Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Setting Up AIX Audit

Posted on 2013-06-16
3
Medium Priority
?
539 Views
Last Modified: 2013-06-28
I have a server that a set of of files are deleted each week in a specific directory. The fact it's occurring around the same time each weekend, I suspect that it's a cron process running. There are too many scripts in cron to go through so I was wondering if it's possible to enable the AIX auditing subsystem to detect when a file in a specific directory is deleted and to report who or what process removed it. If this can be done with the audit subsystem, I need help in configuring this.
0
Comment
Question by:abgtemp
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Ponmaniraja earned 900 total points
ID: 39252924
Hi below is the file to configure audit subsystem to detect when a file is deleted in the specific directory.

#more /etc/security/audit/config
-----------------------------------------------------------------------------------------------------------
start:
binmode = off
streammode=on
bin:
trail = /auditfs/trail
bin1 = /auditfs/bin1
bin2 = /auditfs/bin2
binsize = 10240
cmds = /etc/security/audit/bincmds
freespace = 65536
stream:
cmds = /etc/security/audit/streamcmds
classes:
genuser=USER_SU,PASSWORD_Change

objects=S_ENVIRON_WRITE,S_GROUP_WRITE,S_LIMITS_WRITE,S_LOGIN_WRITE,S_PASSWD_READ,S_PASSWD_WRITE,S_USER_WRITE,AUD_CONFIG_WR
users:
root = general
0
 

Author Comment

by:abgtemp
ID: 39253106
Thanks. Where do you specify the directory or file?
0
 
LVL 1

Expert Comment

by:Ponmaniraja
ID: 39253833
In objects you have to give.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month12 days, 11 hours left to enroll

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question