Hi,
I would like to get the audit log with username, directory and the date whenever user fires 'rm' command anywhere in the file locations.
Is there any possibility to capture the 'rm' command and its parameters from any environment by the single function ?
Please advise me.
Thanks,
Joviac
What system are you using?
It is SunOS 5.9
Too bad you are not using at least Solaris 10. DTrace would make your request trivial... For Solaris 9 you can use BSM auditing: http://docs.oracle.com/cd/E19604-01/821-0406/enablingusingbsmauditing/index.html
I am aware that by using 'lastcomm' command, we can able to get the details such as user, execution time etc, but we couldn't capture the filenames and their paths. Do we have any such alternative way to find out the details together ?
Thanks in advance