- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: clean_hids_logs.ksh
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2009 01:08 PM
тАО01-14-2009 01:08 PM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2009 02:23 PM
тАО01-14-2009 02:23 PM
Re: clean_hids_logs.ksh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 03:25 AM
тАО01-15-2009 03:25 AM
Re: clean_hids_logs.ksh
#!/usr/bin/ksh
/sbin/init.d/auditing stop
> /.secure/etc/audfile1
> /.secure/etc/audfile2
/sbin/init.d/auditing start
I am by no means an expert on script, to me it looks like it stops auditing and appends /.secure/etc/audfile1 to /.secure/etc/audfile2 and then starts auditing again. Is there a reason why I would need this script? It is on one of my backup servers and not on the production. It causeses a lot of auditing email messages that I have to clean up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 03:49 AM
тАО01-15-2009 03:49 AM
Re: clean_hids_logs.ksh
The two commands of the form "> filename" will _overwrite_ the file on the right side of the ">" sign with whatever is output by the left side, i.e. nothing at all. In other words, the commands will truncate both files to zero length.
To append something to the end of file, you would need ">>".
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 04:01 AM
тАО01-15-2009 04:01 AM
Re: clean_hids_logs.ksh
Based on this and your other posting it appears that you have a highly regulated and highly scrutinized server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 04:08 AM
тАО01-15-2009 04:08 AM
Re: clean_hids_logs.ksh
00,15,30,45 * * * * /usr/local/bin/clean_hids_logs.ksh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 05:01 AM
тАО01-15-2009 05:01 AM
SolutionAs I said it does not make sense to zero out these logs without first making copies of them for later use. Maybe there was a security requirement to turn on "system accounting" and this is how thet dealt with the logs filling up root. This is NOT how system accounting is run. Either turn it off, or if you have to keep it running,
1. you need to find another area to place the logfiles. Their location is set in /etc/rc.config.d/auditing
2. Even when you find an area with lots of space, these files will eventually fill it up. So you would still need to copy them off your server onto tape, DVD etc, and then zero them out like you do know. This zeroing out should be done less frequently maybe on a daily basis and not every 15 minutes so that you have a pair of auditing files for each day.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 05:07 AM
тАО01-15-2009 05:07 AM
Re: clean_hids_logs.ksh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 05:08 AM
тАО01-15-2009 05:08 AM