Solved

Using auditd on AIX 6.1

Posted on 2013-10-22
2
812 Views
Last Modified: 2014-02-09
Is there any experience out there in using the auditd (as known from Linux) on AIX (rather than using the AIX' built-in audit subsystem)?

Might auditd eventually be more sensible when it comes to
- sensible amount of data
- satisfying PCI DSS requirements

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights. This seems to be a problem w/ AIX audit.
0
Comment
Question by:jmeesenburg
2 Comments
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 300 total points
ID: 39844738
Auditd will log when users login and out physically and over telnet ssh and when users su, among other things like cron execution.

Might auditd eventually be more sensible when it comes to
- sensible amount of data - Lots of logs, kinda hard to read though.
- satisfying PCI DSS requirements - I take it the AIX box has client or financial information, so yes. Log are also sequential and and running off of epoch time and thus generates legitimate log entries.

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights.

Auditd, logs. Restriction or alerting of login events has to be accomplished by.

1. Custom script that parses logs, sends an email or generates syslog entry to alert you.
2. 3rd party solution that parses logs. (logwatch, Logstash, Splunk).

Hope this helps.

Jfer
0
 

Author Closing Comment

by:jmeesenburg
ID: 39845055
Thanks jfer - good hints in the right direction!

In the meantime we've figured out to do that properly.
As you wrote, a bit of scripting is required, but the right configuration using the tools AIX and the audit subsystem provide are key.
Fortunately, there's no 3rd party software required.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question