HPE Community
Operating System - HP-UX
1834811 Members
2755 Online
110070 Solutions
New Discussion

Re: HP-UX Auditing

 
sivakumar_8
Advisor

‎08-05-2004 02:00 PM

‎08-05-2004 02:00 PM

HP-UX Auditing

Hi,
I am new in this site. Please help me to find out the followed

What is this auditing do?

I see this message in syslog.log file

The current audit file is switched from /var/adm/security/audfile1 to /var/adm/security/audfile2.

How do i use this auditing? This audfile1 shows awk programme, how do i view the outcome?
SIVA-HPS-PUB
0 Kudos
Reply
5 REPLIES 5
Mei Jiao
Respected Contributor

‎08-05-2004 04:29 PM

‎08-05-2004 04:29 PM

Re: HP-UX Auditing

For more information on the auditing of a Trusted System, you may refer to the www.docs.hp.com website.

For example:
http://www.docs.hp.com/hpux/onlinedocs/5187-2216/00/00/63-con.html

or this:
http://www.docs.hp.com/hpux/onlinedocs/5187-2216/00/00/72-con.html#admsys-sec-audit

Normally there are 2 audit log file you can set in the auditing, when the size of the first audfile reached, it'll switch to 2nd audit log file. This 2nd audit log file will continue to grow if you do not specify another auxiliary aud file.

You can try to view the audfile using SAM.
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎08-05-2004 04:52 PM

‎08-05-2004 04:52 PM

Re: HP-UX Auditing

Auditing
=========
The purpose of the auditing system is to record instances of access by
subjects to objects and to allow detection of any (repeated) attempts
to bypass the protection mechanism and any misuses of privileges, thus
acting as a deterrent against system abuses and exposing potential
security weaknesses in the system.

-- see audit.5 man page

If your first (primary) audit file is stored audit informations then audit file is shifted to next audit file specified there in /etc/rc.config.d/auditing or execute audsys command without any option on shell

You can know about audit files and switching. See more at audsys,audomon man pages

To view to know the contents of audit file effectively use audisp command.

see man page audisp details and examples.

Regards
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
R. Sri Ram Kishore_1
Respected Contributor

‎08-09-2004 03:19 PM

‎08-09-2004 03:19 PM

Re: HP-UX Auditing

Hi,

Take a look at these docs:
http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/5187-2216/5187-2216_top.html&con=/hpux/onlinedocs/5187-2216/00/00/72-con.html&toc=/hpux/onlinedocs/5187-2216/00/00/72-toc.html&searchterms=audit&queryid=20040809-211157

http://docs.hp.com/hpux/onlinedocs/B2355-90121/00/00/1-con.html (see the auditing section of this doc)

HTH.

Reagards,
Sri Ram
"What goes up must come down. Ask any system administrator."
0 Kudos
Reply
R. Sri Ram Kishore_1
Respected Contributor

‎08-09-2004 03:21 PM

‎08-09-2004 03:21 PM

Re: HP-UX Auditing

Hi,

Also do take a look at these threads:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=625704
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=637482
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=640477

HTH.
Regards,
Sri Ram
"What goes up must come down. Ask any system administrator."
0 Kudos
Reply
Brian Markus
Valued Contributor

‎08-19-2004 05:42 PM

‎08-19-2004 05:42 PM

Re: HP-UX Auditing

Just as a warning, audit files can take up a lot of space. You need to trim them from time to time. Also, by default depending on the version of HPUX you're using, the audit file length may be limited then start throwing errors when it fills up. Do a man on audsys.

Here is how to manually rotate your audit files.
audsys -c audfile3 -s 1223 -x audfile4 -z 1223
audsys -c audfile1 -s 1223 -x audfile2 -z 1223

Good luck

-Brian.
When a sys-admin say's maybe, they don't mean 'yes'!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.