(long) bsmconv / auditing questions
From: Birl (sbirl_at_temple.edu)
Date: 10/29/03
- Previous message: Bryan Guest, BMI Internet: "A1000/RM6 refuses to create new LUN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 29 Oct 2003 13:21:07 -0500 (EST) To: sunmanagers@sunmanagers.org
Luckily I have my own Solaris 9 Ultra 10 to learn from ....
After reading the message below (previously posted here) I decieded to
enable BSM to see how it works.
Now Im reading through docs.sun.com to learn more about it, and
I havent found much help from the SunManager archives, and nothing from
the FAQ.
So Im still lost on how to configure auditing to it's fullest. I at least
know that 'praudit' will let me read the log files.
The situation is this: my personal account
% id -a
uid=100(sbirl) gid=14(sysadmin) groups=14(sysadmin)
has been effectively cut-off from executing several basic commands such as
'pwd' and 'man'. Also after logging in via ssh I get these errors:
"
tcsh: Permission denied
tcsh: Trying to start from "/export/home/sbirl"
/bin/cat: Permission denied.
/bin/mail: Permission denied.
"
(and a 'grep -w cat ~/.??*' returned nothing, so I cannot figure out
what's executing 'cat'.)
----------
% man kill
getcwd: Permission denied
% pwd
pwd: cannot determine current directory!
----------
Not a serious problem since I control root, but Im not sure what else
might be breaking. I dont want to disable BSM, unless I really have to.
Id rather conquer it.
One problem Ive noticed with root is this:
when executing 'tcsh' and reading .tcshrc, I receive:
-----
/bin/uptime: cannot find/execute "uptime" in ISA subdirectories
-----
I could not find a solution in the archives about it.
For me the man pages on audit_control(4) and auditconfig(1M) are baffling.
For starters, how can I allow such basic commands to begin executing for
my personal account again?
Also I want to being auditing the movements of a specific user named
'pine'. I added to /etc/security/audit_user the following:
-----
pine:all:no
-----
and then executed 'audit -s'. Now I have to play with that account to see
what happens.
Thanks. Will summarize.
Scott Birl
Senior Systems Administrator Computer Services Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*
NOTE: Im only a peon with NO buying or decision-making power.
Do NOT spam or telemarket me about SUN products or services.
Procmail is my friend. And so is my ability to -HUP my phone.
---------- Forwarded message ----------
Return-Path: <sunmanagers-bounces@sunmanagers.org>
Sender: sunmanagers-bounces@sunmanagers.org
Date: Fri, 10 Oct 2003 05:54:52 -0700 (PDT)
From: Reggie Beavers <reggiebeavers@fstha.com>
To: "'sunmanagers@sunmanagers.org'" <sunmanagers@sunmanagers.org>
Subject: SUMMARY: ACL Logging?
Thank you:
-------------
Jay Lessert
Rich Teer
Original question:
> Does anyone know of a way to log attempts to access a
> directory under Solaris 8?
By enabling the Basic Security Module (bsmconv), you
can perform user level auditing which includes file
access. In /etc/security/audit_users, eg:
username:fr:no
More info at 'man audit'
Regards,
-- Reggie Beavers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Bryan Guest, BMI Internet: "A1000/RM6 refuses to create new LUN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
