AUDIT action (create, delete, privilege escalation, set and change password from users account and group) users and admins in Solaris 10

Hello.
in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
I set settings:
in file syslog.conf:
*.info;mail.none;cron.none;audit.notice            @IP-Remote-syslog-server-SIEM
in file   /etc/security/audit_control:
dir:/var/audit
flags:lo,ad,ex,cc,am,no,fc,fd
minfree:20
naflags:lo
plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
in file   /etc/security/audit_user:
root:lo,ad:no
Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
Where is the mistake?

You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
And the fix is only available in S11.2.
-- Renaud

Similar Messages

  • A month ago my iPhone was stolen, I turned on Activation Lock but it never came out BUT an hour ago somehow my apple ID was changed and someone removed from the account both iPhone and iPad and the iPad was also removely wiped. Can Apple help me somehow?

    A month ago my iPhone was stolen, I turned on Activation Lock but it never came out BUT an hour ago somehow my apple ID was changed and someone removed from the account both my iPhone and iPad and the iPad was also remotely wiped. As soon as I saw it I recover the password and return the access to my iPad. But iPhone is not registered for my apple ID any longer. Can Apple help me somehow? I have all the documents and the iPhone box. Will they lock the iPhone and return me access to it. I'm sure it's been attached to another apple ID.
    PS. the apple ID I'm using on the discussons is not the hacked one.

    Try contacting the Apple account security team and ask: http://support.apple.com/kb/HT5699.

  • I set a restriction password to my child's iphone 3gs and I forgot it.  Is there any way to recover it?  And if I do an update on it, will that delete it?  This is all new to me so thx in advance!

    I set a restriction password to my child's iphone 3gs and have forgotten it.  Is there any way to recover it?  And if I do an update will that delete password?  This is all new to me so thanks in advance!

    raider1990 wrote:
    I set a restriction password to my child's iphone 3gs and have forgotten it.  Is there any way to recover it?
    No.
    And if I do an update will that delete password? 
    No. To remove a forgotten restrictions passcode requires restoring the device as "New" in iTunes, NOT from backup.

  • I have a 60G classic with a non-functioning center select button. Can I set a specific playlist and change settings by hooking up to my PC and then maintain those settings and that playlist once I go remote?

    I have a 60G classic with a non-functioning center select button. Can I set a specific playlist and change settings by hooking up to my PC and then maintain those settings and that playlist once I go remote?

    I'm having a little trouble understanding the part about your password having to be reset. Why is that happening??
    Let's start with Firefox's settings:
    (1) You can configure the password manager feature on this tab:
    orange Firefox button (or Tools menu) > Options > Security
    There is a checkbox to enable/disable the feature.
    There also is a "Saved Passwords" button to review and remove any passwords you do not want Firefox to keep.
    That tab also has a feature to set a Master Password so that no one can use your saved passwords without knowing the Master Password. You may need to exit Firefox in order for Firefox to ask for that again.
    Related articles:
    * [[Password manager - Remember, delete and change saved passwords in Firefox]]
    * [[Use a Master Password to protect stored logins and passwords]]
    (2) Site-specific permissions
    If you want to use the password manager for other sites but NOT a particular site, you can configure that in the Permissions Manager.
    In a new tab, type or paste '''about:permissions''' in the address bar and press Enter.
    After the page loads, use the search box in the upper left corner to narrow down the list to the site you want to configure. Highlight the site on the left side, and on the right side, choose Block under Store Passwords.
    (3) Form autocomplete suggestions
    Separate from passwords, Firefox remembers entries you've made into forms (in most cases) and lists the matching ones below the form field in a drop-down.
    To clear a suggestion, press the down arrow key to highlight it and press the Delete key.
    To turn off this feature, see this article: [[Control whether Firefox automatically fills in forms with your information]].
    To review and selectively edit or delete form history entries, you need an add-on. For example, you could try this one: https://addons.mozilla.org/firefox/addon/form-history-control/

  • How do I create a new account for an iPod that is on an existing account?  My brother and I have shared an account for five years, and now that I'm moving out, I want to create my own account but still want to be able to play the music I've purchased.

    My brother and I have shared an account for five years, and now that I'm moving out, I want to create my own separate account but still want to be able to play the music I've purchased over five years. 

    In order to continue to play and sync the music you purchased with your old account, you'll need to authorize your new computer/iTunes library to do so.  You can do this by choosing Store -> Authorize This Computer and then entering in your old account credentials.
    That's all you should need to.  Then just create your own account and start purchasing and using it the same you have with the old one.
    B-rock

  • How do I delete one of the user accounts on my computer and not lose the data in that account?

    How do I delete one of the user accounts on my computer and not lose the data in that account?

    I actually have the opposite of this problem. haha.
    https://discussions.apple.com/thread/4484354

  • Acrobat 9.0 Standard. Setting PDF file password from Excel VBA

    Acrobat 9.0 Standard. Setting PDF file password from Excel VBA
    Hi: I am trying to find a call to set the password of a PDF file that I am creating from Excel Workbook using a VBA call.
    I basically have this Excel VBA code that works fine and creates a file.
                pBook.PrintOut Copies:=1, preview:=False, ActivePrinter:="Adobe PDF", _
                               PrintToFile:=True, collate:=True, PrToFileName:=PSFileName
                ' Convert the postscript file to .pdf
                Dim myPDF As PdfDistiller
                Set myPDF = New PdfDistiller     
                myPDF.FileToPDF PSFileName, "", ""
    BUT, I need to set the password on this PDF file and do not see an option to do so.
    Can you provide a solution for this situation? Appreciate your response in advance.
    Thanks.

    There is no way to set password programmatically using any other dll or any other kit?
    I am creating a bunch of PDF files for users programmatically but then they have to go in and set password themselves? This is very inconvenient for users.

  • Photoshop Elements 11 installed on Mac Mini OS X 10.9.5. Application running successfully on bot main user and administrative accounts for considerable time with no warning messages. When established a new user account on same computer and try to call up

    Photoshop Elements 11 installed on Mac Mini OS X 10.9.5. Application running successfully on bot main user and administrative accounts for considerable time with no warning messages. When established a new user account on same computer and try to call up elements receive message “Some ot the application components are missing from the Application directory. Please reinstall the application.” How do I correct this problem without disturbing application in main user account?

    Brooks lansing if you create a new Administrator account does the same issue occur?  If so then it is likely that there is a file permission failure and file permissions have been set for the existing Users instead of the groups they belong to.
    Have you removed and reinstalled Photoshop Elements 11?  This may reset the file permissions to the correct state to allow it to work under new accounts.

  • PowerBook G4 boots to unfamiliar login. List of known user accounts does not appear and original admin user name and password is rejected. What is going on here?

    PowerBook G4 boots to unfamiliar login. List of known user accounts does not appear and original admin user name and password is rejected. What is going on here?

    There are no children, nor other suspicious characters that have "played" with my computer. One moment I'm in, the next time I turn on/restart the powerbook I'm at a screen with the name of the hard drive and two fields: username and password. Not a list with pictures and names ie 'Katie Jo' with an orange icon and 'Guest' with a silhouette of a head.
    In an attempt to remedy this problem, I backed up files using target disk mode and firewire cable. I then, rebooted in single user mode, typed in the correct script and essentially made the computer appear virgin again. Original start up welcome screen display with multiple languages, and then set up prompts such as language, network, and registration. After completing the cues and the "just a few more questions" page, I press continue and am left at a grey standstill, with the continue button greyed out, and no other actions. I'm only able to "go back" by clicking the go back button, all the way to the beginning of the set up, and as I proceed through the steps a second time, I'm greeted with the same halt. What is this?

  • I need to remove my sons ipod and e-mail from my account how do I do it?

    I need to remove my sons ipod and e-mail from my account how do I do it?

    So, why do you think it is attached? Have you tried to set up a new Apple ID for him using his email address? Give it a go to see if you can. Once you have set it up, then that is what he would use to sign in to the iTunes Store on his iPod or when he was on the computer where your iTunes library is (or where his iTunes library is).
    Here's the link to create a new Apple ID:
    https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/createAppleId?loca lang=en_US
    Let me know how it works out or if you have other questions!
    Cheers,
    GB

  • I have an iMac, and have a Verizon DSL account. Recently, my Mac Mail keeps requesting the passwords on my account every few minutes, and will not allow me to send messages using Mac Mail. I cannot edit the outgoing server; how can I send emails?

    I have an iMac, and have a Verizon DSL account (3 email addresses). Recently, my Mac Mail keeps requesting the passwords on my accounts every few minutes, and will not allow me to send messages using Mac Mail (the message says that the outgoing server was rejected. I cannot edit the outgoing server, and the keychain will not save my passwords (the ports are valid). How can I change the outgoing server to send emails, and how can I avoid having Mail request my passwords every 2 minutes? Verizon, as usual, will not provide support to iMacs.

    Is there an email saved in your drafts or outbox folder?  I suspect that Mail is continually trying to send it, and each time Google is rejecting the email message.
    You can open the message and then delete it from your Outbox folder.  Then try removing all @gmail email addresses from it and seeing whether you can send to the other folks.  I suspect that will work.
    With email, if an SMTP server *can* verify email addresses, sometimes it will and it will refuse to send messages.  If a message has to be relayed across servers, no verification is done, and you'll get a bounce if an email address is bad.

  • How to set "User cannot change password" on W2K accounts.

    Hi gurus,
    I need to set (from create user form) "User cannot change password" on W2K accounts.
    I was expected that some value of userAccountControl attribute on AD could do the job, but I realized that it is not so (look also to http://forum.java.sun.com/thread.jspa?threadID=593193&messageID=3108889).
    Thanks for any suggestion.

    Yeah thats right, I have implemented the same using nTSecurityDescriptor attribute

  • HT201342 How do you change passwords in email accounts??? Just got new iPhone and no record of previous passwords.....

    How do you change passwords in email accounts?? Have new iPhone and no record of previous passwords. Dumb I know but I'm in a real bind.....

    See http://support.apple.com/kb/HT5787.  (Your iCloud ID is also an Apple ID.)  If you don't have access to your old email account and can't use security question authentication to reset your password, you'll have to do one of the following to turn off Find My iPhone so you can chang the iCloud account on your phone:
    If you still have access to your old email address, go to https//appleid.apple.com, click Manage my Apple ID and sign in with your iCloud ID.  Tap edit next to the primary email account, tap Edit, change it back to your old email account and verify it.  Then edit the name of the account to change it back to your old email address.  You should then be able to turn off Find My iPhone with your password. Then go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back and change your primary email address and iCloud ID back to the way it was.  You will then be able to go to Settings>iCloud and sign in with your current ID and password to reconnect to your iCloud account.
    If you don't have access to your old email address, you will have to contact Apple to get them to reset the password for it so you can disable Find My iPhone and sign into your iCloud account.  You will have to prove your identity to them in order to do so.  You can either contact iTunes support for assistance with this (https://ssl.apple.com/emea/support/itunes/contact.html), or contact Apple Support (http://www.apple.com/support/icloud/contact/).

  • I have moved and changed ISP from Brighthouse to Verizon.   I am receiving my icloud emails, but the senders are receiving messages that they are undeliverable. I can't find the cause or solution to the problem.  Any thoughts?

    I have moved and changed ISP from Brighthouse to Verizon.   I am receiving my icloud emails, but the senders are receiving messages that they are undeliverable. I can't find the cause or solution to the problem.  Any thoughts? 
    PS. I have deleted Roadrunner accounts, and reset new email account. 

    You can't. The only way to get songs in the Music app is to sync from a computer or to download from iTunes.

  • I lost my email that was linked to my Apple ID and my password from Apple ID it says that it is wrong... What should I do? Hackers?!?

    I lost my email that was linked to my Apple ID and my password from Apple ID it says that it is wrong... What should I do? Hackers?!?
    I can't just create a new Apple ID once my first one was the other one......
    Please help me

    It's unlikely that hackers are the problem, but there's no way of knowing for sure. In the meantime, you've done exactly the right thing: create a new Apple ID (or change the password on your old ID.

Maybe you are looking for