[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

auditing various files in MAC X 10.6

Posted on 2009-02-10
8
Medium Priority
?
376 Views
Last Modified: 2012-05-06
What and where are file access violations and password changes kept?
I was trying to find these events using the console and the CLI, however it was not readily identifiable to me?
0
Comment
Question by:mbpage
  • 4
  • 2
  • 2
8 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 23607843
I've never actualy tried looking for those items, but you might check in the console logs.  Go to Finder applications Utilities. Console and this will show you all the various logs on the system.
0
 
LVL 41

Expert Comment

by:Eoin OSullivan
ID: 23608953
On another issue .. your message subject states Mac x 10.6 .. this is the NOT YET RELEASED version due this summer which is still in Beta form.  Are you using this version??  Or the current latest 10.5? With update 6 = OSX 10.5.6

When you say 'file access violations' - do you mean when someone tries to open or alter a file for which they do not have adequate permissions?  Or when a program or file tries to save data to a location on the hard drive for which it does not have permission?

By default I believe that OSX does not capture/log these violations but you can scan the console logs as advised above.  You can capture everything in some form or another using some of the developer tools included with XCode
0
 

Author Comment

by:mbpage
ID: 23631540
eoinosullivan,

I believe that it is 10.5.6 sorry about that.

When you say 'file access violations' - do you mean when someone tries to open or alter a file for which they do not have adequate permissions? Yes that is what I mean.  Along notification of when people my try to change time within preferences.

Will the developer tools require me to write code then compile as necessary to run and capture the items that I'm looking for?  I was hoping that by setting some flags within pr audit reduce that I might be able to capture the data that I need.

0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:mbpage
ID: 23631575
jhyiesla,

I've never actualy tried looking for those items, but you might check in the console logs.  Go to Finder applications Utilities. Console and this will show you all the various logs on the system.  Yes, I have gone to the console and the auditing tools.  However, the conventions which MAC uses are a little different from what I'm used to seeing from other OS', i.e. SusSE, CentOS, Linux, Fedora, and Solaris.  Is there a website that discusses the standard conventions used within MAC for file access violations for users, and items like a non privilaged user trying to change system time?
0
 
LVL 41

Assisted Solution

by:Eoin OSullivan
Eoin OSullivan earned 186 total points
ID: 23631615
I'm afraid I cannot help you any further as I am not an Apple Programmer/Developer .. you are dealing with core OSX system manipulation issues.

A good OSX software developer or someone who knows the guts of other Unix systems may have some pointers.
0
 
LVL 28

Accepted Solution

by:
jhyiesla earned 189 total points
ID: 23632021
Unfortunately I am not a developer either.  I don't know if there is a single page devoted to log file analysis because the possible entries are so numerous.  If you have a specific question about a log file entry you could post it here and see  if someone has the answer or not.

As far as the rest of your question about writing code, you may want to see if someone chimes in here or re-zone this question to include some developer zone which may get you the answers you need for that.  Sorry I could not be of more help.
0
 

Author Comment

by:mbpage
ID: 23638372
I thank you both in your attempt to help with the problem.  I believe that I am getting closer to answering it myself.
jhyiesla and eoinosullivan- through a combination of some smart scripts with associated filters, and manipulation of the audit log and console.  I have found that you can set up the console to alert you to an elevation of privilages or at least the attempt.  Bad passwords, sudo notifications, etc...
0
 

Author Closing Comment

by:mbpage
ID: 31545394
They are both correct in terms of basic auditing and if you really need to have sifting of the logs accomplished within OS X you have to write a script to specifically identify those items, and have them show up in the designated directory.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We could spend the next millennium discussing the differences of the Mac and Windows platforms. The next century will continue to have fanatics on both side of the equation and neither side will win the war. However, that’s not why we are here. W…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question