Hi Daniel,
sorry for the delay but i never received this mail (i found it on googlegroups)... right feel free to put the scripts on your web site and use/test it and report to me all suggestion.
Unfortunatly Sun BSM don't log user administration when it bacome from command line, groupadd, useradd (only from Sun Solaris user administration), for this problem we are contacted Sun customer services, if i have any news i report to you.
If any people want i have made the same configuration/scripts for IBM AIX, please let me know if someone are interested to it...
amedeo
Hi Amedeo,
Nice stuff. I don't have a solaris here to test it, but I know it can
be useful to
a lot of people. Do you mind if I put it in the ossec web site, so more people
can try and use it? Thanks for the contribution.
--
Daniel B. Cid
dcid ( at ) ossec.net
On 7/21/06, Amedeo Salvati <[EMAIL PROTECTED]> wrote:
> Hi Daniel,
>
> recently on our customer we have analyzed logs from Sun Solaris 8 to 10
> and with great surprise, we have looked that it can't logs event from
> login process!. but don't worry said my boss: there are Sun Solaris BSM
> with do it, unfortunately on Solaris 8 and 9 it don't redirect to syslog
> (we have at least 90% OS based on it). for resolve this problem i writed
> two script on ksh (my first time on ksh!) who send the logs to syslog,
> i attach it if someone want to use.
>
> For any further information about BSM see:
>
> http://www.sun.com/bigadmin/content/submitted/bsm_audit.html
> http://www.sun.com/software/security/audit/
>
> if you need any further information about scripts please let me know
> amedeo
>
Title: Re: Sun Solaris 8-9 BSM to syslog
- [ossec-list] Re: Sun Solaris 8-9 BSM to syslog Salvati Amedeo
- [ossec-list] Re: Sun Solaris 8-9 BSM to syslog Meir Michanie
