Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Auditing tools 1
- Thread starter moniema
- Start date
-
1
- #2
julianbarnett
Technical User
Solaris OS incorporates auditing functionality but it needs to be tailored and turned on.
The command bsmconv turns on the auditing function but planning is needed to determine what you need to audit. See the man page for audit_control and sun docs website for details. Auditing can track log in / out, file creation, modification, deletion , system calls and so on. Note a high level of auditing will have an affect on system performance and also require considerable disk space for log files.
Another product which provides key stroke logging is Axent UPM
Some form of logging is also available by examining users session history files and last login times.
All of these methods only work if users have seperate accounts, if many users all have access to the same account and password these techniques cannot be applied. Axent overcomes this with the idea of a priviledged run command which allows, for instance, users to su to root but still logs actions against their original login ID. This assumes that direct login to root or another priviledged account is disabled (or severely restricted).
The command bsmconv turns on the auditing function but planning is needed to determine what you need to audit. See the man page for audit_control and sun docs website for details. Auditing can track log in / out, file creation, modification, deletion , system calls and so on. Note a high level of auditing will have an affect on system performance and also require considerable disk space for log files.
Another product which provides key stroke logging is Axent UPM
Some form of logging is also available by examining users session history files and last login times.
All of these methods only work if users have seperate accounts, if many users all have access to the same account and password these techniques cannot be applied. Axent overcomes this with the idea of a priviledged run command which allows, for instance, users to su to root but still logs actions against their original login ID. This assumes that direct login to root or another priviledged account is disabled (or severely restricted).
- Status
