cancel
Showing results for 
Search instead for 
Did you mean: 

auditd

Norman O'Brien
Occasional Visitor

auditd

I am learning a Dec Alpha running Digital Unix 4.0. When I try to start auditing by going thru the set up and typing auditd nothing happens. I check the auditd_cons file and its states only connection refused.
8 REPLIES
Michael Schulte zur Sur
Honored Contributor

Re: auditd

Hi Norman,

what 4.0 release and what patch kit are you running?

greetings,

Michael
Norman O'Brien
Occasional Visitor

Re: auditd

version 4.0d no patch kits
Michael Schulte zur Sur
Honored Contributor

Re: auditd

Hi,

4.0d is pretty much outdated. If you want to learn something get 5.1b
There were 9 patchkits for 4.0d. Who knows what all has been corrected over time.
Any reason for 4.0d?

greetings,

Michael
Ann Majeske
Honored Contributor

Re: auditd

For any version in order to use the audit subsystem you have to have built the kernel with the audit subsystem. Add a line with:
options DEC_AUDIT
to your system configuration file and rebuild the kernel. Reboot with the new kernel and try it again.

Ann
Norman O'Brien
Occasional Visitor

Re: auditd

Unfortunately the system cannot be upgraded it is a test system and must match what is being used in production. I would love to update but my hands are tied.

I will try rebuilding the kernel with DEC AUDIT added and let you know the results.

Thankyou both for your timely response it is much appreciated.
Norman O'Brien
Occasional Visitor

Re: auditd

I have to explain that I am very new to this system crossing over from a total window enviroment and education so please excuse the dumb questions, but how exactly do I find and edit the system configuration file. I have found sys config files in /etc and /sbin the sbin sys config appears to be the correct one
Michael Schulte zur Sur
Honored Contributor

Re: auditd

Hi,

there are no dump questions.
You find the config file in /sys/conf
It is the file with the same name as hostname in capital letters.
Add the line among the options lines.
Then use doconfig to build a new kernel.
When done make backup copy of old vmunix and copy new vmunix to its place and reboot.
That's it.

greetings,

Michael
Norman O'Brien
Occasional Visitor

Re: auditd

I have gotten the Audit program up and running thank you both for your assistance. Ann your advice did the trick. Michael thanks for the directions. I will say that coming over to Unix, Solaris 2.6 and 9 along with the Digital unix has been somewhat a mixed bag, sometimes I long for the ease of Windows, but not the problems..