Hi,
I am trying to setup our BSM auditing where a member of the security team is able to do auditing. I currently have a security group/role setup with auditing enabled. The issue I am having is everything that goes intot he /var/audit has root root 600 permissions. I do not want to give the audit team root access and everytime they run a praudit they get a praudit Can't assign (log name) to stdin. If I manually change the group permissons it works fine, but I would like to know if there is a way they can run their audit commands without changing any file permissions.
I am sure I am overcomplicating my solution and there has to be an easy way to do this. Any help with this would be greatly appreciated.
I am trying to setup our BSM auditing where a member of the security team is able to do auditing. I currently have a security group/role setup with auditing enabled. The issue I am having is everything that goes intot he /var/audit has root root 600 permissions. I do not want to give the audit team root access and everytime they run a praudit they get a praudit Can't assign (log name) to stdin. If I manually change the group permissons it works fine, but I would like to know if there is a way they can run their audit commands without changing any file permissions.
I am sure I am overcomplicating my solution and there has to be an easy way to do this. Any help with this would be greatly appreciated.