Board index Solaris

BSM audit_user file

BSM audit_user file

Post by chunm » Thu, 31 Oct 2002 19:45:15



During using BSM, I met a problem.
I willing to audit all users including root and not to audit at all
about user "foo". I set up audit_control and audit_user like
following.

1. audit_control
flags:lo,ad,-all,^-fc

2. audit_user
foo::all

When user logins as "foo", no audit happen. But, When he switchs to
root using "su", the problem happen. After he become root, BSM audit
occurs. I hope no audit happen even after "su".

So, I have some question.
1. What does "username" in audit_user file mean? audit ID or effective
user ID?
2. How can I solve this problem?

Hope advice.
Thanks in advance,
Chun-Mok Chung

 
 
 
Top

1. BSM audit_user file

During setting up BSM in Solaris8 on Ultra10 workstation, I met a problem.
I willing to audit all users including root and not to audit at all
about user "foo". I set up audit_control and audit_user like
following.

1. audit_control
flags:lo,ad,-all,^-fc

2. audit_user
foo::all

When user logins as "foo", no audit is generated. But, When he switchs to
root using "su", the problem happen. After he become root, BSM audit is
generated. I hope no audit is generated even after "su".

So, I have some question.
1. What does "username" in audit_user file mean? audit ID or effective
user ID?
2. How can I solve this problem?

Hope advice.
Thanks in advance,
Chun-Mok Chung

2. Linux Games

3. Log file for BSM (auditd)

4. Does SCSI negotiate to lowest common denominator?

5. bsm doesn't log file changes thru telnet/ftp

6. Q:sending mail to a SMTP server???

7. audit_user modification needs a reboot?

8. Netscape Enterprise Server as a specific user

9. how to activate "audit_user" modifications?

10. BSM (c2) on Sol2.1 problems?

11. BSM, cron, and su'd process

12. Does *anyone* use BSM (auditing)

13. C2, BSM and aset ?????


All times are UTC
Board index