02-11-2005
server audit
Hi all..
I need to perform an audit on my servers (ranging form mdk to redhat, knoppix...). I know there exists somewhere a script that could get me back the info i want..
I've googled around, and haven't found anything interesting.. Anyone have some thing i could investigate?
Thanx
Jason
9 More Discussions You Might Find Interesting
1. SCO
Hi, everybody
My system will be audit in a few weeks and I need to get a list about users accounts (create date/last login/first login) and I would like to extrat this informations in SCO 5.0.5. Exist a command that makes this?
Thanks for help me,
Tatiana :p (1 Reply)
Discussion started by: tatiana
1 Replies
2. Shell Programming and Scripting
Hi,
I'm automatically FTPing few files daily as a cron job to a remote server.
I wanted to know if there is a way to log the successful transfer in a log on the remote server?
The log on the remote server should look something like this.
10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies
3. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
4. AIX
I need to run a DC wide audit of some oracle filesystems to ensure their all on SAN. In linux its pretty easy since its LVM device structure includes the VG for which that lv is part of (/dev/VGFOO/lv-bar). As such I can just run mount and do some greping to get the needed info.
SO my question... (2 Replies)
Discussion started by: Mattchewie
2 Replies
5. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
6. UNIX for Dummies Questions & Answers
Hi,
AUDITD is reporting the following in the logs:
type=AVC msg=audit(1260289801.448:70566): avc: denied { read write } for pid=18495 comm="postdrop" path="socket:" dev=sockfs ino=12414105 scontext=root:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0... (1 Reply)
Discussion started by: mojoman
1 Replies
7. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
8. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
9. Solaris
Looking for some way of running a script on one machine, giving it a list of IP addresses and it goes away and gets info from them.
Things such as server type, memory, processors etc.
Does such a thing exist? (3 Replies)
Discussion started by: psychocandy
3 Replies
LEARN ABOUT SUNOS
asadmin-list-audit-modules
asadmin-list-audit-modules(1AS) User Commands asadmin-list-audit-modules(1AS)
NAME
asadmin-list-audit-modules, list-audit-modules - lists all the audit-modules
SYNOPSIS
list-audit-modules --user admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s] [--passwordfile filename]
[--terse=false] [--echo=false] [--interactive=true]
Lists all the audit modules. This command is supported in remote mode only.
OPTIONS
--user authorized domain application server administrative username.
--password password to administer the domain application server.
--host machine name where the domain application server is running.
--port port number of the domain application server listening for administration requests.
--secure if true, uses SSL/TLS to communicate with the domain application server.
--passwordfile file containing the domain application server password.
--terse indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
formatted data for consumption by a script. Default is false.
--echo setting to true will echo the command line statement on the standard output. Default is false.
--interactive if set to true (default), only the required password options are prompted.
Example 1: Using list-audit-modules
asadmin> list-audit-modules --user admin1
--password adminadmin1 --host pigeon --port 5001
Command list-audit-modules executed successfully
EXIT STATUS
0 command executed successfully
1 error in executing the command
asadmin-create-audit-module(1AS), asadmin-delete-audit-module(1AS)
J2EE 1.4 SDK March 2004 asadmin-list-audit-modules(1AS)