Login or Register to Ask a Question and Join Our Community


Solaris

BSM auditing issues, need to audit "permission denied"

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris BSM auditing issues, need to audit "permission denied"
# 1  
Old 02-09-2011
BSM auditing issues, need to audit "permission denied"
Let me preface with I am semi-new to Solaris. I work with it in the labs at work and that's about my extent (although I run Linux at home).

Well, a week ago security comes around with updated requirements, some of which are the need to audit all failures. For the life of me I cannot get a failure of "more" or "cd" to show up in the audits. I am running Solaris 8.

/etc/security/audit_control

dir: /var/audit
flags: lo, -fc,-fd,-fr,-fw,-fm,-ad,-pc,-ex,-fa
minfree: 20
naflags: lo, -fc,-fd,-fr,-fw,-fm,-ad,-pc,-ex

So I updated that, logged in as myself and kicked up some errors, but nothing different shows up in the audit file. I kick off an audit by:

auditreduce -c XXX | praudit | /var/report_creator_f.pl

Where XXX is the flag, I do it for every flag and write the audits to a terminal to review them.

The thing is, no errors from me trying to access root files are being kicked up. Anything I am doing wrong??

Thank you in advance.

---------- Post updated at 04:27 PM ---------- Previous update was at 03:32 PM ----------

Correction: They are showing up but they only from /var and some /etc. When I did a cd into /Mail it did not kick up an event. Where are these "security relevant" files called out? And how the heck do i change it??
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. OS X (Apple)

"Permission denied" when trying to SSH my iPhone though password is correct

Hi, I hope this is the correct section in the forum to post as I'm trying to SSH from my MacBook. I was looking to see whether ssh on my jailbroken iPhone 6s (10.3.1) still works fine and was following this old reddit guide. I installed OpenSSH&OpenSSL from Cydia and changed the password using... (7 Replies)
Discussion started by: hss1
7 Replies

2. AIX

SSH connection "Permission denied"

Hello, I tried to connect with root or any other user to AIX using ssh. It throws me error like Permission denied (publickey,keyboard-interactive). i don't know why!! and the PermitRootLogin is yes any help will be appreciated Thanks (7 Replies)
Discussion started by: moudmm
7 Replies

3. Solaris

"Permission denied" when changing IP netmask

hello everyone, I am new on unix systems. I am working with a Solaris 10 OS. When i try to change netmask on certain interface: I get: How can i enable permission for changing that ? I have administrator privileges. Your help is much appreciated. thanks, (13 Replies)
Discussion started by: pablod76
13 Replies

4. UNIX for Advanced & Expert Users

Showing "permission denied" when trying to login in - Montavista Linux

Hello friends, I have scratched my system and after that when I am trying to access the console via root login it's failing with an error message of "permission denied". I am able to access the other login, I am having only problem with root and some other user login. I am using an telnet... (7 Replies)
Discussion started by: sanoop
7 Replies

5. Linux

Showing "permission denied" when trying to login in - Montavista Linux

Hello friends, I have scratched my system and after that when I am trying to access the console via root login it's failing with an error message of "permission denied". I am able to access the other login, I am having only problem with root and some other user login. I am using an telnet... (2 Replies)
Discussion started by: sanoop
2 Replies

6. OS X (Apple)

"Permission Denied" while modifying mounted files on MAC

Hi, I have two machines 1. MacOSx (Users --> userMac , IP - a.b.c.d) 2. FreeBSD (Users --> userBSD, IP- p.q.r.s) I want to modify some files of FreeBSD on my MacOS. So, I mounted the FreeBSD folder on my Mac as follows. $ sudo mount -o -P p.q.r.s:/usr/home/user... (5 Replies)
Discussion started by: akash.mahakode
5 Replies

7. UNIX for Advanced & Expert Users

EACCES "Permission denied" while open(2)

guest@ulidtko:~$ id uid=126(guest) gid=134(guest) groups=134(guest) guest@ulidtko:~$ ls -ld /home drwxr-xr-x 8 root root 4096 May 12 19:47 /home guest@ulidtko:~$ ls -l /home ls: cannot open directory /home: Permission denied guest@ulidtko:~$ cat /proc/mounts rootfs / rootfs rw 0 0... (4 Replies)
Discussion started by: ulidtko
4 Replies

8. UNIX for Dummies Questions & Answers

changing password with sudo user " permission denied"

HI All, I am using solaris i created a user adam and updated his permissions in vi sudoers file as follows adam ALL=(ALL) NOPASSWORD: ALL ........... when i create user by logging as sudo user . $ sudo useradd -d /home/kalyan -m -s /bin/sh kalyan sudo: not found ... (6 Replies)
Discussion started by: kalyankalyan
6 Replies

9. UNIX for Advanced & Expert Users

permission denied for ". " (dot space)

Hi, When I try to run a script with ". "(dot space) in my home, it gives me error ".: Permission denied". Any explanation for this behaviour? Thanks in advance, -Ashish (3 Replies)
Discussion started by: shriashishpatil
3 Replies

10. Shell Programming and Scripting

screen throws "permission denied"

Hi all, i've got problem in running a script in background... i have written a script, and i want to run it everytime i log in, but when i log off i want the script to stay (i watch not to run two scripts at one time in the script). so as a normal user i want to do: $ screen my_script & ... (6 Replies)
Discussion started by: miechu
6 Replies
Login or Register to Ask a Question

LEARN ABOUT PLAN9

audit_user

audit_user(4)							   File Formats 						     audit_user(4)

NAME

       audit_user - per-user auditing data file

SYNOPSIS

       /etc/security/audit_user

DESCRIPTION

       audit_user  is  an  access-restricted  database that stores per-user auditing preselection data. You can use the audit_user file with other
       authorization sources, including the NIS map audit_user.byname and the NIS+ table audit_user. Programs use the getauusernam(3BSM)  routines
       to access this information.

       The  search order for multiple user audit information sources is specified in the /etc/nsswitch.conf file. See nsswitch.conf(4). The lookup
       follows the search order for passwd(4).

       The fields for each user entry are separated by colons (:). Each user is separated from the next by a newline.  audit_user  does  not  have
       general read permission. Each entry in the audit_user file has the form:

       username:always-audit-flags:never-audit-flags

       The fields are defined as follows:

       username 	       User's login name.

       always-audit-flags      Flags specifying event classes to always audit.

       never-audit-flags       Flags specifying event classes to never audit.

       For a complete description of the audit flags and how to combine them, see audit_control(4).

EXAMPLES

       Example 1: Using the audit_user File

       other:lo,am:io,cl
       fred:lo,ex,+fc,-fr,-fa:io,cl
       ethyl:lo,ex,nt:io,cl

FILES

       /etc/nsswitch.conf

       /etc/passwd

       /etc/security/audit_user

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     | See below		   |
       +-----------------------------+-----------------------------+

       The file format stability is evolving. The file content is unstable.

SEE ALSO

       bsmconv(1M), getauusernam(3BSM), audit_control(4), nsswitch.conf(4), passwd(4)

NOTES

       This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

SunOS 5.10							    2 Jan 2003							     audit_user(4)