• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

Solaris 9 CDE Authentication Logging

We have a need to log *ALL* login successes and failures in Solaris 9.

I've been able to get all command line logins to log.. no problemo....  however, no CDE activity logs... I can't seem to find a way to get CDE login successes and failures to write to syslog...



Help?!?!


0
ParadiseITS
Asked:
ParadiseITS
  • 3
2 Solutions
 
NukfrorCommented:
You should enable BSM for this.  Just google for "solaris bsm login audit" and you'll find all kinds of stuff.  An example is here:

http://www.deer-run.com/~hal/sysadmin/SolarisBSMAuditing.html
0
 
yuzhCommented:
Agreed with  Nukfror use BSM for the job, have a look at the following docs about BSM, to learn more:
http://www.boran.com/security/sp/Solaris_bsm.html
http://www.securityfocus.com/infocus/1362
http://abelew.web.wesleyan.edu/bsmaudit1.html
http://docs.sun.com     -- Search for BSM

0
 
ParadiseITSAuthor Commented:
So, to break down the BSM tool...    the document Nukfor sent seems to sum it up... so here is my understanding...  can anyone clarify if I've got it before I try it?


run the audit_startup script
then I can edit (using vi??) the audit_control file to:

dir:/var/audit
minfree:20
flags:lo
naflags:lo


and this will grab all login activity?

My thoughts were to setup a cron job to do the audit -n then archive the resulting logs off the server...  is this a sound plan?  Or am I missing something??

0
 
ParadiseITSAuthor Commented:
check that.. I meant run the bsmconv.. not audit_startup
0
 
ParadiseITSAuthor Commented:
I'm going to go ahead and close this, I have it working on my Virtual Machine so it's good enough to close the question -- thanks!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now