Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

RBAC logging

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users RBAC logging
# 1  
Old 02-15-2006
RBAC logging
Hi gurus:
I have not come accross any links on the internet that shows how to set up logging in RBAC and also is it possible to get the granularity and simplicity of sudo logging in RBAC. I have heard that RBAC logs are complicated to read and not as simple and granular as sudo logs.

Your help is appreciated.

Regards,

GR
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

2. AIX

Disable RBAC - AIX

Hi all, i have a little problem... I have a Trusted AIX v. 6.1 installed on my system p. I can't disable RBAC mode... $ lsattr -El sys0 -a enhanced_RBAC enhanced_RBAC true Enhanced RBAC Mode True $ chdev -l sys0 -a enhanced_RBAC=false Method error (/usr/lib/methods/chggen): 0514-018... (3 Replies)
Discussion started by: Zio Bill
3 Replies

3. Solaris

RBAC & Logging

I'm trying to set up RBAC, and I need to know where the logs for RBAC are. I'm using Solaris 10 as my OS. I've been reading a lot of documents online and just can't seem to find where the related logs are. My problem is I need to be able to track a user when they su to a role profile, and... (2 Replies)
Discussion started by: bitlord
2 Replies

4. HP-UX

RBAC question

hi every one i tried rbac and i made 1- role called GizaRoot 2- group called gizagroup 3- added privlage autherization called "m.k" /usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt: i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies

5. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

6. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

7. AIX

RBAC in 5.3 Question

I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies

8. Shell Programming and Scripting

Automating RBAC with IF/Then statement

what would be easier to automate a script if/then ? (0 Replies)
Discussion started by: deaconf19
0 Replies

9. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

10. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

acps.conf

acps.conf(4)						     Kernel Interfaces Manual						      acps.conf(4)

NAME

       acps.conf - configuration file for the Access Control Policy Switch (ACPS)

SYNOPSIS


DESCRIPTION

       The  ACPS configuration file controls which modules are consulted for making an access control decision, the order in which the modules are
       consulted, and the rules for combining their responses to return a result back to the application.

   Syntax and Default Behavior
       The file consists of one or more entries in the following format:

       Whitespace in these entries is combined into a single blank (" ") character and removed from the beginning and end of each field.  If  mul-
       tiple flags are specified, they should be separated with a comma character.

       The individual parameters are defined as follows:

	      The label provides a human-readable name for the module entry.

	      The module name identifies the actual shared library to load to effect
			     the  authorization decision.  The module name is specified without a path or a suffix (for example, both of which are
			     assumed from the architecture.

	      The arguments are defined by the module (that is, module dependent) and are
			     used to provide additional configuration flexibility.

	      The	     field is used to modify the switch's behavior in interpreting the results of the module.  See for	more  details  and
			     possible values for this field.

       The  order  of  the entries in the acps.conf file denote the order in which the modules should be called to perform the access check.  Each
       entry is called in turn until an "authoritative result code" is returned.  In the currently  defined  result  code,  everything	except	is
       authoritative.  Once an authoritative result code is returned by a decision provider module, the code is returned immediately to the appli-
       cation.	If is returned, the module is ignored and the next module is referenced.

       is returned to the application if no module returns an authoritative result.

   Entry Flags
       In some cases, the default rules for ordering access requests and combining results do not behave as expected  for  a  particular  decision
       provider module.  In this case, it is possible to affect the processing of the ACPS by specifying one or more of the pre-defined flags.	If
       you specify multiple flags, you should separate them with a comma character.

       There is currently only one flag recognized by the switch.  The following flag may be specified on a per-module basis:

       Short for 'non-authoritative', this flag is used for policy modules that always return
		       authoritative responses, even when they should not.  Specifically, modifies the processing of the entry such that a  return
		       of  The	effect	of  this  is that multiple modules may be stacked with this flag, such that if any module returns then the
		       switch returns

EXAMPLES

       The following is an example configuration file.	Lines that begin with the symbol are treated as comments, and therefore ignored.

       # First, attempt to satisfy access request using custom
       # module, (e.g. granting all users access to a particular
       # object foo, but only between 9am - 5pm).  The custom
       # module verifies the time and that the object matches
       # the specified argument. (In this case, "foo".)  If this
       # module returns ACPS_DENY, keep going to the next entry
       # rather than just returning deny to the application.
       HP-UX RBAC : libacpm_timebased : foo : NONATTV

       # If custom rule does not match, use default local RBAC
       # rule processing
       HP-UX RBAC : libacpm_hpux_rbac : :

SEE ALSO

       acps(3), acps_api(3), acps_spi(3).

																      acps.conf(4)