9 More Discussions You Might Find Interesting
1. UNIX for Beginners Questions & Answers
I want to create a shell script to gather user account information and displays the result to administrator.
I have created a script but its showing all the information when i search for username like:
amit@mx:~$ ./uinfo.sh amit
Username : amit
User Info ... (2 Replies)
Discussion started by: amit1986
2 Replies
2. UNIX for Beginners Questions & Answers
Good afternoon all,
Was un-sure on where to post this so I thought I would use this topic...
I was wondering what best practice people use for the deletion of user profiles on AIX systems?
At the moment, I currently don't delete any user profiles, they are just disabled as they... (1 Reply)
Discussion started by: SteveCPayne
1 Replies
3. AIX
I am trying to find out the information of my local desktop when i use putty to login to an AIX server.
This is what I do:
1. login to my PC
2. take a putty session to an AIX server
Can i get information of my local desktop from the AIX server ? Is there a command available ?
Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies
4. Solaris
Hello,
I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" )
Thanks. (2 Replies)
Discussion started by: niyazi
2 Replies
5. Shell Programming and Scripting
Hello,
is there some way to track what shell commands some user is executing ?
Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ...
I have 2.6.13-1.1526_FC4smp (9 Replies)
Discussion started by: tonijel
9 Replies
6. Shell Programming and Scripting
Hi All,
I need to put in place a UNIX shell script that calls three sql scripts & reports to the DBAs.
I already have the three sql scripts in place & they perform the following database auditing actions:
1. actions.sql
This script queries the DBA_AUDIT _TRAIL table to look for database user... (2 Replies)
Discussion started by: divroro12
2 Replies
7. Solaris
Hello
I have a new job and I need change the last user administrator, I dont know if is easier change some things about this user or add my user in the group with every permission, how can I do it. I dont know which is the group. I think is no only useradd en after modify /etc/passwd.
Tank... (14 Replies)
Discussion started by: cata
14 Replies
8. HP-UX
Hi all
I hope to find what i'm looking for in this forum
as said in the topic i want to track user's actions on the system. i mean also the action of moving or removing files. I have an HP 9000 with HP UX 11i. the users log on the HP from a terminal window under WIndows XP
Thx (3 Replies)
Discussion started by: Timberland
3 Replies
9. AIX
i want to audit user commands ..
keep track of what commands each user has been giving ..
can this be done by writing a script in engraving it in .profile of the user.
or is there any other way of doing this ...
rgds
raj (2 Replies)
Discussion started by: rajesh_149
2 Replies
audit_event(4) File Formats audit_event(4)
NAME
audit_event - audit event definition and class mapping
SYNOPSIS
/etc/security/audit_event
DESCRIPTION
/etc/security/audit_event is a user-configurable ASCII system file that stores event definitions used in the audit system. As part of this
definition, each event is mapped to one or more of the audit classes defined in audit_class(4). See audit_control(4) and audit_user(4) for
information about changing the preselection of audit classes in the audit system. Programs can use the getauevent(3BSM) routines to access
audit event information.
The fields for each event entry are separated by colons. Each event is separated from the next by a NEWLINE.Each entry in the audit_event
file has the form:
number:name:description:flags
The fields are defined as follows:
number Event number.
Event number ranges are assigned as follows:
0 Reserved as an invalid event number.
1-2047 Reserved for the Solaris Kernel events.
2048-32767 Reserved for the Solaris TCB programs.
32768-65535 Available for third party TCB applications.
System administrators must not add, delete, or modify (except to change the class mapping), events with an
event number less than 32768. These events are reserved by the system.
name Event name.
description Event description.
flags Flags specifying classes to which the event is mapped. Classes are comma separated, without spaces.
Obsolete events are commonly assigned to the special class no (invalid) to indicate they are no longer generated. Obsolete
events are retained to process old audit trail files. Other events which are not obsolete may also be assigned to the no
class.
EXAMPLES
Example 1 Using the audit_event File
The following is an example of some audit_event file entries:
7:AUE_EXEC:exec(2):ps,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - local:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - telnet:lo
6155:AUE_rlogin:login - rlogin:lo
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability | See below. |
+-----------------------------+-----------------------------+
The file format stability is Committed. The file content is Uncommitted.
FILES
/etc/security/audit_event
SEE ALSO
bsmconv(1M), getauevent(3BSM), audit_class(4), audit_control(4), audit_user(4)
Part VII, Solaris Auditing, in System Administration Guide: Security Services
NOTES
This functionality is available only if Solaris Auditing has been enabled. See bsmconv(1M) for more information.
SunOS 5.11 26 Jun 2008 audit_event(4)
