Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Settings audit logs for different tasks. Help me!!!
Operating Systems Solaris Settings audit logs for different tasks. Help me!!! Post 303040887 by menofmayhem on Friday 8th of November 2019 06:59:58 AM
Old 11-08-2019
Settings audit logs for different tasks. Help me!!!
Hi guys.

I have to set audit logs on certain events on a solaris 10 server.

While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .

I should be able to identify these 4 different events:



1: Tracking all the activities performed by root account

2: Tracking all privilege escalation performed by sudo or su command

3: Tracking all account removal/add in the system

4: Detects system time changes which are not done by a local service or a service account.



Can you give me a hand? Thanks a lot to everyone!
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Need help with tasks!

Hi guys! I have a dummy question for u :p I cant find a solution for these tascks...tried everything (i know :cool: ). 1 Issue the following command sleep 1000 Note that sleep 1000 waits 1000 seconds!!! You cannot do anything now!!! 2 Open another terminal window and enter the tty... (1 Reply)
Discussion started by: RomeO
1 Replies

2. Shell Programming and Scripting

Grep yesterday logs from weblogic logs

Hi, I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows: """"""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies

3. Homework & Coursework Questions

Hello.. can someone help my with this tasks?

1. Write a shell program which renames the current directory with the given file extension to another extension. The playoffs are given on the command line. Example usage: $ Rename txt doc will be renamed: aaa.txt in aaa.doc Juhutxt in Juhudoc ... * To solve, you can also help with... (5 Replies)
Discussion started by: eclip
5 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Red Hat

Secure & Audit logs

Hi all I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing. I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies

6. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

7. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

8. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

9. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

10. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

LEARN ABOUT POSIX

smf_security

smf_security(5) 					Standards, Environments, and Macros					   smf_security(5)

NAME

       smf_security - service management facility security behavior

DESCRIPTION

       The configuration subsystem for the service management facility, smf(5), requires privilege to modify the configuration of a service. Priv-
       ileges are granted to a user by associating the authorizations described below to the user  through  user_attr(4)  and  prof_attr(4).   See
       rbac(5).

       The following authorization is used to manipulate services and service instances.

       solaris.smf.modify      Authorized to add, delete, or modify services, service instances, or their properties.

   Property Group Authorizations
       The smf(5) configuration subsystem associates properties with each service and service instance. Related properties are grouped. Groups may
       represent an execution method, credential information, application data, or restarter state. The  ability  to  create  or  modify  property
       groups  can  cause  smf(5)  components  to perform actions that may require operating system privilege. Accordingly, the framework requires
       appropriate authorization to manipulate property groups.

       Each property group has a type corresponding to its purpose. The core property group types are method, dependency, application, and  frame-
       work.  Additional  property group types can be introduced, provided they conform to the extended naming convention in smf(5). The following
       basic authorizations, however, apply only to the core property group types:

       solaris.smf.modify.method

	   Authorized to change values or create, delete, or modify a property group of type method.

       solaris.smf.modify.dependency

	   Authorized to change values or create, delete, or modify a property group of type dependency.

       solaris.smf.modify.application

	   Authorized to change values or create, delete, or modify a property group of type application.

       solaris.smf.modify.framework

	   Authorized to change values or create, delete, or modify a property group of type framework.

       solaris.smf.modify

	   Authorized to add, delete, or modify services, service instances, or their properties.

       Property group-specific authorization can be specified by properties contained in the property group.

       modify_authorization    Authorizations allow the addition, deletion, or modification of properties within the property group.

       value_authorization     Authorizations allow changing the values of any property of the property group except modify_authorization.

       The above authorization properties are only used if they have type astring. If an instance property group does not have one of the  proper-
       ties, but the instance's service has a property group of the same name with the property, its values are used.

   Service Action Authorization
       Certain	actions  on service instances may result in service interruption or deactivation. These actions require an authorization to ensure
       that any denial of service is a deliberate administrative action. Such actions include a request for execution of the  refresh  or  restart
       methods,  or  placement	of  a  service instance in the maintenance or other non-operational state. The following authorization allows such
       actions to be requested:

       solaris.smf.manage      Authorized to request restart, refresh, or other state modification of any service instance.

       In addition, the general/action_authorization property can specify additional authorizations that permit service actions  to  be  requested
       for that service instance. The solaris.smf.manage authorization is required to modify this property.

   Defined Rights Profiles
       Two rights profiles are included that offer grouped authorizations for manipulating typical smf(5) operations.

       Service Management

	   A  service  manager	can  manipulate  any  service  in  the	repository  in	any  way.  It  corresponds  to	the solaris.smf.manage and
	   solaris.smf.modify authorizations.

	   The service management profile is the minimum required to use the pkgadd(1M) or pkgrm(1M) commands to add or remove	software  packages
	   that contain an inventory of services in its service manifest.

       Service Operator

	   A  service  operator  has  the  ability to enable or disable any service instance on the system, as well as request that its restart or
	   refresh method be executed. It corresponds to the solaris.smf.manage and solaris.smf.modify.framework authorizations.

	   Sites can define additional rights profiles customized to their needs.

   Remote Repository Modification
       Remote repository servers may deny modification attempts due to additional privilege checks. See NOTES.

SEE ALSO

       auths(1), profiles(1), pkgadd(1M), pkgrm(1M), prof_attr(4), user_attr(4), rbac(5), smf(5)

NOTES

       The present version of smf(5) does not support remote repositories.

SunOS 5.10							     2 Dec 04							   smf_security(5)
All times are GMT -4. The time now is 02:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy