Audit in Solaris Servers.

Hari_Ganesh · October 13, 2009, 2:14am

Hi Friends

I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.

Any inputs,links,suggestions are highly appreciated.

Note 1-Currently i have written a shell script that copies the .sh_history and .bash_history file of all users who have logged into the server on a day. But it doesn't have the time stamp and looks an awkward way to get the audit done.

Note 2- My solaris only farm has around 30 Sol9 & 10 machines.

Thanks-in-advance,
HG

brusell · October 13, 2009, 4:08am

Solaris itself include very strong auditing capabilities, the only thing you must consider is level of auditing because of size of logs produced by audit daemon.

For more informations and decisions regarding auditing visit page...
Solaris Auditing (System Administration Guide: Security Services) - Sun Microsystems

Bruss

Hari_Ganesh · October 14, 2009, 2:28am

Thanks Brusell.

Gurus,
Any idea how this is done in big enterprises. (Just curious to know)

HG

brusell · October 16, 2009, 5:07am

We are using native Solaris auditing system and audit logs are located on mounted nfs share from central server.
Maybe somebody here can provider better solution.