Re: Program Logging.
dpuryear_at_usa.net
Date: 05/15/04
- Previous message: dpuryear_at_usa.net: "Re: who have execute a command!"
- In reply to: contextswitch: "Re: Program Logging."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 May 2004 20:56:49 -0500
On 14 May 2004 07:10:45 -0700, mforte3@bloomberg.net (contextswitch)
wrote:
>Thanks for the replies.
>What I have found so far:
>On Solaris BSM auditing tool provides everything all nice and neat.
>On AIX neither accounting or auditing record args, only thing that I
>have found to generate arg info is trace. Trace generates huge logs
>though, and does not provide a timestamp GID or UID. I am attempting
>to parse trace logs and audit logs and correlate the two. Once I get
>that resolved I will look into HP-UX.
>I hope HP auditing/accounting is more flexible then AIX.
Okay, well now I'm going to sound like a flack for Symark, but I
wonder if PowerBroker can't help with this as well? Or competing
products? Look for something specifically geared toward administrative
auditing.
Alternatively, you could consider writing a sudo wrapper that must be
used to execute privileged commands. The wrapper would record the
required information and then launch the desired application. This
however would require that you bump everyone out of root and enforce
strict access via the sudo wrapper. Fun politics but very beneficial.
--- Puryear Information Technology, LLC Baton Rouge, LA 225-343-3056 http://www.puryear-it.com Author of "Best Practices for Managing Linux and UNIX Servers" Download your free copy: http://www.puryear-it.com/bestpractices_ebook.htm
- Previous message: dpuryear_at_usa.net: "Re: who have execute a command!"
- In reply to: contextswitch: "Re: Program Logging."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
