02-11-2005
How many servers are you required to perform an audit on?
And what type of audit are you trying to perform?
9 More Discussions You Might Find Interesting
1. SCO
Hi, everybody
My system will be audit in a few weeks and I need to get a list about users accounts (create date/last login/first login) and I would like to extrat this informations in SCO 5.0.5. Exist a command that makes this?
Thanks for help me,
Tatiana :p (1 Reply)
Discussion started by: tatiana
1 Replies
2. Shell Programming and Scripting
Hi,
I'm automatically FTPing few files daily as a cron job to a remote server.
I wanted to know if there is a way to log the successful transfer in a log on the remote server?
The log on the remote server should look something like this.
10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies
3. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
4. AIX
I need to run a DC wide audit of some oracle filesystems to ensure their all on SAN. In linux its pretty easy since its LVM device structure includes the VG for which that lv is part of (/dev/VGFOO/lv-bar). As such I can just run mount and do some greping to get the needed info.
SO my question... (2 Replies)
Discussion started by: Mattchewie
2 Replies
5. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
6. UNIX for Dummies Questions & Answers
Hi,
AUDITD is reporting the following in the logs:
type=AVC msg=audit(1260289801.448:70566): avc: denied { read write } for pid=18495 comm="postdrop" path="socket:" dev=sockfs ino=12414105 scontext=root:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0... (1 Reply)
Discussion started by: mojoman
1 Replies
7. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
8. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
9. Solaris
Looking for some way of running a script on one machine, giving it a list of IP addresses and it goes away and gets info from them.
Things such as server type, memory, processors etc.
Does such a thing exist? (3 Replies)
Discussion started by: psychocandy
3 Replies
LEARN ABOUT CENTOS
augenrules
AUGENRULES:(8) System Administration Utilities AUGENRULES:(8)
NAME
augenrules - a script that merges component audit rule files
SYNOPSIS
augenrules [--check] [--load]
DESCRIPTION
augenrules is a script that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the
merged file in /etc/audit/audit.rules. Component audit rule files, must end in .rules in order to be processed. All other files in
/etc/audit/rules.d are ignored.
The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.
The last processed -D directive without an option, if present, is always emitted as the first line in the resultant file. Those with an
option are replicated in place. The last processed -b directive, if present, is always emitted as the second line in the resultant file.
The last processed -f directive, if present, is always emitted as the third line in the resultant file. The last processed -e directive,
if present, is always emitted as the last line in the resultant file.
The generated file is only copied to /etc/audit/rules.d, if it differs.
OPTIONS
--check
test if rules have changed and need updating without overwriting audit.rules.
--load load old or newly built rules into the kernel.
FILES
/etc/audit/rules.d/ /etc/audit/audit.rules
SEE ALSO
audit.rules(8), auditctl(8), auditd(8).
Red Hat Apr 2013 AUGENRULES:(8)