On Mon, 23 Sep 1996, Cydna J. Mahar wrote:
> Has anyone used AFS auditing. We use an aix platform. I have aix accounting
> up and running and I have edited the event, objects and config files under
> /etc/security/audit. I just appended the files given in /usr/afs/local/audit.
Well, *appending* would not get you anywhere at least in the case of the
'config' file. That violates that file's syntax. The line which says
'root = afsblablabla,....' must replace the already existing 'root =
something' line. The rest goes *before* the 'users' part.
And I don't know whether I got confused with the long lines, but I found out
that '#' (comment) lines cannot be placed just anywhere in that file.
Otherwise it works fine: you've got to restart the processes you want to
monitor after setting up /usr/afs/local/Audit.
In AIX 4 there is also a problem with the 'audit mask' or so: there's a PTF
for it, but it's sufficient to log out and back in again after changing the
/etc/security/audit/config file...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rainer Toebbicke http://wwwcn1.cern.ch/~rtb -or- [EMAIL PROTECTED] O__
European Laboratory for Particle Physics(CERN) - Geneva, Switzerland > |
Phone: +41 22 767 8985 Fax: +41 22 767 7155 ( )\( )
