Operating System - HP-UX
1834163 Members
2606 Online
110064 Solutions
New Discussion

Re: Recreating / .secure/etc/audnames file ?

 
James Barry_2
New Member

Recreating / .secure/etc/audnames file ?

Hi,

We have a superdome based system that has been set up as a trusted system. My problem is that there are no files in /.secure/etc
Therefore sam bombs out if you try to start any form of auditing. If I have read thin gs correctly those files are created when the system is converted to trusted mode. Is there anyway of recreating those files (in particular audnames) without unconvering the system then reconverting it again ?
Sorry if I've missed something obvious here...all new territory to me :-)
4 REPLIES 4
Jeff Schussele
Honored Contributor

Re: Recreating / .secure/etc/audnames file ?

Hi James,

Sure you can create them manually but I would suggest you create a separate filesystem for /.secure as it can grow *quite* large & you wouldn't want to fill /
The default structure is as follows:
./secure
./secure/etc
./secure/etc/audfile1
./secure/etc/audfile2

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Jeff Schussele
Honored Contributor

Re: Recreating / .secure/etc/audnames file ?

Oh - I forgot to add that the typical
/.secure/etc/audnames
will look like
/.secure/etc/audfile1,1000
/.secure/etc/audfile2,2000
Of course your mileage can vary - make them an appropriate size of course.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Steve Steel
Honored Contributor

Re: Recreating / .secure/etc/audnames file ?

Hi

Look at the mnpage of audsys


To make sure it isnt running do
audsys -f

Then you can restart auditing (be careful to choose adequate files/sizes or see man audsys):
cd /.secure/etc
audsys -n -c aud2 -s 1000 -x aud3 -z 1000

Note:You can check /etc/rc.config.d/auditing and use the arguments specified for audsys -n if they exist,

cat /etc/rc.config.d/auditing
[....]
PRI_AUDFILE=/.secure/etc/audfile2
PRI_SWITCH=1000
SEC_AUDFILE=/.secure/etc/audfile3
SEC_SWITCH=1000

Thencheck that /.secure/etc/audfile* are written to.


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
James Barry_2
New Member

Re: Recreating / .secure/etc/audnames file ?

Cheers Guys,

Sorry if it seems such a simple question :-)

Thanks for your time and patience.

Cheers


James