HPE Community
Operating System - HP-UX
1752799 Members
6028 Online
108789 Solutions
New Discussion юеВ

Enable Auditing On HP-UX

 
Ramasubramanian Krishna
Occasional Advisor

тАО11-01-2010 10:14 PM

тАО11-01-2010 10:14 PM

Enable Auditing On HP-UX

I need to enable auditing on HP-UX system and the audit files to be generated on central server.
0 Kudos
Reply
9 REPLIES 9
Shibin_2
Honored Contributor

тАО11-01-2010 10:28 PM

тАО11-01-2010 10:28 PM

Re: Enable Auditing On HP-UX

Use audsys command to start / stop auditing on your system.

Read man audsys for more information.

I am not sure, whether you can keep it in a remote server.

/.secure/etc/audnames File contains the current and next audit file names and their switch sizes.
Regards
Shibin
0 Kudos
Reply
Shibin_2
Honored Contributor

тАО11-01-2010 10:38 PM

тАО11-01-2010 10:38 PM

Re: Enable Auditing On HP-UX

Additionally, read this thread.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1288679848061+28353475&threadId=815962
Regards
Shibin
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

тАО11-02-2010 05:57 AM

тАО11-02-2010 05:57 AM

Re: Enable Auditing On HP-UX

You need to go to SAM > Security > Audit Events

But you need to convert your system Trusted Systems.

And you need to start by Turn Auditing ON from Actions menu.

And remember/be careful, it means too much logs under /.secure/etc
0 Kudos
Reply
Ramasubramanian Krishna
Occasional Advisor

тАО11-02-2010 11:24 PM

тАО11-02-2010 11:24 PM

Re: Enable Auditing On HP-UX

thanks. But I need the audit files created to be on the central server.
0 Kudos
Reply
Sundar G
Frequent Advisor

тАО11-03-2010 02:33 AM

тАО11-03-2010 02:33 AM

Re: Enable Auditing On HP-UX

Ram,

Try exploring the use of syslog-ng which sends all logs to a centralised server (including syslog). It is bundled with DASU tools in HP UX 11.31 . This link may be helpful.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1288780164926+28353475&threadId=1179562

-- Sundar
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО11-03-2010 02:42 AM

тАО11-03-2010 02:42 AM

Re: Enable Auditing On HP-UX

>I need the audit files created to be on the central server.

Is NFS available to do this?
0 Kudos
Reply
Court Campbell
Honored Contributor

тАО11-03-2010 12:58 PM

тАО11-03-2010 12:58 PM

Re: Enable Auditing On HP-UX

I agree with Dennis. You will probably need to go the NFS route. Alternatively, you could write a script that changed the log file, and copied the log file off to another server. I did this at my last company. We switched out the audit file via a cronjob and sent it to a management server.

A couple of notes:

1. Make sure the audit info is useful. I cannot tell you how much crap info you can get from auditing. Do you really need to know every semop call?

2. Make sure you have a good amount of space for the logs. If the system cannot write to the audit files, your system will grind to a halt.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Ismail Azad
Esteemed Contributor

тАО11-09-2010 11:27 AM

тАО11-09-2010 11:27 AM

Re: Enable Auditing On HP-UX

Just one thing, if u are doing via command line. Check the control variable in /etc/rc.config.d/auditing it will typically be 0 so make it as 1.
Read, read and read... Then read again until you read "between the lines".....
0 Kudos
Reply
Shibin_2
Honored Contributor

тАО11-14-2010 03:50 PM

тАО11-14-2010 03:50 PM

Re: Enable Auditing On HP-UX

I have assigned points to 1 of 13 responses to my questions.


Please assign some points.
Regards
Shibin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.