8 More Discussions You Might Find Interesting
1. Linux
When unlocking a Linux server's console there's no event indicating successful logging
Is there a way I can fix this ?
I have the following in my rsyslog.conf
auth.info /var/log/secure
authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies
2. Solaris
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies
3. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
4. Solaris
What files are in this directory? Are they files that tell you what events have been performed on the system for the day? Also, I am searching in one of these files for a Permission Denied entry. How do I go about searching for this entry in these files if they are so huge and cannot display on my... (2 Replies)
Discussion started by: jastanle84
2 Replies
5. Post Here to Contact Site Administrators and Moderators
Hi Everyone. First, I want to thank all of you for letting me participate in this great group.
I am having a bit of a problem.
After I get an email from a responder, I login to make my reply.
In the mean time I get another response by email from another member, I go to reply to them and I... (6 Replies)
Discussion started by: Ccccc
6 Replies
6. UNIX for Advanced & Expert Users
Dear Experts,
I would like to know whether there are any tools available to view the Security Audit Trail files (SAT) in UNIX in a easier and customized way. If there is any similar type of S/W is available, please let me know.
Thanks,
Aswin (1 Reply)
Discussion started by: na100006
1 Replies
7. UNIX for Dummies Questions & Answers
Hello,
I'm trying to login to an Oracle databse without entering the user/passwd. The server resides on an AIX 5.1 system, and using LDAP. I'm entering the following command
>sqlplus / @ORACLE_SID
This should work but for some odd reason I get a login denied.
But if I enter the user id... (1 Reply)
Discussion started by: ctcuser
1 Replies
8. Cybersecurity
I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand:
1. How to review the existing unix system or audit for the settings?
2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies
AUDIT(4) BSD Kernel Interfaces Manual AUDIT(4)
NAME
audit -- Security Event Audit
SYNOPSIS
options AUDIT
DESCRIPTION
Security Event Audit is a facility to provide fine-grained, configurable logging of security-relevant events, and is intended to meet the
requirements of the Common Criteria (CC) Common Access Protection Profile (CAPP) evaluation. The FreeBSD audit facility implements the de
facto industry standard BSM API, file formats, and command line interface, first found in the Solaris operating system. Information on the
user space implementation can be found in libbsm(3).
Audit support is enabled at boot, if present in the kernel, using an rc.conf(5) flag. The audit daemon, auditd(8), is responsible for con-
figuring the kernel to perform audit, pushing configuration data from the various audit configuration files into the kernel.
Audit Special Device
The kernel audit facility provides a special device, /dev/audit, which is used by auditd(8) to monitor for audit events, such as requests to
cycle the log, low disk space conditions, and requests to terminate auditing. This device is not intended for use by applications.
Audit Pipe Special Devices
Audit pipe special devices, discussed in auditpipe(4), provide a configurable live tracking mechanism to allow applications to tee the audit
trail, as well as to configure custom preselection parameters to track users and events in a fine-grained manner.
SEE ALSO
auditreduce(1), praudit(1), audit(2), auditctl(2), auditon(2), getaudit(2), getauid(2), poll(2), select(2), setaudit(2), setauid(2),
libbsm(3), auditpipe(4), audit.log(5), audit_class(5), audit_control(5), audit_event(5), audit_user(5), audit_warn(5), rc.conf(5), audit(8),
auditd(8), auditdistd(8)
HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
Support for kernel audit first appeared in FreeBSD 6.2.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
This manual page was written by Robert Watson <rwatson@FreeBSD.org>.
BUGS
The FreeBSD kernel does not fully validate that audit records submitted by user applications are syntactically valid BSM; as submission of
records is limited to privileged processes, this is not a critical bug.
Instrumentation of auditable events in the kernel is not complete, as some system calls do not generate audit records, or generate audit
records with incomplete argument information.
Mandatory Access Control (MAC) labels, as provided by the mac(4) facility, are not audited as part of records involving MAC decisions.
BSD
May 31, 2009 BSD