Using auditd on AIX 6.1

Is there any experience out there in using the auditd (as known from Linux) on AIX (rather than using the AIX' built-in audit subsystem)?

Might auditd eventually be more sensible when it comes to
- sensible amount of data
- satisfying PCI DSS requirements

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights. This seems to be a problem w/ AIX audit.
jmeesenburgAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
jfer0x01Connect With a Mentor Commented:
Auditd will log when users login and out physically and over telnet ssh and when users su, among other things like cron execution.

Might auditd eventually be more sensible when it comes to
- sensible amount of data - Lots of logs, kinda hard to read though.
- satisfying PCI DSS requirements - I take it the AIX box has client or financial information, so yes. Log are also sequential and and running off of epoch time and thus generates legitimate log entries.

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights.

Auditd, logs. Restriction or alerting of login events has to be accomplished by.

1. Custom script that parses logs, sends an email or generates syslog entry to alert you.
2. 3rd party solution that parses logs. (logwatch, Logstash, Splunk).

Hope this helps.

Jfer
0
 
jmeesenburgAuthor Commented:
Thanks jfer - good hints in the right direction!

In the meantime we've figured out to do that properly.
As you wrote, a bit of scripting is required, but the right configuration using the tools AIX and the audit subsystem provide are key.
Fortunately, there's no 3rd party software required.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.