Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Hpux C2 Auditing
Operating Systems HP-UX Hpux C2 Auditing Post 66059 by gmh on Thursday 10th of March 2005 06:14:10 PM
Old 03-10-2005
Hpux C2 Auditing
I am trying to find out if there are any recommendations regarding what events/system calls should be audited as a starting point. I am new to the auditing side of things and am not really to sure what best to log - any ideas or know of any resources which make recommendations in this respect ???
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Need Script to Use CPUs on a HPUX server to simulate Workload Manager on HPUX.

I am running HPUX and using WLM (workload manager). I want to write a script to fork CPUs to basically take CPUs from other servers to show that the communication is working and CPU licensing is working. Basically, I want to build a script that will use up CPU on a server. Any ideas? (2 Replies)
Discussion started by: cpolikowsky
2 Replies

2. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

3. Cybersecurity

bash auditing

Hi dear friends I have an RHEL5 installed and I gave all users on it rbash shell, Now I want to audit all commands that they did in there shell once they enter them, Can any guide me to the way Thanks (2 Replies)
Discussion started by: reaky
2 Replies

4. HP-UX

pwage-hpux-T for Trusted HPUX servers

I'm sharing this in case anybody needs it. Modified from the original solaris pwage script. This modified hpux script will check /etc/password file on hpux trusted systems search /tcb and grep the required u_succhg field. Calculate days to expiry and notify users via email. original solaris... (2 Replies)
Discussion started by: sparcguy
2 Replies

5. Shell Programming and Scripting

Auditing script

I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies

6. AIX

Help me! AUDITING AIX

Hi All, i've a problem on a AIX server with audit config... when i start the audit i receive this error: root@****:/etc/security/audit > /usr/sbin/audit start Audit start cleanup: The system call does not exist on this system. ** failed setting kernel audit objects I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies

7. Solaris

BSM auditing

Hi , I don't want logs from a particular "library" to get recorded in the audit.log file. Is that possible with BSM? Please guide. Thanks. (2 Replies)
Discussion started by: chinchao
2 Replies

8. AIX

AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system? regards (2 Replies)
Discussion started by: bongo
2 Replies

9. UNIX for Advanced & Expert Users

kinit auditing

I have implemented solaris login authenticating against an active directory server, using solaris x86 on a Dell R810 8xXeon CPUs and 262Gb RAM. The actual OS is: # uname -a SunOS ms-svr012 5.10 Generic_142910-17 i86pc i386 i86pc # cat /etc/release Oracle Solaris 10 9/10... (2 Replies)
Discussion started by: jabberwocky
2 Replies

10. Infrastructure Monitoring

Nagios Auditing

Hi Folks, I have Nagios 3.0.6 which is monitoring 400+ servers in my environment and is administered by multiple administrators. I want to get notified if somebody enable or disable any notification of any of the hosts/services from GUI. Is it possible to configure? If so, how? (0 Replies)
Discussion started by: SiddhV
0 Replies

LEARN ABOUT OSX

getfauditflags

getfauditflags(3BSM)                                                                                                          getfauditflags(3BSM)

NAME

       getfauditflags - generate process audit state

SYNOPSIS

       cc [ flag... ] file... -lbsm  -lsocket -lnsl [ library... ]
       #include <sys/param.h>
       #include <bsm/libbsm.h>

       int getfauditflags(au_mask_t *usremasks, au_mask_t *usrdmasks, au_mask_t *lastmasks);

       The  getfauditflags()  function  generates  a  process audit state by combining the audit masks  passed as parameters with the system audit
       masks specified in the audit_control(4) file. The getfauditflags() function obtains the system  audit  value  by  calling  getacflg()  (see
       getacinfo(3BSM)).

       The  usremasks  argument points to au_mask_t fields that contains two values. The first value defines which events are always to be audited
       when they succeed. The second value defines which events are always to be audited when they fail.

       The usrdmasks argument points to au_mask_t fields that contains two values.  The first value defines which events are never to  be  audited
       when they succeed. The second value defines which events are never to be audited when they fail.

       The  structures  pointed  to  by  usremasks  and usrdmasks can be obtained from the audit_user(4) file by calling getauusernam(3BSM), which
       returns a pointer to a strucure containing all audit_user(4) fields for a user.

       The output of this function is stored in lastmasks, a pointer of type au_mask_t as well. The first value defines which  events  are  to  be
       audited when they succeed and the second defines which events are to be audited when they fail.

       Both usremasks and usrdmasks override the values in the system audit values.

       Upon successful completion, getfauditflags() returns 0. Otherwise it returns -1.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |MT-Level                     |MT-Safe                      |
       +-----------------------------+-----------------------------+

       bsmconv(1M), getacinfo(3BSM), getauditflags(3BSM), getauusernam(3BSM), audit.log(4),  audit_control(4), audit_user(4), attributes(5)

       The functionality described on this manual page is available only if the Basic Security Module (BSM) has been enabled.  See bsmconv(1M) for
       more information.

                                                                    31 Mar 2005                                               getfauditflags(3BSM)
All times are GMT -4. The time now is 02:26 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy