Login or Register to Ask a Question and Join Our Community


Solaris

Limit Audited directories

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Limit Audited directories
# 1  
Old 01-14-2015
Limit Audited directories
Hi all,
I'm currently engaged for the first time with solaris audit.
There is the need to monitor action on files in specific directories which is something i was unable to find and documentation for.
Can anyone offer any suggestions or workarounds?

Thanx a lot
# 2  
Old 01-14-2015
That is not possible (per file or directory).

But it is possible to have auditing on for files (f[rwdc] classes) for specific user and using auditreduce extract the information then parse with grep/awk/perl to extract the specific information into plaintext file.

This can be done, of course, from cron or at.
# 3  
Old 01-14-2015
Quote:
Originally Posted by Peasant
That is not possible (per file or directory).

But it is possible to have auditing on for files (f[rwdc] classes) for specific user and using auditreduce extract the information then parse with grep/awk/perl to extract the specific information into plaintext file.

This can be done, of course, from cron or at.
Thanks for the quick reply,
I was thinking as an alternative to monitor the files opened by applications (you need to run a process to deal with a file right?) using the ex class together with argv.
Does it sound reasonable ?
# 4  
Old 01-14-2015
ex class will monitor exec and execve system calls and audit those.

Be careful if your apps are running as root (which they should not), since auditing every root exec or execve call will generate alot of logs.

Other then that argv will also audit everything that is passed to program as an argument.

Sounds reasonable if that is what you want to audit and it is ran by user not root.

Of course, test it, don't deploy auditing on production system before careful testing on test systems. Experiment with various classes to achive the needed results, then go forward.

If deployed wrong, it can halt your system if, for instance, there is no space left for audit logs (if configured like that).

Handle with care Smilie
# 5  
Old 01-14-2015
Quote:
Originally Posted by Peasant
ex class will monitor exec and execve system calls and audit those.

Be careful if your apps are running as root (which they should not), since auditing every root exec or execve call will generate alot of logs.

Other then that argv will also audit everything that is passed to program as an argument.

Sounds reasonable if that is what you want to audit and it is ran by user not root.

Of course, test it, don't deploy auditing on production system before careful testing on test systems. Experiment with various classes to achive the needed results, then go forward.

If deployed wrong, it can halt your system if, for instance, there is no space left for audit logs (if configured like that).

Handle with care Smilie
Thanks again, but what if the files are opened by a deamon, ie httpd forking to load an html, will ex catch them too?
# 6  
Old 01-14-2015
Yes it should.

Take a look at this :
Fork-exec - Wikipedia, the free encyclopedia

Best way is to test it to make sure.

Regards
Peasant.
This User Gave Thanks to Peasant For This Post:
gowron
# 7  
Old 01-14-2015
Tracing execs and examining arg lists will not capture interactive file editing. For example:
Code:
vi unaudited_file
:e audited_file

Tracing file accesses (as Peasant suggested in post#2 in this thread) would enable you to find out who accessed (or modified) audited_file; tracing execs and arg lists will not see that audited_file was referenced.
This User Gave Thanks to Don Cragun For This Post:
gowron
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

Giving read write permission to user for specific directories and sub directories.

I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. This is for Solaris. Please help. (1 Reply)
Discussion started by: blinkingdan
1 Replies

2. UNIX for Dummies Questions & Answers

List the directories, having given pattern in the directories name, sorted by creation date

It is for HP-Unix B.11.31. Requirement: 1. List the directories, having given pattern in the directories name, sorted by creation date. Example: Directories with name "pkg32*" or "pkg33*" 2. On the output of 1. list the directories by creation date as sort order, with creation date... (2 Replies)
Discussion started by: Siva SQL
2 Replies

3. Shell Programming and Scripting

How to list all the files, directories and sub-directories in the current path except one directory?

Can anyone come up with a unix command that lists all the files, directories and sub-directories in the current directory except a folder called log.? Thank you in advance. (7 Replies)
Discussion started by: Manjunath B
7 Replies

4. Solaris

Limit: stacksize: Can't remove limit

Hi all, I'm using to Solaris machine. When I run a simple script this messenger come out:"limit: stacksize: Can't remove limit". Any one know the way to resolve this problem without reboot the machine? Thanks in advance. (3 Replies)
Discussion started by: Diabolist9
3 Replies

5. UNIX for Dummies Questions & Answers

Using grep command to find the pattern of text in all directories and sub-directories.

Hi all, Using grep command, i want to find the pattern of text in all directories and sub-directories. e.g: if i want to search for a pattern named "parmeter", i used the command grep -i "param" ../* is this correct? (1 Reply)
Discussion started by: vinothrajan55
1 Replies

6. Shell Programming and Scripting

How to list all the directories, sub directories in a mount along with size in ascending order?

Hi , I am very new to unix as well as shell scripting. I have to write a script for the following requirement. In a particular mount, have to list all the directories and sub directories along with size of the directory and sub directory in ascending order. Please help me in this regard and many... (4 Replies)
Discussion started by: nmakkena
4 Replies

7. Shell Programming and Scripting

Check space of directories and send email if it has reached threshold limit

Hi, I need help in writing unix script for checking space of some directories on the system and also send an email when it reaches the threshold limit. I have written the followng code; #!/bin/ksh ADMIN="me@somewhere.com" # set alert level 80% is default THRESHOLD=80 df | grep -E... (5 Replies)
Discussion started by: jmathew99
5 Replies

8. Shell Programming and Scripting

Script for parsing directories one level and finding directories older than n days

Hello all, Here's the deal...I have one directory with many subdirs and files. What I want to find out is who is keeping old files and directories...say files and dirs that they didn't use since a number of n days, only one level under the initial dir. Output to a file. A script for... (5 Replies)
Discussion started by: ejianu
5 Replies

9. Shell Programming and Scripting

check if multiple directories exist else create missing directories

Hi , I 'm trying to check if multiple directories exist on a server, if not create the missing ones and print " creating missing directory. how to write this in a simple script, I have made my code complex if ; then taskStatus="Schema extract directory exists, checking if SQL,Count and... (7 Replies)
Discussion started by: ramky79
7 Replies
Login or Register to Ask a Question