From: Sandor W. Sklar (ssklar@STANFORD.EDU)
Date: Thu Jun 27 2002 - 12:08:43 EDT
IBM has a pretty good redbook on auditing and accounting, called
(oddly enough) "Auditing and Accounting on AIX". It should have much
of what you want to know:
<http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/sg246020.html?Open>
-s-
At 11:54 AM -0400 6/27/02, Jim Lane wrote:
>Hi, All
>
>as part of a general onslaught re security I've started tinkering with
>the AIX audit system. there doesn't seem to be much information that I
>can find by way of high level "how to" guidance on using this thing. I'm
>especially interested in how to figure out what events, classes etc I
>should be auditing. I'm still not sure of the scope of information that
>this thing can give me as against what I should be looking for. thus far
>it seems to be able to generate a lot of information of the "so what"
>variety. has anybody out there worked with AIX auditing? if so, would
>you be willing to share experiences especially regarding how you
>customized it? also, what about reports formats, data retention volumes.
>any help or references would be greatly appreciated.
>TIA
>
>Jim Lane
>Sr. Technical Consultant
>Network Services
>Toronto Hydro
>office: (416)-542-2820
>cell: (416)-896-8576
-- Sandor W. Sklar - Unix Systems Administrator - Stanford University ITSS Non impediti ratione cogitationis. http://whippet.stanford.edu/~ssklar/
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:01 EDT