Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Settings audit logs for different tasks. Help me!!!
Operating Systems Solaris Settings audit logs for different tasks. Help me!!! Post 303040967 by menofmayhem on Monday 11th of November 2019 03:21:23 AM
Old 11-11-2019
In my linux boxes i used the "auditd" tool with this settings in the "audit.rules" file:

Quote:
# Enable the logging

-e 1

# Time
-a always,exit -S adjtimex -S settimeofday -S clock_settime -F euid!=ID_NTP_USER -k time-change

#User Mod
-w /usr/sbin/useradd -p x -k user-modification
-w /usr/sbin/usermod -p x -k user-modification
-w /usr/sbin/adduser -p x -k user-modification
-w /usr/sbin/userdel -p x -k user-modification

# Priv-esc
-w /bin/su -p x -k priv-esc
-w /usr/bin/sudo -p x -k priv-esc

# Log All Root Command
-a exit,always -F arch=b64 -S execve -F euid=0 -k root-command
-a exit,always -F arch=b32 -S execve -F euid=0 -k root-command
Is there a way in solaris to achieve the same config?

Thank u!
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Need help with tasks!

Hi guys! I have a dummy question for u :p I cant find a solution for these tascks...tried everything (i know :cool: ). 1 Issue the following command sleep 1000 Note that sleep 1000 waits 1000 seconds!!! You cannot do anything now!!! 2 Open another terminal window and enter the tty... (1 Reply)
Discussion started by: RomeO
1 Replies

2. Shell Programming and Scripting

Grep yesterday logs from weblogic logs

Hi, I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows: """"""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies

3. Homework & Coursework Questions

Hello.. can someone help my with this tasks?

1. Write a shell program which renames the current directory with the given file extension to another extension. The playoffs are given on the command line. Example usage: $ Rename txt doc will be renamed: aaa.txt in aaa.doc Juhutxt in Juhudoc ... * To solve, you can also help with... (5 Replies)
Discussion started by: eclip
5 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Red Hat

Secure & Audit logs

Hi all I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing. I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies

6. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

7. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

8. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

9. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

10. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

LEARN ABOUT POSIX

profiles

profiles(1)															       profiles(1)

NAME

       profiles - print execution profiles for a user

SYNOPSIS

       profiles [-l] [ user ...]

       The  profiles  command  prints  on standard output the names of the execution profiles that have been assigned to you or to the optionally-
       specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform  a  spe-
       cific  function.  Along	with  each  listed executable are the process attributes, such as the effective user and group IDs, with which the
       process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
       Profiles can contain other profiles defined in prof_attr(4).

       Multiple  profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
       the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
       used for process-attribute settings. For convenience, a wild card can be specified to match all commands.

       When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
       (see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
       the authorizations list, and matching entries in exec_attr(4) provide the commands list.

       The following options are supported:

       -l	Lists the commands in each profile followed by the special process attributes such as user and group IDs.

       Example 1: Sample Output

       The output of the profiles command has the following form:

       example% profiles tester01 tester02
       tester01 : Audit Management, All Commands
       tester02 : Device Management, All Commands
       example%

       Example 2: Using the list Option

       example% profiles -l tester01 tester02
       tester01 :
	   Audit Management:
	     /usr/sbin/audit	      euid=root
	     /usr/sbin/auditconfig    euid=root    egid=sys
	   All Commands:
	     *
       tester02 :
	   Device Management:
	     /usr/bin/allocate:       euid=root
	     /usr/bin/deallocate:     euid=root
	   All Commands
	     *
       example%

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

       /etc/security/exec_attr

       /etc/security/prof_attr

       /etc/user_attr

       /etc/security/policy.conf

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

       auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)

								    11 Feb 2000 						       profiles(1)
All times are GMT -4. The time now is 09:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy