Operating System - HP-UX
1748019 Members
4544 Online
108757 Solutions
New Discussion юеВ

Re: Auditing of a log file

 
Sunil Sharma_1
Honored Contributor

Auditing of a log file

All,

I need to audit a file for read and write. I need information like which user access(read,write) that file and when. Is it possible using standard HP UX ? How this can be done ?

Thanks
Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
5 REPLIES 5
morganelan
Trusted Contributor

Re: Auditing of a log file

You must convert your system to Trusted System so you can perform auditing tasks.
1) Turn auditing using SAM (or command:# audsys)
2) Use :#audusr command to identify which users to audit. By default ALL users are audited.
3) Use:#audevent to identify which events and systems calls to audit
4) Use:#audisp to display the functions of the audit log file
Kamal Mirdad
Muthukumar_5
Honored Contributor

Re: Auditing of a log file

You can turn your machine into trusted one to audit system call which is being used for the specific file.

Use sam or tsconvert to do this.

You can also change system binary wrappers to check the file usage.

hth.
Easy to suggest when don't know about the problem!
Muthukumar_5
Honored Contributor

Re: Auditing of a log file

Robert Fritz
Regular Advisor

Re: Auditing of a log file

You may also consider installing the Trusted System Migration package, which will enable logging (among other things) without having to switch to Trusted System. With the migration, there's very few things you can't get security-wise in standard mode, and you get it without some of the Trusted-System issues.
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
Robert Fritz
Regular Advisor

Re: Auditing of a log file

I just went and found the d/l link:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt

Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin