd and
/etc/shadow.
--help Print a list of valid options with a short description.
-u, --usage
Print a short list of valid options.
-v, --version
Print the version number and exit.
FILES
passwd - user account information
shadow - shadow user account information
group - group information
SEE ALSO
passwd(1), login.defs(5), passwd(5), shadow(5), useradd(8), usermod(8)
AUTHOR
Thorsten Kukuk <kukuk@suse.de>
pwdutils October 2003 userdel(8)