Settings audit logs for different tasks. Help me!!!

menofmayhem · November 8, 2019, 6:59am

Hi guys.

I have to set audit logs on certain events on a solaris 10 server.

While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .

I should be able to identify these 4 different events:

1: Tracking all the activities performed by root account

2: Tracking all privilege escalation performed by sudo or su command

3: Tracking all account removal/add in the system

4: Detects system time changes which are not done by a local service or a service account.

Can you give me a hand? Thanks a lot to everyone!

vbe · November 8, 2019, 8:00am

Welcome on board!

What makes you think it is that different in Solaris?
If you can do your tasks in linux, then show us what you do in linux, we will help you do the same on solaris...
E.g.
1: Tracking all the activities performed by root account, how do you do that in linux?

Why cant you do the same in solaris? The only reason I see is perhaps because no one is using root account and use sudo or a RBAC...

menofmayhem · November 11, 2019, 3:21am

In my linux boxes i used the "auditd" tool with this settings in the "audit.rules" file:

Is there a way in solaris to achieve the same config?

Thank u!