BSM auditing error.
From: jason kappy (jasonkappy_at_yahoo.com)
Date: 05/31/05
- Previous message: Chris Hoogendyk: "fssnap: ioctl: error 16: Device busy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 31 May 2005 11:49:01 -0700 (PDT) To: sunmanagers@sunmanagers.org
Hello Gurus,
I am trying to enable BSM auditing and the
system is
SunOS sunkist 5.8 Generic_108528-21 sun4u sparc
SUNW,Ultra-60
Here are few lines of the error I am getting when I
run
auditconfig -chkconf
____________________________________________________________
AUE_EXIT(1): CLASS MISMATCH: runtime class (no) !=
configured class (ps)
AUE_FORK(2): CLASS MISMATCH: runtime class (no) !=
configured class (ps)
AUE_CREAT(4): CLASS MISMATCH: runtime class (no) !=
configured class (fc)
AUE_LINK(5): CLASS MISMATCH: runtime class (no) !=
configured class (fc)
AUE_UNLINK(6): CLASS MISMATCH: runtime class (no) !=
configured class (fd)
____________________________________________________________
audit_control:
dir:/usr/audit
flags:lo
minfree:5
naflags:lo,ad
audit_user:
root:lo,as,na,ex:no,fr,fw,fa,fm,fc,fd,cl,nt,ip,ap,ss,ua,am,aa,ad,ps,pm,pc,io,ot
After I set this up successfully, I want to add all
the application user accounts to audit_user file and
disable all the auditing. Please corretc me if this
entry is wrong.
someuser::lo,as,na,ex,no,fr,fw,fa,fm,fc,fd,cl,nt,ip,ap,ss,ua,am,aa,ad,ps,pm,pc,io,ot
My understanding is that audit_user entry overides
audit_control entry. I am sure that I am doing
something dumb but could not catch. I will summarize.
Thank you,
J.
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Chris Hoogendyk: "fssnap: ioctl: error 16: Device busy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
