Board index Solaris

q: solaris bsm and triteal gui

q: solaris bsm and triteal gui

Post by ten.. » Fri, 11 Feb 2000 04:00:00



i'm trying to use BSM for auditing and i ran into an issue that it does
not log console logins when Triteal GUI is used (another CDE like GUI).
however, if i login via command line, it be logged in BSM. what i want
is for BSM to also log Triteal logins. i'm looking for patches for this
issue but haven't found one. i haven't tried this on an openwin or
Solaris CDE installation. anyone encountered similar issue or is this
just a misconfiguration in BSM.

your inputs will be appreciated. thanks in advance

jetb

here's my test configuration

test environment
ultra sparc 2
solaris 2.6

BSM configuration
audit_control
dir:/var/audit
flags:lo,-ad,-nt,-ex,-pc,-fm,-fw,-fc,-fd,-fr
minfree:20
naflags:lo

audit_user
root:lo,-ad,fd:no,fr,cl,fm,fa,nt,ip,na,io,ot,pc,ap,ex

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 
Top

q: solaris bsm and triteal gui

Post by Ron Dille » Fri, 11 Feb 2000 04:00:00


Jetb,

Only BSM aware (w/ bsm hooks) software will log via bsm.  You have
installed a 3rd party access package, thereby creating a security hole
in your system.

Ron


> i'm trying to use BSM for auditing and i ran into an issue that it does
> not log console logins when Triteal GUI is used (another CDE like GUI).
> however, if i login via command line, it be logged in BSM. what i want
> is for BSM to also log Triteal logins. i'm looking for patches for this
> issue but haven't found one. i haven't tried this on an openwin or
> Solaris CDE installation. anyone encountered similar issue or is this
> just a misconfiguration in BSM.

> your inputs will be appreciated. thanks in advance

> jetb

> here's my test configuration

> test environment
> ultra sparc 2
> solaris 2.6

> BSM configuration
> audit_control
> dir:/var/audit
> flags:lo,-ad,-nt,-ex,-pc,-fm,-fw,-fc,-fd,-fr
> minfree:20
> naflags:lo

> audit_user
> root:lo,-ad,fd:no,fr,cl,fm,fa,nt,ip,na,io,ot,pc,ap,ex

> Sent via Deja.com http://www.deja.com/
> Before you buy.

--
+--------------------------------------------------------+
|   Ron Dilley                  Sr. UNIX Administrator   |

|   Amgen Inc.                           (805)447-6730   |
+--------------------------------------------------------+

 
 
 
Top

q: solaris bsm and triteal gui

Post by ja.. » Sat, 19 Feb 2000 04:00:00


Not really true, BSM monitors syscalls.
When using X login however you are not performing a traditional Unix
login, you're using an already running process.
CDE uses the classical unix access routines through PAM.
Your software does its own thing.

Jan.



> Jetb,

> Only BSM aware (w/ bsm hooks) software will log via bsm.  You have
> installed a 3rd party access package, thereby creating a security hole
> in your system.

> Ron


> > i'm trying to use BSM for auditing and i ran into an issue that it
does
> > not log console logins when Triteal GUI is used (another CDE like
GUI).
> > however, if i login via command line, it be logged in BSM. what i
want
> > is for BSM to also log Triteal logins. i'm looking for patches for
this
> > issue but haven't found one. i haven't tried this on an openwin or
> > Solaris CDE installation. anyone encountered similar issue or is
this
> > just a misconfiguration in BSM.

> > your inputs will be appreciated. thanks in advance

> > jetb

> > here's my test configuration

> > test environment
> > ultra sparc 2
> > solaris 2.6

> > BSM configuration
> > audit_control
> > dir:/var/audit
> > flags:lo,-ad,-nt,-ex,-pc,-fm,-fw,-fc,-fd,-fr
> > minfree:20
> > naflags:lo

> > audit_user
> > root:lo,-ad,fd:no,fr,cl,fm,fa,nt,ip,na,io,ot,pc,ap,ex

> > Sent via Deja.com http://www.deja.com/
> > Before you buy.

> --
> +--------------------------------------------------------+
> |   Ron Dilley                  Sr. UNIX Administrator   |

> |   Amgen Inc.                           (805)447-6730   |
> +--------------------------------------------------------+

--

--
I've got plenty of Java and Chesterfield Kings
        Donald Fagen-The Nightfly

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 
Top

q: solaris bsm and triteal gui

Post by ten.. » Tue, 22 Feb 2000 04:00:00


it's odd though that BSM (with the configuration settings i mentioned)
can only capture failed logins through the Triteal (CDE) login but can
not capture successful logins and user logouts. any particular system
call to monitor? i think CDE events should be added to audit_events and
audit_class configuration files of BSM. i tried adding the xlogin /
xlogout event ids but i got the same results.

thanx.



> Not really true, BSM monitors syscalls.
> When using X login however you are not performing a traditional Unix
> login, you're using an already running process.
> CDE uses the classical unix access routines through PAM.
> Your software does its own thing.

> Jan.



> > Jetb,

> > Only BSM aware (w/ bsm hooks) software will log via bsm.  You have
> > installed a 3rd party access package, thereby creating a security
hole
> > in your system.

> > Ron


> > > i'm trying to use BSM for auditing and i ran into an issue that it
> does
> > > not log console logins when Triteal GUI is used (another CDE like
> GUI).
> > > however, if i login via command line, it be logged in BSM. what i
> want
> > > is for BSM to also log Triteal logins. i'm looking for patches for
> this
> > > issue but haven't found one. i haven't tried this on an openwin or
> > > Solaris CDE installation. anyone encountered similar issue or is
> this
> > > just a misconfiguration in BSM.

> > > your inputs will be appreciated. thanks in advance

> > > jetb

> > > here's my test configuration

> > > test environment
> > > ultra sparc 2
> > > solaris 2.6

> > > BSM configuration
> > > audit_control
> > > dir:/var/audit
> > > flags:lo,-ad,-nt,-ex,-pc,-fm,-fw,-fc,-fd,-fr
> > > minfree:20
> > > naflags:lo

> > > audit_user
> > > root:lo,-ad,fd:no,fr,cl,fm,fa,nt,ip,na,io,ot,pc,ap,ex

> > > Sent via Deja.com http://www.deja.com/
> > > Before you buy.

> > --
> > +--------------------------------------------------------+
> > |   Ron Dilley                  Sr. UNIX Administrator   |

> > |   Amgen Inc.                           (805)447-6730   |
> > +--------------------------------------------------------+

> --

> --
> I've got plenty of Java and Chesterfield Kings
>    Donald Fagen-The Nightfly

> Sent via Deja.com http://www.deja.com/
> Before you buy.

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 
Top

1. q: solaris bsm and triteal desktop

i'm trying to use BSM for auditing and i ran into an issue that it does
not log console logins when Triteal GUI is used (another CDE like GUI).
however, if i login via command line, it be logged in BSM. what i want
is for BSM to also log Triteal logins. i'm looking for patches for this
issue but haven't found one. i haven't tried this on an openwin or
Solaris CDE installation. anyone encountered similar issue or is this
just a misconfiguration in BSM.

your inputs will be appreciated. thanks in advance

jetb

here's my test configuration

test environment
ultra sparc 2
solaris 2.6

BSM configuration
audit_control
dir:/var/audit
flags:lo,-ad,-nt,-ex,-pc,-fm,-fw,-fc,-fd,-fr
minfree:20
naflags:lo

audit_user
root:lo,-ad,fd:no,fr,cl,fm,fa,nt,ip,na,io,ot,pc,ap,ex

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Linux as PPP server + dynamic ip addr

3. RH 5.2 FTP doesn't work

4. Matrox Mystique ands X.

5. How to turn on 'rcp' service???!!!

6. How does Solaris BSM aduit work?

7. Problem with Portmapper in Spain

8. BSM, Solaris 8 and auditing changes to /etc/shadow

9. BSM on Solaris 8 Generic_108528-05

10. Thoughts on Solaris BSM Auditing

11. Auditing printing using Solaris BSM.

12. BSM Solaris - question of return value


All times are UTC
Board index