BSM auditing issues, need to audit "permission denied"


 
Thread Tools Search this Thread
Operating Systems Solaris BSM auditing issues, need to audit "permission denied"
# 1  
Old 02-09-2011
BSM auditing issues, need to audit "permission denied"

Let me preface with I am semi-new to Solaris. I work with it in the labs at work and that's about my extent (although I run Linux at home).

Well, a week ago security comes around with updated requirements, some of which are the need to audit all failures. For the life of me I cannot get a failure of "more" or "cd" to show up in the audits. I am running Solaris 8.

/etc/security/audit_control

dir: /var/audit
flags: lo, -fc,-fd,-fr,-fw,-fm,-ad,-pc,-ex,-fa
minfree: 20
naflags: lo, -fc,-fd,-fr,-fw,-fm,-ad,-pc,-ex

So I updated that, logged in as myself and kicked up some errors, but nothing different shows up in the audit file. I kick off an audit by:

auditreduce -c XXX | praudit | /var/report_creator_f.pl

Where XXX is the flag, I do it for every flag and write the audits to a terminal to review them.

The thing is, no errors from me trying to access root files are being kicked up. Anything I am doing wrong??

Thank you in advance.

---------- Post updated at 04:27 PM ---------- Previous update was at 03:32 PM ----------

Correction: They are showing up but they only from /var and some /etc. When I did a cd into /Mail it did not kick up an event. Where are these "security relevant" files called out? And how the heck do i change it??
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. OS X (Apple)

"Permission denied" when trying to SSH my iPhone though password is correct

Hi, I hope this is the correct section in the forum to post as I'm trying to SSH from my MacBook. I was looking to see whether ssh on my jailbroken iPhone 6s (10.3.1) still works fine and was following this old reddit guide. I installed OpenSSH&OpenSSL from Cydia and changed the password using... (7 Replies)
Discussion started by: hss1
7 Replies

2. AIX

SSH connection "Permission denied"

Hello, I tried to connect with root or any other user to AIX using ssh. It throws me error like Permission denied (publickey,keyboard-interactive). i don't know why!! and the PermitRootLogin is yes any help will be appreciated Thanks (7 Replies)
Discussion started by: moudmm
7 Replies

3. Solaris

"Permission denied" when changing IP netmask

hello everyone, I am new on unix systems. I am working with a Solaris 10 OS. When i try to change netmask on certain interface: I get: How can i enable permission for changing that ? I have administrator privileges. Your help is much appreciated. thanks, (13 Replies)
Discussion started by: pablod76
13 Replies

4. UNIX for Advanced & Expert Users

Showing "permission denied" when trying to login in - Montavista Linux

Hello friends, I have scratched my system and after that when I am trying to access the console via root login it's failing with an error message of "permission denied". I am able to access the other login, I am having only problem with root and some other user login. I am using an telnet... (7 Replies)
Discussion started by: sanoop
7 Replies

5. Linux

Showing "permission denied" when trying to login in - Montavista Linux

Hello friends, I have scratched my system and after that when I am trying to access the console via root login it's failing with an error message of "permission denied". I am able to access the other login, I am having only problem with root and some other user login. I am using an telnet... (2 Replies)
Discussion started by: sanoop
2 Replies

6. OS X (Apple)

"Permission Denied" while modifying mounted files on MAC

Hi, I have two machines 1. MacOSx (Users --> userMac , IP - a.b.c.d) 2. FreeBSD (Users --> userBSD, IP- p.q.r.s) I want to modify some files of FreeBSD on my MacOS. So, I mounted the FreeBSD folder on my Mac as follows. $ sudo mount -o -P p.q.r.s:/usr/home/user... (5 Replies)
Discussion started by: akash.mahakode
5 Replies

7. UNIX for Advanced & Expert Users

EACCES "Permission denied" while open(2)

guest@ulidtko:~$ id uid=126(guest) gid=134(guest) groups=134(guest) guest@ulidtko:~$ ls -ld /home drwxr-xr-x 8 root root 4096 May 12 19:47 /home guest@ulidtko:~$ ls -l /home ls: cannot open directory /home: Permission denied guest@ulidtko:~$ cat /proc/mounts rootfs / rootfs rw 0 0... (4 Replies)
Discussion started by: ulidtko
4 Replies

8. UNIX for Dummies Questions & Answers

changing password with sudo user " permission denied"

HI All, I am using solaris i created a user adam and updated his permissions in vi sudoers file as follows adam ALL=(ALL) NOPASSWORD: ALL ........... when i create user by logging as sudo user . $ sudo useradd -d /home/kalyan -m -s /bin/sh kalyan sudo: not found ... (6 Replies)
Discussion started by: kalyankalyan
6 Replies

9. UNIX for Advanced & Expert Users

permission denied for ". " (dot space)

Hi, When I try to run a script with ". "(dot space) in my home, it gives me error ".: Permission denied". Any explanation for this behaviour? Thanks in advance, -Ashish (3 Replies)
Discussion started by: shriashishpatil
3 Replies

10. Shell Programming and Scripting

screen throws "permission denied"

Hi all, i've got problem in running a script in background... i have written a script, and i want to run it everytime i log in, but when i log off i want the script to stay (i watch not to run two scripts at one time in the script). so as a normal user i want to do: $ screen my_script & ... (6 Replies)
Discussion started by: miechu
6 Replies
Login or Register to Ask a Question
audit_user(4)							   File Formats 						     audit_user(4)

NAME
audit_user - per-user auditing data file SYNOPSIS
/etc/security/audit_user DESCRIPTION
audit_user is an access-restricted database that stores per-user auditing preselection data. You can use the audit_user file with other authorization sources, including the NIS map audit_user.byname and the NIS+ table audit_user. Programs use the getauusernam(3BSM) routines to access this information. The search order for multiple user audit information sources is specified in the /etc/nsswitch.conf file. See nsswitch.conf(4). The lookup follows the search order for passwd(4). The fields for each user entry are separated by colons (:). Each user is separated from the next by a newline. audit_user does not have general read permission. Each entry in the audit_user file has the form: username:always-audit-flags:never-audit-flags The fields are defined as follows: username User's login name. always-audit-flags Flags specifying event classes to always audit. never-audit-flags Flags specifying event classes to never audit. For a complete description of the audit flags and how to combine them, see audit_control(4). EXAMPLES
Example 1: Using the audit_user File other:lo,am:io,cl fred:lo,ex,+fc,-fr,-fa:io,cl ethyl:lo,ex,nt:io,cl FILES
/etc/nsswitch.conf /etc/passwd /etc/security/audit_user ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability | See below | +-----------------------------+-----------------------------+ The file format stability is evolving. The file content is unstable. SEE ALSO
bsmconv(1M), getauusernam(3BSM), audit_control(4), nsswitch.conf(4), passwd(4) NOTES
This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. SunOS 5.10 2 Jan 2003 audit_user(4)