advice on AIX auditing

From: Jim Lane (JLane@TORONTOHYDRO.COM)
Date: Thu Jun 27 2002 - 11:54:02 EDT

• Next message: Dave.Zarnoch@SUNGARD.COM: "Re: Problems with paging space"
• Previous message: Holger.VanKoll@SWISSCOM.COM: "Re: Problems with paging space"
• Next in thread: Sandor W. Sklar: "Re: advice on AIX auditing"
• Reply: Sandor W. Sklar: "Re: advice on AIX auditing"
• Maybe reply: Green, Simon: "Re: advice on AIX auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, All

as part of a general onslaught re security I've started tinkering with
the AIX audit system. there doesn't seem to be much information that I
can find by way of high level "how to" guidance on using this thing. I'm
especially interested in how to figure out what events, classes etc I
should be auditing. I'm still not sure of the scope of information that
this thing can give me as against what I should be looking for. thus far
it seems to be able to generate a lot of information of the "so what"
variety. has anybody out there worked with AIX auditing? if so, would
you be willing to share experiences especially regarding how you
customized it? also, what about reports formats, data retention volumes.
any help or references would be greatly appreciated.
TIA

Jim Lane
Sr. Technical Consultant
Network Services
Toronto Hydro
office: (416)-542-2820
cell: (416)-896-8576

• Next message: Dave.Zarnoch@SUNGARD.COM: "Re: Problems with paging space"
• Previous message: Holger.VanKoll@SWISSCOM.COM: "Re: Problems with paging space"
• Next in thread: Sandor W. Sklar: "Re: advice on AIX auditing"
• Reply: Sandor W. Sklar: "Re: advice on AIX auditing"
• Maybe reply: Green, Simon: "Re: advice on AIX auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:01 EDT