Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Using auditd on AIX 6.1

Posted on 2013-10-22
2
Medium Priority
?
867 Views
Last Modified: 2014-02-09
Is there any experience out there in using the auditd (as known from Linux) on AIX (rather than using the AIX' built-in audit subsystem)?

Might auditd eventually be more sensible when it comes to
- sensible amount of data
- satisfying PCI DSS requirements

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights. This seems to be a problem w/ AIX audit.
0
Comment
Question by:jmeesenburg
2 Comments
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 900 total points
ID: 39844738
Auditd will log when users login and out physically and over telnet ssh and when users su, among other things like cron execution.

Might auditd eventually be more sensible when it comes to
- sensible amount of data - Lots of logs, kinda hard to read though.
- satisfying PCI DSS requirements - I take it the AIX box has client or financial information, so yes. Log are also sequential and and running off of epoch time and thus generates legitimate log entries.

E.g. we'd like to restrict logging to activities on interactive shells by users w/ admin rights.

Auditd, logs. Restriction or alerting of login events has to be accomplished by.

1. Custom script that parses logs, sends an email or generates syslog entry to alert you.
2. 3rd party solution that parses logs. (logwatch, Logstash, Splunk).

Hope this helps.

Jfer
0
 

Author Closing Comment

by:jmeesenburg
ID: 39845055
Thanks jfer - good hints in the right direction!

In the meantime we've figured out to do that properly.
As you wrote, a bit of scripting is required, but the right configuration using the tools AIX and the audit subsystem provide are key.
Fortunately, there's no 3rd party software required.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question