Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Question about Auditing
Top Forums UNIX for Advanced & Expert Users Question about Auditing Post 54758 by DPAI on Monday 23rd of August 2004 01:23:46 PM
Old 08-23-2004
Oh i am sorry

The OS is Solaris 9

the script is bsmconv in /etc/security

Thanx

D
 

10 More Discussions You Might Find Interesting

1. Solaris

Solaris 9 Auditing

How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies

2. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

3. AIX

Auditing events

Hi there, I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file: Authentication events (login success, login failure, logout) Privilege use events (change to another user etc.) ... (1 Reply)
Discussion started by: venksel
1 Replies

4. Shell Programming and Scripting

Auditing script

I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies

5. AIX

Help me! AUDITING AIX

Hi All, i've a problem on a AIX server with audit config... when i start the audit i receive this error: root@****:/etc/security/audit > /usr/sbin/audit start Audit start cleanup: The system call does not exist on this system. ** failed setting kernel audit objects I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies

6. Solaris

BSM auditing

Hi , I don't want logs from a particular "library" to get recorded in the audit.log file. Is that possible with BSM? Please guide. Thanks. (2 Replies)
Discussion started by: chinchao
2 Replies

7. AIX

AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system? regards (2 Replies)
Discussion started by: bongo
2 Replies

8. UNIX for Advanced & Expert Users

kinit auditing

I have implemented solaris login authenticating against an active directory server, using solaris x86 on a Dell R810 8xXeon CPUs and 262Gb RAM. The actual OS is: # uname -a SunOS ms-svr012 5.10 Generic_142910-17 i86pc i386 i86pc # cat /etc/release Oracle Solaris 10 9/10... (2 Replies)
Discussion started by: jabberwocky
2 Replies

9. SCO

Auditing: how to enable?

edit: solution found Auditing Quick Start and Compatibility Notes (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

10. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

LEARN ABOUT HPUX

audit

audit(5)							File Formats Manual							  audit(5)

NAME

       audit - introduction to HP-UX Auditing System

DESCRIPTION

       The  purpose  of  the  auditing	system	is  to	record instances of access by subjects to objects and to allow detection of any (repeated)
       attempts to bypass the protection mechanism and any misuses of privileges, thus acting as a deterrent against system  abuses  and  exposing
       potential security weaknesses in the system.

   User and Event Selection
       The auditing system provides administrators with a mechanism to select users and activities to be audited.

       On  a  system  that  has  been  converted  to trusted mode, users are assigned unique identifiers called by the administrator, which remain
       unchanged throughout a user's history.  See about trusted mode.	The command is used to specify those users who are to be audited.

       On a system that has not been converted to trusted mode, each login session is assigned a unique identifier called The is a  string  repre-
       senting	information such as user name and login time.  It can uniquely identify each login session and the person responsible for the ses-
       sion.  See also setauduser(3) and getauduser(3).  The command is used to specify those users who are to be audited.  See userdbset(1M)  and
       userdb(4).  The associated attribute is called and is described in security(4).

       The  command  is  used  to specify system activities (auditable events) that are to be audited.	Auditable events are classified into event
       categories and profiles for easier configuration.  Once an event category or a profile is selected,  all  system  calls	and  self-auditing
       events  associated with that event category or profile are selected.  When the auditing system is installed, a default set of event classi-
       fication information is provided in file In order to meet site-specific requirements, administrators may also define event  categories  and
       profiles in See audit.conf(4) and audevent(1M) for more information.

       Note  that  even if an user is not selected for auditing, it is expected that some records may still be generated at the time user starts a
       session and ends a session.  Those are considered as system-wise information that are more in favor of event selection than the user selec-
       tion.   Other  programs	that  do self-auditing may also make arbitrary decision to ignore the user selection though it is not recommended.
       More information about self-auditing programs can be found later.

   Starting and Halting the Auditing System
       The administrator can use the command to start or halt the auditing system, or to get a brief summary of the status of  the  audit  system.
       Prior  to starting the auditing system, also validates the parameters specified, and ensures that the auditing system is in a safe and con-
       sistent state.  See audsys(1M) for more information.

   Monitoring the Auditing System
       To ensure that the auditing system operates normally and to detect abnormal behaviors, a privileged program, runs in the background to mon-
       itor  various  auditing	system	parameters.  When these parameters take on abnormal (dangerous) values, or when components of the auditing
       system are accidentally removed, prints warning messages and tries to resolve the problem if possible.  See audomon(1M) for  more  informa-
       tion.   can  be	spawned by (as part of the start-up process) when the system is booted up if the parameter AUDITING is set to 1 in file It
       can also be started any time by a privileged user.

   Viewing of Audited Data
       The command is used to view audited data recorded in log files.	The command merges the log files into a single audit trail in  chronologi-
       cal  sequence.	The  administrator  can  select viewing criteria provided by the command to limit the search to particular kinds of events
       which the administrator is interested in investigating.

   Audit Trails
       At any time when the auditing system is enabled, at least an audit trail must be present.  The trail name and various  attributes  for  the
       trail  can  be specified using When the current trail exceeds the specified size, or when the auditing file system is dangerously full, the
       system automatically switches to another trail with the same base name but a different timestamp extension and begin recording  to  it.	 A
       script  can  be	specified  using  to  perform various operations on the last audit trail after each successful switch.	If trail switch is
       unsuccessful, warning messages are sent to request appropriate administrator action.

   Self-auditing Programs
       To reduce the amount of log data and to provide a higher-level recording of some typical system operations, a collection of privileged pro-
       grams  are given capabilities to perform self-auditing.	This means that the programs can suspend the currently specified auditing on them-
       selves and produce a high-level description of the operations they perform.  These self-auditing programs are described	in  the  following
       manpages:  at(1), chfn(1), chsh(1), crontab(1), login(1), newgrp(1), passwd(1), audevent(1M), audisp(1M), audsys(1M), audusr(1M), cron(1M),
       groupadd(1M), groupdel(1M), groupmod(1M), init(1M), lpsched(1M), sam(1M), useradd(1M), userdel(1M), and usermod(1M).

	      Note: Only privileged programs are allowed to do self-auditing.  The audit suspension they perform only affects these  programs  and
	      does not affect any other processes on the system.

       Most  of  these	commands  generate audit data under a single event category.  For example, generates the audit data under the event admin.
       Other commands may generate data under multiple event categories.  For example, the command generates  data  under  the	events	login  and
       admin.  For a list of predefined event categories, see audevent(1M).

WARNINGS

       HP-UX 11i Version 3 is the last release to support trusted systems functionality.

       The HP-UX Auditing System continues to work without converting to trusted mode.

AUTHOR

       The auditing system described above was developed by HP.

SEE ALSO

       audevent(1M),  audisp(1M),  audsys(1M),	audusr(1M),  userdbset(1M), audctl(2), audswitch(2), audwrite(2), getaudid(2), getevent(2), setau-
       did(2), setevent(2), getauduser(3), setauduser(3), audit(4), security(4), userdb(4), audit_memory_usage(5),  audit_track_paths(5),  diskau-
       dit_flush_interval(5).

																	  audit(5)
All times are GMT -4. The time now is 02:34 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy