Solved

Using auditd on AIX 6.1

Posted on 2013-10-22
2
806 Views
Last Modified: 2014-02-09
Is there any experience out there in using the auditd (as known from Linux) on AIX (rather than using the AIX' built-in audit subsystem)?

Might auditd eventually be more sensible when it comes to
- sensible amount of data
- satisfying PCI DSS requirements

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights. This seems to be a problem w/ AIX audit.
0
Comment
Question by:jmeesenburg
2 Comments
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 300 total points
ID: 39844738
Auditd will log when users login and out physically and over telnet ssh and when users su, among other things like cron execution.

Might auditd eventually be more sensible when it comes to
- sensible amount of data - Lots of logs, kinda hard to read though.
- satisfying PCI DSS requirements - I take it the AIX box has client or financial information, so yes. Log are also sequential and and running off of epoch time and thus generates legitimate log entries.

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights.

Auditd, logs. Restriction or alerting of login events has to be accomplished by.

1. Custom script that parses logs, sends an email or generates syslog entry to alert you.
2. 3rd party solution that parses logs. (logwatch, Logstash, Splunk).

Hope this helps.

Jfer
0
 

Author Closing Comment

by:jmeesenburg
ID: 39845055
Thanks jfer - good hints in the right direction!

In the meantime we've figured out to do that properly.
As you wrote, a bit of scripting is required, but the right configuration using the tools AIX and the audit subsystem provide are key.
Fortunately, there's no 3rd party software required.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now