Login or Register to Ask a Question and Join Our Community


Solaris

Auditing Individual Files

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Auditing Individual Files
# 1  
Old 08-08-2012
Auditing Individual Files
I have some Solaris 9 systems and I'm interested in using the "fm" audit class to track changes to sensitive files but it's too verbose for it to be auditing to that level for EVERY file, so I was wondering if there were a way of restricting the audit of those events to particular files.

I thought about using Host-based IDS but I think that would lose information we need about the who of the change.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Auditing device files

I am trying to see what commands are typed in my terminal and serial port. For that I am using auditd daemon which helps me in auditing files. I thought of a creating audit rules on /dev/tty and /dev/ttyAMA0 for seeing whats happening on terminal and serial device respectively. auditctl... (0 Replies)
Discussion started by: pavithra04
0 Replies

2. Programming

Python Reading Individual files and Regex through them

As a newbie to Python, I am trying to write a script in which is will add all the log files (*.log) from within a directory to a list, open the files and search for an ip using a regex and single it out (appending the ip's to the list). So far, I have: import re, os def list_files() content = ... (4 Replies)
Discussion started by: metallica1973
4 Replies

3. Shell Programming and Scripting

Grep multiple terms and output to individual files

Hi all, I'll like to search a list of tems in a huge file and then output each of the terms to individual files. I know I can use grep -f list main.file to search them but how can I split the output into individual files? Thank you. (6 Replies)
Discussion started by: ivpz
6 Replies

4. Shell Programming and Scripting

Executing a batch of files within a shell script with option to refire the individual files in batch

Hello everyone. I am new to shell scripting and i am required to create a shell script, the purpose of which i will explain below. I am on a solaris server btw. Before delving into the requirements, i will give youse an overview of what is currently in place and its purpose. ... (2 Replies)
Discussion started by: goddevil
2 Replies

5. Shell Programming and Scripting

Unpack individual files from tarball

Say you don't want to unpack the whole thing, just individual files or directories within a .tgz. How to do this? (1 Reply)
Discussion started by: stevensw
1 Replies

6. Shell Programming and Scripting

Apply 'awk' to all files in a directory or individual files from a command line

Hi All, I am using the awk command to replace ',' by '\t' (tabs) in a csv file. I would like to apply this to all .csv files in a directory and create .txt files with the tabs. How would I do this in a script? I have the following script called "csvtabs": awk 'BEGIN { FS... (4 Replies)
Discussion started by: ScKaSx
4 Replies

7. Shell Programming and Scripting

Turning CSV files into individual Variables

I want to be able to convert the following data from a CSV into individual variables from the columns 2 4 and 8 I can use awk to grab the columns using var1=`cat text.csv | awk "," '{print $2}'` but how do I create separate variables for each line. 595358 ,ECON1010 ,THU ,08:00 - 10:00 ,11 Mar... (6 Replies)
Discussion started by: domsmith
6 Replies

8. AIX

missing blank spaces while cutting the file to individual files

$ indicates blank space file1.txt: 001_AHaris$$$$$020$$$$$$$$$ 001_ATony$$$$$$030$$$$$$$$$ 002_AChris$$$$$090$$$$$$$$$ 002_ASmit$$$$$$060$$$$$$$$$ 003_AJhon$$$$$$001$$$$$$$$$ $ indicates blank space code while read "LINE"; do echo "$LINE" | cut -c6- >> $(echo "$LINE" | cut... (1 Reply)
Discussion started by: techmoris
1 Replies

9. Shell Programming and Scripting

batch shell script to zip individual files in directory - help

help trying to figure out a batch shell script to zip each file in a directory into its own zip file using this code but it does not work tryed this also nothing seems to work , just ends without zipping any files i have over 3000 files i need to zip up individualy ... (7 Replies)
Discussion started by: wingchun22
7 Replies

10. UNIX for Dummies Questions & Answers

Create individual tgz files from a set of files

Hello I have a ton of files in a directory of the format app.log.2008-04-04 I'd like to run a command that would archive each of these files as app.log.2008-04-04.tgz I tried a few combinations of find with xargs etc but no luck. Thanks Amit (4 Replies)
Discussion started by: amitg
4 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

auditd

auditd(1M)						  System Administration Commands						auditd(1M)

NAME

       auditd - audit daemon

SYNOPSIS

       /usr/sbin/auditd

DESCRIPTION

       The audit daemon, auditd, controls the generation and location of audit trail files and the generation of syslog messages based on the def-
       initions in audit_control(4). If auditing is enabled, auditd reads the audit_control file to do the following:

	   o	  reads the path to a library module for realtime conversion of audit data into syslog messages;

	   o	  reads other parameters specific to the selected plugin or plugins;

	   o	  obtains a list of directories into which audit files can be written;

	   o	  obtains the percentage limit for how much space to reserve on each filesystem before changing to the next directory.

       audit(1M) is used to control auditd. It can cause auditd to:

	   o	  close the current audit file and open a new one;

	   o	  close the current audit file, re-read /etc/security/audit_control and open a new audit file;

	   o	  close the audit trail and terminate auditing.

   Auditing Conditions
       The audit daemon invokes the program audit_warn(1M) under the following conditions with the indicated options:

       audit_warn soft pathname

	   The file system upon which pathname resides has exceeded the minimum free space limit defined in audit_control(4). A  new  audit  trail
	   has been opened on another file system.

       audit_warn allsoft

	   All available file systems have been filled beyond the minimum free space limit. A new audit trail has been opened anyway.

       audit_warn hard pathname

	   The	file  system  upon  which  pathname resides has filled or for some reason become unavailable. A new audit trail has been opened on
	   another file system.

       audit_warn allhard count

	   All available file systems have been filled or for some reason become unavailable. The audit daemon will repeat this call to audit_warn
	   at  intervals  of  at  least twenty seconds until space becomes available. count is the number of times that audit_warn has been called
	   since the problem arose.

       audit_warn ebusy

	   There is already an audit daemon running.

       audit_warn tmpfile

	   The file /etc/security/audit/audit_tmp exists, indicating a fatal error.

       audit_warn nostart

	   The internal system audit condition is AUC_FCHDONE. Auditing cannot be started without rebooting the system.

       audit_warn auditoff

	   The internal system audit condition has been changed to not be AUC_AUDITING by someone other than the audit	daemon.  This  causes  the
	   audit daemon to exit.

       audit_warn postsigterm

	   An error occurred during the orderly shutdown of the auditing system.

       audit_warn getacdir

	   There is a problem getting the directory list from /etc/security/audit/audit_control.

	   The audit daemon will hang in a sleep loop until this file is fixed.

FILES

       /etc/security/audit/audit_control

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed 		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       audit(1M), audit_warn(1M), bsmconv(1M), praudit(1M), auditon(2), audit.log(4), audit_control(4), attributes(5)

       See the section on Solaris Auditing in System Administration Guide: Security Services.

NOTES

       The  functionality  described in this man page is available only if the Solaris Auditing feature has been enabled. See bsmconv(1M) for more
       information.

       auditd is loaded in the global zone at boot time if auditing is enabled. See bsmconv(1M).

       If the audit policy perzone is set, auditd runs in each zone, starting automatically when the local zone boots. If a zone is  running  when
       the  perzone policy is set, auditing must be started manually in local zones. It is not necessary to reboot the system or the local zone to
       start auditing in a local zone. auditd can be started with "/usr/sbin/audit -s" and will start automatically with future boots of the zone.

       When auditd runs in a local zone, the configuration is  taken  from  the  local	zone's	/etc/security  directory's  files:  audit_control,
       audit_class, audit_user, audit_startup, and audit_event.

       Configuration  changes do not affect audit sessions that are currently running, as the changes do not modify a process's preselection mask.
       To change the preselection mask on a running process, use the -setpmask option of the auditconfig command  (see	auditconfig(1M)).  If  the
       user logs out and logs back in, the new configuration changes will be reflected in the next audit session.

SunOS 5.11							    29 Apr 2008 							auditd(1M)