Login or Register to Ask a Question and Join Our Community


Solaris

Solaris 9 Auditing

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Solaris 9 Auditing
# 1  
Old 04-29-2008
Solaris 9 Auditing
How do I setup audit to alert on write conditions for individual files? Thanks.
# 2  
Old 04-29-2008
Less known Solaris features: Auditing - c0t0d0s0.org
Thanks to Joerg Moellenkamp for this outstanding work!
# 3  
Old 05-12-2008
Quote:
Originally Posted by dxs
How do I setup audit to alert on write conditions for individual files? Thanks.
Unfortunately you can not audit individual files, it is all or nothing. The only way to filter it is to do it per user, using the audit_user file.

We have a short description here on how to audit file deletions, and if you replace fd with fm you audit file modifications, i.e. file writes and any change to the file meta data.
# 4  
Old 11-24-2008
The link to the how to audit file deletions is broken. Is it available somewhere else?

I managed to get auditd to log file deletions but it also logged file creations as well. I'm only interested in file deletions for a particular user and trying to keep the log file as small as possible.

audit_control
-------------
dir:/var/audit
flags:
minfree:20
naflags:lo

audit_user
----------
root:lo:no
user1:lo,fd:no

Shouldn't only login/logout activities for root and user1 along with file deletions from user1 get logged? Why do file creations get logged as well? Any pointer is greatly appreciated.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

Exclude an specific directory for auditing in Solaris 10

Hello, Im glad to become a member of this forums, Im new on solaris and recentrly im introducing to use auditing service in that system. The need is, that I need how to exclude a directory to the audit service not audit it. And, a plus, I need of how to disable auditing the root user in... (0 Replies)
Discussion started by: sysh4ck
0 Replies

2. Cybersecurity

Solaris Auditing: Newly specified events not being logged

Hi all I'm busy testing auditing on Solaris 10. I am using the syslog plugin to get real time view of what's happening on the system. Initially I am only monitoring lo events. The audit_control file looked like this: dir:/var/audit flags:lo minfree:20 naflags:lo... (1 Reply)
Discussion started by: notreallyhere
1 Replies

3. Solaris

Solaris user auditing

Hello, I was wondering when Solaris auditing is enabled, If it is possible to keep track of users that are allowed to sudo to root. In other words, I would like to know which user did what on my Solaris box. (assumig that user can "sudo su -" ) Thanks. (2 Replies)
Discussion started by: niyazi
2 Replies

4. Shell Programming and Scripting

user auditing

Hello, is there some way to track what shell commands some user is executing ? Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ... I have 2.6.13-1.1526_FC4smp (9 Replies)
Discussion started by: tonijel
9 Replies

5. UNIX for Advanced & Expert Users

Solaris auditing (file access logging) for specific directory only.

Hello, We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies

6. UNIX for Advanced & Expert Users

File Auditing in Sun Solaris environment

Hi All, I have a requirement to report us on changing a group of static files. Those are the binary files that run in Production every day. Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code. ... (1 Reply)
Discussion started by: mohan_kumarcs
1 Replies

7. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

8. UNIX for Dummies Questions & Answers

solaris BSM and Auditing

Hi Guys, I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please. this is the config of the audit files: audit_conto # Copyright... (18 Replies)
Discussion started by: skywalker850i
18 Replies

9. UNIX for Dummies Questions & Answers

File auditing

Hello everbody: I have a file on the system, I need to check who was the last user who accessed or modified it, and if i can get any further details i can get like IP or access time,etc. do you have any idea about simple concept or way i can do that in unix tru64 or solaris 9? thanks in advance... (2 Replies)
Discussion started by: aladdin
2 Replies
Login or Register to Ask a Question