Login or Register to Ask a Question and Join Our Community


Solaris

Solaris user auditing

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Solaris user auditing
# 1  
Old 09-21-2010
Solaris user auditing
Hello,

I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" )

Thanks.
# 2  
Old 09-21-2010
if the user doesn't disable auditing... you can. a better option would bei "RBAC" for a finer granularity in user rights. so you can have a user with almost root capability, just without the right to mess with auditing.

http://docs.sun.com/app/docs/doc/816...8?l=all&a=view
# 3  
Old 09-22-2010
Well, I am also using RBAC with LDAP auth. This is not the case.

We have 3rd party application that needs root (userid 0) acount to be managed. So we grant related users "sudo su -" permission. What I am trying to find is when two or more users are logged in and switched to root, how could I determine which user (with root account) did what ?

---------- Post updated 09-22-10 at 09:00 AM ---------- Previous update was 09-21-10 at 12:07 PM ----------

Hi again,

I figured out a solution as follows:

Each login via ssh is logged as an entry in /var/adm/lastlog, I could see it using "last" command. So I know which user is connected to which terminal, like "pts/2". So, if I can log shell history with the terminal information then I could easily find which command is executed by which user.

Am I missing anything that should be taken into account ?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Exclude an specific directory for auditing in Solaris 10

Hello, Im glad to become a member of this forums, Im new on solaris and recentrly im introducing to use auditing service in that system. The need is, that I need how to exclude a directory to the audit service not audit it. And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies

2. AIX

User auditing from AIX server

I am trying to find out the information of my local desktop when i use putty to login to an AIX server. This is what I do: 1. login to my PC 2. take a putty session to an AIX server Can i get information of my local desktop from the AIX server ? Is there a command available ? Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies

3. Shell Programming and Scripting

user auditing

Hello, is there some way to track what shell commands some user is executing ? Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ... I have 2.6.13-1.1526_FC4smp (9 Replies)
Discussion started by: tonijel
9 Replies

4. Shell Programming and Scripting

Script for Oracle user activity auditing

Hi All, I need to put in place a UNIX shell script that calls three sql scripts & reports to the DBAs. I already have the three sql scripts in place & they perform the following database auditing actions: 1. actions.sql This script queries the DBA_AUDIT _TRAIL table to look for database user... (2 Replies)
Discussion started by: divroro12
2 Replies

5. UNIX for Advanced & Expert Users

File Auditing in Sun Solaris environment

Hi All, I have a requirement to report us on changing a group of static files. Those are the binary files that run in Production every day. Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code. ... (1 Reply)
Discussion started by: mohan_kumarcs
1 Replies

6. Solaris

Solaris 9 Auditing

How do I setup audit to alert on write conditions for individual files? Thanks. (3 Replies)
Discussion started by: dxs
3 Replies

7. UNIX for Dummies Questions & Answers

solaris BSM and Auditing

Hi Guys, I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please. this is the config of the audit files: audit_conto # Copyright... (18 Replies)
Discussion started by: skywalker850i
18 Replies

8. HP-UX

Auditing User's actions

Hi all I hope to find what i'm looking for in this forum as said in the topic i want to track user's actions on the system. i mean also the action of moving or removing files. I have an HP 9000 with HP UX 11i. the users log on the HP from a terminal window under WIndows XP Thx (3 Replies)
Discussion started by: Timberland
3 Replies

9. AIX

User Auditing

i want to audit user commands .. keep track of what commands each user has been giving .. can this be done by writing a script in engraving it in .profile of the user. or is there any other way of doing this ... rgds raj (2 Replies)
Discussion started by: rajesh_149
2 Replies

10. AIX

Auditing User administrator

Background: I a trying to audit user administration on a AIX box. I am trying to make sure that any changes made by the System administrator to the user accounts (Add users, changing their attributes or deleting users) are accompanied by authorization i.e. the system admin does not make any... (0 Replies)
Discussion started by: gladiator
0 Replies
Login or Register to Ask a Question