From: Green, Simon (SGreen@KRAFTEUROPE.COM)
Date: Wed Aug 14 2002 - 04:57:56 EDT
That is indeed all you _need_ to do. However, there are a lot of things you
might _want_ to do.
1. Check that the audit events being collected are the ones you want. The
defaults are a little excessive, in my opinion. (But it depends what you're
aiming to do.)
2. Decide where you want the audit trail written. Perhaps set up a separate
filesystem for this to prevent it interfering with other applications, (and
vice versa).
3. Update the "users:" stanza in /etc/security/audit/config.
4. Update /usr/lib/security/mkuser.default.
Simon Green
Philip Morris ITSC Europe
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will seldom be appreciated.
> -----Original Message-----
> From: Theresa Sarver [mailto:IFMC.tsarver@SDPS.ORG]
> Sent: 13 August 2002 23:11
> To: aix-l@Princeton.EDU
> Subject: Turn on "audit"
>
>
> Hi all;
>
> AIX v4.3.3 ML10
>
> I have to turn on auditing. I've read through the Man Page,
> and have checked out the blurb on Auditing from the AIX 4.3
> Sys Management Concepts: OS/Dev. From what I can tell I
> don't need to add/remove anything from any of the files in
> /etc/security/audit - right? So then is all I need to do
> really just a "/usr/sbin/audit start"? Seems a little too
> easy? Am I missing something here? - Well other than the
> obvious space issues that auditing is going to require.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:08 EDT