03-10-2005
Hpux C2 Auditing
I am trying to find out if there are any recommendations regarding what events/system calls should be audited as a starting point. I am new to the auditing side of things and am not really to sure what best to log - any ideas or know of any resources which make recommendations in this respect ???
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I am running HPUX and using WLM (workload manager). I want to write a script to fork CPUs to basically take CPUs from other servers to show that the communication is working and CPU licensing is working. Basically, I want to build a script that will use up CPU on a server. Any ideas? (2 Replies)
Discussion started by: cpolikowsky
2 Replies
2. UNIX for Advanced & Expert Users
:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs.
Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies
3. Cybersecurity
Hi dear friends
I have an RHEL5 installed and I gave all users on it rbash shell, Now I want to audit all commands that they did in there shell once they enter them, Can any guide me to the way
Thanks (2 Replies)
Discussion started by: reaky
2 Replies
4. HP-UX
I'm sharing this in case anybody needs it. Modified from the original solaris pwage script. This modified hpux script will check /etc/password file on hpux trusted systems search /tcb and grep the required u_succhg field. Calculate days to expiry and notify users via email.
original solaris... (2 Replies)
Discussion started by: sparcguy
2 Replies
5. Shell Programming and Scripting
I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies
6. AIX
Hi All,
i've a problem on a AIX server with audit config...
when i start the audit i receive this error:
root@****:/etc/security/audit > /usr/sbin/audit start
Audit start cleanup: The system call does not exist on this system.
** failed setting kernel audit objects
I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies
7. Solaris
Hi ,
I don't want logs from a particular "library" to get recorded in the audit.log file. Is that possible with BSM? Please guide.
Thanks. (2 Replies)
Discussion started by: chinchao
2 Replies
8. AIX
can some give some tips, most common security issues or and kind of advice about auditing aix system?
regards (2 Replies)
Discussion started by: bongo
2 Replies
9. UNIX for Advanced & Expert Users
I have implemented solaris login authenticating against an active directory server, using solaris x86 on a Dell R810 8xXeon CPUs and 262Gb RAM.
The actual OS is:
# uname -a
SunOS ms-svr012 5.10 Generic_142910-17 i86pc i386 i86pc
# cat /etc/release
Oracle Solaris 10 9/10... (2 Replies)
Discussion started by: jabberwocky
2 Replies
10. Infrastructure Monitoring
Hi Folks,
I have Nagios 3.0.6 which is monitoring 400+ servers in my environment and is administered by multiple administrators. I want to get notified if somebody enable or disable any notification of any of the hosts/services from GUI. Is it possible to configure?
If so, how? (0 Replies)
Discussion started by: SiddhV
0 Replies
audusr(1M) audusr(1M)
NAME
audusr - select users to audit
SYNOPSIS
user] ...] user] ...]
DESCRIPTION
is used to specify users to be audited or excluded from auditing. The command only works for systems that have been converted to trusted
mode.
To select users to audit on systems that have not been converted to trusted mode, use the command. See also audit(5), userdbset(1M),
userdb(4), and in security(4).
If no arguments are specified, displays the audit setting of every user. is restricted to privileged users.
Options
recognizes the following options:
Audit the specified
user. The auditing system records audit records to the ``current'' audit file when the specified user executes audited
events or system calls. Use to specify events to be audited (see audevent(1M)).
Do not audit the specified
user.
Audit all users.
Do not audit any users.
The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified.
Users specified with are audited (or excluded from auditing) beginning with their next login session, until excluded from auditing (or
specified for auditing) with a subsequent invocation. Users already logged into the system when is invoked are unaffected during that
login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
AUTHOR
was developed by HP.
FILES
File containing flags to indicate whether users are audited.
SEE ALSO
audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5).
TO BE OBSOLETED audusr(1M)