audit with streammode and userlogin events

Tags

aix

Operating Systems AIX audit with streammode and userlogin events

12-06-2007

Registered User

384, 2

Join Date: Oct 2007

Last Activity: 17 December 2017, 7:57 PM EST

Location: Toronto, Ontario

Posts: 384

Thanks Given: 0

Thanked 2 Times in 2 Posts

audit with streammode and userlogin events

Hi,

The audit default config has no "authentication" so I added it:

General=USER_Login,USER_Logout,USER_SU,.............

I reset the audit with "audit shutdown". There's no event recorded with it only all other events are recorder.

I check the events for USER_Login/USER_Logout:
.
.
.
TCP_kreceive = printf "fd%d %s"

* commands

* tsm
USER_Login = printf "user: %s tty: %s"
PORT_Locked = printf "Port %s locked due to invalid login attempts"
TERM_Logout = printf "%s"
.
.
.
* logout
USER_Logout = printf "%s"
.
.
.

What do I need to reconfigure so that I could audit logon/logoff on my AIX.

Thanks

itik

View Public Profile for itik

Find all posts by itik

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. HP-UX

Send Audit Events to Syslog

Hi guys, I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command: audisp -r /var/.audit/audtrail/auditfile -P -o follow -O sync | audit_p2l > /var/adm/auditlog I am required to send the...

2. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards

3. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and...

4. AIX

Auditing events

Hi there, I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file: Authentication events (login success, login failure, logout) Privilege use events (change to another user etc.) ...

LEARN ABOUT CENTOS

augenrules

AUGENRULES:(8)						  System Administration Utilities					    AUGENRULES:(8)

NAME

       augenrules - a script that merges component audit rule files

SYNOPSIS

       augenrules [--check] [--load]

DESCRIPTION

       augenrules  is  a  script  that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the
       merged file in /etc/audit/audit.rules. Component audit rule files, must end in .rules  in  order  to  be  processed.  All  other  files	in
       /etc/audit/rules.d are ignored.

       The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.

       The  last  processed  -D  directive without an option, if present, is always emitted as the first line in the resultant file. Those with an
       option are replicated in place.	The last processed -b directive, if present, is always emitted as the second line in the  resultant  file.
       The  last  processed -f directive, if present, is always emitted as the third line in the resultant file.  The last processed -e directive,
       if present, is always emitted as the last line in the resultant file.

       The generated file is only copied to /etc/audit/rules.d, if it differs.

OPTIONS

       --check
	      test if rules have changed and need updating without overwriting audit.rules.

       --load load old or newly built rules into the kernel.

FILES

       /etc/audit/rules.d/ /etc/audit/audit.rules

SEE ALSO

       audit.rules(8), auditctl(8), auditd(8).

Red Hat 							     Apr 2013							    AUGENRULES:(8)

AIX