HPE Community
Operating System - HP-UX
1834163 Members
2606 Online
110064 Solutions
New Discussion

Re: Recreating / .secure/etc/audnames file ?

 
James Barry_2
New Member

‎02-16-2005 01:21 AM

‎02-16-2005 01:21 AM

Recreating / .secure/etc/audnames file ?

Hi,

We have a superdome based system that has been set up as a trusted system. My problem is that there are no files in /.secure/etc
Therefore sam bombs out if you try to start any form of auditing. If I have read thin gs correctly those files are created when the system is converted to trusted mode. Is there anyway of recreating those files (in particular audnames) without unconvering the system then reconverting it again ?
Sorry if I've missed something obvious here...all new territory to me :-)
0 Kudos
Reply
4 REPLIES 4
Jeff Schussele
Honored Contributor

‎02-16-2005 01:27 AM

‎02-16-2005 01:27 AM

Re: Recreating / .secure/etc/audnames file ?

Hi James,

Sure you can create them manually but I would suggest you create a separate filesystem for /.secure as it can grow *quite* large & you wouldn't want to fill /
The default structure is as follows:
./secure
./secure/etc
./secure/etc/audfile1
./secure/etc/audfile2

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎02-16-2005 01:29 AM

‎02-16-2005 01:29 AM

Re: Recreating / .secure/etc/audnames file ?

Oh - I forgot to add that the typical
/.secure/etc/audnames
will look like
/.secure/etc/audfile1,1000
/.secure/etc/audfile2,2000
Of course your mileage can vary - make them an appropriate size of course.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Steve Steel
Honored Contributor

‎02-16-2005 01:57 AM

‎02-16-2005 01:57 AM

Re: Recreating / .secure/etc/audnames file ?

Hi

Look at the mnpage of audsys


To make sure it isnt running do
audsys -f

Then you can restart auditing (be careful to choose adequate files/sizes or see man audsys):
cd /.secure/etc
audsys -n -c aud2 -s 1000 -x aud3 -z 1000

Note:You can check /etc/rc.config.d/auditing and use the arguments specified for audsys -n if they exist,

cat /etc/rc.config.d/auditing
[....]
PRI_AUDFILE=/.secure/etc/audfile2
PRI_SWITCH=1000
SEC_AUDFILE=/.secure/etc/audfile3
SEC_SWITCH=1000

Thencheck that /.secure/etc/audfile* are written to.


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
James Barry_2
New Member

‎02-16-2005 02:33 AM

‎02-16-2005 02:33 AM

Re: Recreating / .secure/etc/audnames file ?

Cheers Guys,

Sorry if it seems such a simple question :-)

Thanks for your time and patience.

Cheers


James

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.