audit(7) Miscellaneous Information Manual audit(7)NAME
audit - audit log interface
DESCRIPTION
This is a special character device that provides an interface for the audit daemon process, /usr/sbin/auditd, to the kernel audit buffers.
/dev is now a context dependent symbolic link (CDSL) to /cluster/members/{member}/dev.
RESTRICTIONS
This device should be readable only by root, to protect access by nonsystem processes. The major number assigned to this device must cor-
relate with the corresponding major number designation in the system kernel.
FILES
/dev/audit
RELATED INFORMATION
/MAKEDEV(8), auditd(8)
Security delim off
audit(7)
Check Out this Related Man Page
audit_data(4) File Formats audit_data(4)NAME
audit_data - current information on audit daemon
SYNOPSIS
/etc/security/audit_data
DESCRIPTION
The audit_data file contains information about the audit daemon. The file contains the process ID of the audit daemon, and the pathname of
the current audit log file. The format of the file is:
pid>:<pathname>
Where pid is the process ID for the audit daemon, and pathname is the full pathname for the current audit log file.
EXAMPLES
Example 1: A sample audit_data file.
64:/etc/security/audit/server1/19930506081249.19930506230945.bongos
FILES
/etc/security/audit_data
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Obsolete |
+-----------------------------+-----------------------------+
SEE ALSO audit(1M), auditd(1M), bsmconv(1M), audit(2), audit_control(4), audit.log(4)NOTES
The functionality described on this manual page is internal to audit(1M) and might not be supported in a future release.
The auditd utility is the only supported mechanism to communicate with auditd(1M). The current audit log can be determined by examining the
configured audit directories. See audit_control(4).
The functionality described on this manual page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
more information.
SunOS 5.10 14 Nov 2002 audit_data(4)
Hi Guys,
I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please.
this is the config of the audit files:
audit_conto
# Copyright... (18 Replies)
Is there a tool or application the will audit users activity? I've tryed to use audit the comes with AIX but to gathers so much information it is near impossible to see what they are doing. I just want to monitor logins and and files they create or change. (9 Replies)
I remember there is a command can trace what I have done on aix. such as when I run smitty user to add a new user, run any command on aix, install some application software on aix, just like trace every step and every screen out to a file.
I forget what command is, does anyone know it? (6 Replies)
I just want to audit and log to syslog when a user is added, removed or modified from the system.
According to the docs I have:
#/etc/security/audit_control
dir:/var/audit
flags:ua
minfree:20
naflags:ua
plugin:name=audit_syslog.so.1; p_flags=ua
But neither syslog nor auditreduce -c ua... (7 Replies)
Hello,
is there some way to track what shell commands some user is executing ?
Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ...
I have 2.6.13-1.1526_FC4smp (9 Replies)
Hi,
I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access.
Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
I am a bash beginner and I need to write an script to check my users login time. This has to be in a format of :
This script has to work on a server to check all the users. I know that I have to use "last" command but I have no idea how to do it.
any assistance is appreciated.
Thanks (17 Replies)
Hello All
I am trying to get a list of process or applications runninging on the network only. I should emphasize that im not interested in the application or process if its not using the network.
I tried the good old netstat comand, but im not able to figure out how to list the running... (8 Replies)
I am trying to find out the information of my local desktop when i use putty to login to an AIX server.
This is what I do:
1. login to my PC
2. take a putty session to an AIX server
Can i get information of my local desktop from the AIX server ? Is there a command available ?
Thanks (8 Replies)
Hi
I'm working on AIX.
My question: for example, I'm logging in. I enter command "last" and then I know there are 3 people logging in from 3 different IP at the same time, 2 are in the same account. Then someone enters a command.
Is there any way to know exactly who ( which IP ) enters... (9 Replies)
Hi all,
I'm currently engaged for the first time with solaris audit.
There is the need to monitor action on files in specific directories which is something i was unable to find and documentation for.
Can anyone offer any suggestions or workarounds?
Thanx a lot (8 Replies)
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Linux audits in syslog, any time a user is deleted or added. However, I'm running a Solaris11 VM, and find no such entries. How can I enable auditing for useradd and userdel? Oracle's documentation on managing the auditing service, has been of no assistance. Thanks.
Customizing What Is... (7 Replies)