[Fed-Talk] BSM Not logging commands?
[Fed-Talk] BSM Not logging commands?
- Subject: [Fed-Talk] BSM Not logging commands?
- From: Michael L Walker <email@hidden>
- Date: Wed, 3 Oct 2007 18:22:20 -0700
Hi all,
Trying to get the BSM auditing running on a PowerPC. It seems to log
certain events, but I can't get it to log everything I need for
security.
The big area that remains is access to denied files (file
permissions) and executing command that the user doesn't have privs for.
IE. as a normal user attempting to ls or cd into /var/audit (which is
a failure is not being logged).
Attempting to remove log files in /var/logs/ by a normal user is not
being logged.
Editing (vi) various configuration files (/etc/passwd) is not being
logged (attempt at overwriting).
Can someone point me to the audit_control settings that will log this
information.
At this point even if we could log ALL commands, successful or not,
by every user would go a long way to making security happy (although
the disks would fill up fast!)
(ie. every cd, every ls, etc).
Things like Login/Logout is being logged and some other events....but
not everything.
Thanks,
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden