System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

enabling auditing specific f

Syedfurquan
Trusted Contributor

enabling auditing specific f

Hi Everybody,

 

I am using HP-UX 11.23 and would like to enable auditing specific for useradd, usermod,userdel,groupadd,groupmod, groupdel,passwd,chown,mkdir, rmdir.

When I am trying to enable auditing from SAM, Audited Events and then selecting the particular events and turned ON.

Its of no use its generating teh audfile1 but there are so many input which I can't understand and the things which I required I can't find there.

 

Canbody help to enable auditing specifically for above mentioned.

 

Anyhelp is very much appreciated.

 

Regards

Syed

Regards,
Syed
3 REPLIES
Patrick Wallek
Honored Contributor

Re: enabling auditing specific f

Syedfurquan
Trusted Contributor

Re: enabling auditing specific f

Hi Patrick,

 

Thanks for the reply. I already tried according to that page but its not working for 11.23. Also with that script for 11.31 I can only enable useradd,usermod,userdel, etc but I also want enable auditing for create like mkdir,rmdir etc.

 

Any Help on this?

 

Regards

Syed

Regards,
Syed
VK2COT
Honored Contributor

Re: enabling auditing specific f

Hello,

 

Here is an example from a real customer who needed similar setup to yours recently.

HP-UX 11.23 audsys is a bit different from the ne on HP-=UX 11.31, so I had

to write a script to ensure that proper managent is done.

 

Firstly, Auditing config was:

 

AUDITING=0

PRI_AUDFILE=/var/audit/audtrail_new1

PRI_SWITCH=100

SEC_AUDFILE=/var/audit/audtrail_new2

SEC_SWITCH=100

AUDEVENT_ARGS1="-P -F -e login -e moddac -e admin -e modaccess"

AUDEVENT_ARGS2=""

AUDEVENT_ARGS3=""

AUDEVENT_ARGS4=""

AUDOMON_ARGS="-p 20 -t 1 -w 90 -o /var/adm/syslog/syslog.log"

 

Secondly, I set up a cron job to handle trail logs. Scipt is enclosed herewith

 

I decided to use identical trail log names as on HP-UX 11.31.

 

For more details whicl events to log, just check audevent(1M).

 

VK2COT - Dusan Baljevic