Solaris 10 BSM Auditing help
- From: "BrandonMonster" <brandon.wheaton@xxxxxxxxx>
- Date: 8 Jan 2007 17:13:46 -0800
Hello,
I am new to Solaris 10 and I am seeking some assistance with the
following auditing configuration in Solaris 10.
1. I would like to know if it is possible to edit the audit classes
(lo,fm,ad, etc) on the fly via command line rather than having to edit
the the audit_control file manually. The reason for this is that I am
using RBAC and the security role has permissions to "audit review" and
"audit control" but not to edit the audit_control file or
stop/start/restart services. If there is another way around this, I am
certainly open to alternative solutions.
2. I am unable to get any changes I make to the audit classes in the
audit_control file registered into the auditing sub-system. If I edit
the audit_control file as root then issue an audit -s and do an
"auditconfig -getaudit" I do not see that the changes have taken
effect. (eg - flags:lo,ua,fm and nflags:lo,ua,fm). I have tried an
"auditconfig -conf" and "auditconfig -aconf" as well to no avail. I
have even stopped and started the audit daemon (svcadm disable/enable
system/auditd) with no luck. The only way I can get a change (addition
or removal of audit classes) to the audit_control file to take effect
is to reboot the system and this, of course is not ideal at all.
Any advice is very much appreciated.
Thank you,
B. Wheaton
Originally a Solaris Admin
Briefly an HP-UX admin
Glad to be back into Solaris!
.
- Prev by Date: Re: report file modification
- Next by Date: Authentication architecture on a Unix Network
- Previous by thread: report file modification
- Next by thread: Authentication architecture on a Unix Network
- Index(es):
Relevant Pages
|
|
