11-11-2019
In my linux boxes i used the "auditd" tool with this settings in the "audit.rules" file:
Quote:
# Enable the logging
-e 1
# Time
-a always,exit -S adjtimex -S settimeofday -S clock_settime -F euid!=ID_NTP_USER -k time-change
#User Mod
-w /usr/sbin/useradd -p x -k user-modification
-w /usr/sbin/usermod -p x -k user-modification
-w /usr/sbin/adduser -p x -k user-modification
-w /usr/sbin/userdel -p x -k user-modification
# Priv-esc
-w /bin/su -p x -k priv-esc
-w /usr/bin/sudo -p x -k priv-esc
# Log All Root Command
-a exit,always -F arch=b64 -S execve -F euid=0 -k root-command
-a exit,always -F arch=b32 -S execve -F euid=0 -k root-command
Is there a way in solaris to achieve the same config?
Thank u!
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi guys! I have a dummy question for u :p
I cant find a solution for these tascks...tried everything (i know :cool: ).
1 Issue the following command sleep 1000
Note that sleep 1000 waits 1000 seconds!!! You cannot do anything now!!!
2 Open another terminal window and enter the tty... (1 Reply)
Discussion started by: RomeO
1 Replies
2. Shell Programming and Scripting
Hi,
I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows:
""""""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies
3. Homework & Coursework Questions
1. Write a shell program which renames the current directory with the given file extension to another extension. The playoffs are given on the command line.
Example usage:
$ Rename txt doc
will be renamed:
aaa.txt in aaa.doc
Juhutxt in Juhudoc
...
* To solve, you can also help with... (5 Replies)
Discussion started by: eclip
5 Replies
4. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
5. Red Hat
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies
6. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
7. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
8. Solaris
Hello all,
I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.
However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.
So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies
9. Solaris
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Discussion started by: bentech4u
9 Replies
10. Shell Programming and Scripting
Appreciate help for the below issue.
Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt..............
1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies
profiles(1) profiles(1)
NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-
specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform a spe-
cific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the
process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
(see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
the authorizations list, and matching entries in exec_attr(4) provide the commands list.
The following options are supported:
-l Lists the commands in each profile followed by the special process attributes such as user and group IDs.
Example 1: Sample Output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
The following exit values are returned:
0 Successful completion.
1 An error occurred.
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)
11 Feb 2000 profiles(1)