AIX auditing


 
Thread Tools Search this Thread
Operating Systems AIX AIX auditing
# 1  
Old 09-29-2011
AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system?

regards
# 2  
Old 09-29-2011
Can't help you out with particular hints, but in case you do not already know them, there are IBM Redbooks about it (quite old):
IBM Redbooks | Auditing and Accounting on AIX
and
IBM Redbooks | Accounting and Auditing on AIX 5L

Depending on your version of AIX, there is also a Security handbook. Here for AIX 7:
http://publib.boulder.ibm.com/infoce...curity_pdf.pdf

I remember there is one for AIX 6 too.
# 3  
Old 10-02-2011
first of all what you need to know is where is the audit files located.
1) audit configuration files are located in /etc/security/audit
2)destination of audit log /audit (this is the main audit)
### for stream mode ###
1) log file /audit/stream.out
**strongly suggest /audit is mounted as a file system**
##make sure /etc/security/streamcmds contains##
Code:
/usr/sbin/auditstream | auditpr -v > /audit/stream.out &

in /etc/security/audit/config file, select which mode is used at startup
:: streammode = on (for stream mode)

after that running audit by using command
Code:
:: /usr/sbin/audit start

query the configuration by using command
Code:
::/usr/sbin/audit query

shutdown audit by using command
Code:
::/usr/sbin/audit shutdown

example::
Code:
# /usr/sbin/audit shutdown
# sleep 5
# mv /audit/stream.out /audit/audit`date +%m%d`.log
# /usr/sbin/audit start
# fuser -k /audit/audit`date +%m%d`.log 


Last edited by zxmaus; 10-05-2011 at 09:02 PM.. Reason: added code tags
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

Configure AIX server to send logs and auditing to Qradar

Hi All I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,, The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc ) my skype account khaled_ly84 ... (4 Replies)
Discussion started by: khaled_ly84
4 Replies

2. AIX

User auditing from AIX server

I am trying to find out the information of my local desktop when i use putty to login to an AIX server. This is what I do: 1. login to my PC 2. take a putty session to an AIX server Can i get information of my local desktop from the AIX server ? Is there a command available ? Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies

3. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

4. AIX

Help me! AUDITING AIX

Hi All, i've a problem on a AIX server with audit config... when i start the audit i receive this error: root@****:/etc/security/audit > /usr/sbin/audit start Audit start cleanup: The system call does not exist on this system. ** failed setting kernel audit objects I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies

5. AIX

AIX Auditing problam

i have sucessfully enable the auditing on AIX with adding som onjects. but when i go for auditpr -v < /audit/trail vlets say i reset audit at last dat 5 pm auditpr -v < /audit/trail will show up to last day 5 pm. i have to reset audit every time to check latest logs. please... (3 Replies)
Discussion started by: prashantjain07
3 Replies

6. AIX

AIX auditing

I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only? Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies

7. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

8. AIX

Aix auditing : performance impact

can someone help me find out the impact of enabling audting on the entire root filesystem. does it have a major hit on the overall performance of the system Thanks so much (0 Replies)
Discussion started by: iam
0 Replies

9. AIX

turning auditing on AIX 4.3

Hi, What's the best way to turn on the auditing in AIX 4.3? I'm in an environment where root password are shared with many users. Can sudoers member be audited properly? Thanks (1 Reply)
Discussion started by: itik
1 Replies

10. UNIX for Dummies Questions & Answers

System Auditing

Hi all, Have been asked to learn up on providing Sytem Auditing on two SCO boxes. Where should I start and what pointers can anyone provide. Whilst I'm learning to look after these two SCO boxes, I'm also to eventually look after three Compaq DS20E True64 Unix boxes also in the near future. (2 Replies)
Discussion started by: Cameron
2 Replies
Login or Register to Ask a Question