AUDIT(8) AppArmor AUDIT(8)NAME
aa-audit - set a AppArmor security profile to audit mode.
SYNOPSIS
aa-audit <executable> [<executable> ...]
DESCRIPTION
aa-audit is used to set the audit mode for one or more profiles to audit. In this mode security policy is enforced and all access
(successes and failures) are logged to the system log.
BUGS
None. Please report any you find to bugzilla at <http://bugzilla.novell.com>.
SEE ALSO apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), change_hat(2), and <http://forge.novell.com/modules/xfmod/project/?apparmor>.
NOVELL /SUSE 2008-06-11 AUDIT(8)
Check Out this Related Man Page
UNCONFINED(8) AppArmor UNCONFINED(8)NAME
aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded
SYNOPSIS
aa-unconfined
DESCRIPTION
aa-unconfined will use netstat(8) to determine which processes have open network sockets and do not have AppArmor profiles loaded into the
kernel.
BUGS
aa-unconfined must be run as root to retrieve the process executable link from the /proc filesystem. This program is susceptible to race
conditions of several flavours: an unlinked executable will be mishandled; an executable started before a AppArmor profile is loaded will
not appear in the output, despite running without confinement; a process that dies between the netstat(8) and further checks will be
mishandled. This program only lists processes using TCP and UDP. In short, this program is unsuitable for forensics use and is provided
only as an aid to profiling all network-accessible processes in the lab.
If you find any bugs, please report them to bugzilla at <http://bugzilla.novell.com>.
SEE ALSO netstat(8), apparmor(7), apparmor.d(5), change_hat(2), and <http://forge.novell.com/modules/xfmod/project/?apparmor>.
NOVELL /SUSE 2008-06-11 UNCONFINED(8)
Hi Guys,
I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please.
this is the config of the audit files:
audit_conto
# Copyright... (18 Replies)
Is there a tool or application the will audit users activity? I've tryed to use audit the comes with AIX but to gathers so much information it is near impossible to see what they are doing. I just want to monitor logins and and files they create or change. (9 Replies)
I remember there is a command can trace what I have done on aix. such as when I run smitty user to add a new user, run any command on aix, install some application software on aix, just like trace every step and every screen out to a file.
I forget what command is, does anyone know it? (6 Replies)
I just want to audit and log to syslog when a user is added, removed or modified from the system.
According to the docs I have:
#/etc/security/audit_control
dir:/var/audit
flags:ua
minfree:20
naflags:ua
plugin:name=audit_syslog.so.1; p_flags=ua
But neither syslog nor auditreduce -c ua... (7 Replies)
Hello,
is there some way to track what shell commands some user is executing ?
Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ...
I have 2.6.13-1.1526_FC4smp (9 Replies)
Hi,
I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access.
Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
I am a bash beginner and I need to write an script to check my users login time. This has to be in a format of :
This script has to work on a server to check all the users. I know that I have to use "last" command but I have no idea how to do it.
any assistance is appreciated.
Thanks (17 Replies)
Hello All
I am trying to get a list of process or applications runninging on the network only. I should emphasize that im not interested in the application or process if its not using the network.
I tried the good old netstat comand, but im not able to figure out how to list the running... (8 Replies)
I am trying to find out the information of my local desktop when i use putty to login to an AIX server.
This is what I do:
1. login to my PC
2. take a putty session to an AIX server
Can i get information of my local desktop from the AIX server ? Is there a command available ?
Thanks (8 Replies)
Hi
I'm working on AIX.
My question: for example, I'm logging in. I enter command "last" and then I know there are 3 people logging in from 3 different IP at the same time, 2 are in the same account. Then someone enters a command.
Is there any way to know exactly who ( which IP ) enters... (9 Replies)
Hi all,
I'm currently engaged for the first time with solaris audit.
There is the need to monitor action on files in specific directories which is something i was unable to find and documentation for.
Can anyone offer any suggestions or workarounds?
Thanx a lot (8 Replies)
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Linux audits in syslog, any time a user is deleted or added. However, I'm running a Solaris11 VM, and find no such entries. How can I enable auditing for useradd and userdel? Oracle's documentation on managing the auditing service, has been of no assistance. Thanks.
Customizing What Is... (7 Replies)